Boundary Protection System Based On Software-Defined Networking

The framework of separated data and control planes in software-defined networking (SDN) with high programmability makes it more flexible to manage and control network traffic. In this paper we propose a boundary protection system based on software defined networking, which is composed of an intrusion detection module (IDM) and a boundary protection module (BPM). The IDM is embedded into the SDN switches on the data plane to realize the monitoring and warning of abnormal events. The BPM is deployed upon the Open Network Operating System (ONOS) controller to install flow rules on the SDN switches on the data plane with the assistance of ONOS controller. It accesses ONOS controller via a Restful API. Once an abnormal event is detected, the IDM reports it to the BPM, the BPM can make intelligent decisions to prevent abnormal packets in the whole network, this promote the defensive capacity of the boundary protection system. Also the BPM realizes functions such as protocol filtering, blacklist controlling, ACL controlling and warning logging.