A Framework for Threats Analysis Using Software-Defined Networking
This work addresses the problem of analyzing local network attacks for security researchers, though it appears incremental as it builds on existing software-defined networking concepts.
The paper tackles the limitation of traditional sandboxing in network threat analysis by introducing a framework that uses software-defined networking to simulate arbitrary networks, enabling the capture of malicious actions and restoration to initial states.
The ability to analyze network threats is very important in security research. Traditional approaches, involving sandboxing technology are limited to simulating a single host, missing local network attacks. This issue is addressed by designing a threat analysis framework that uses software-defined networking for simulating arbitrary networks. The presented system offers flexibility, allowing a security researcher to define a virtual network that is able to capture malicious actions and to be restored to the initial state afterwards. Both the framework design and common usage scenarios are described. By providing this framework, we aim to ease the analysis effort in combating cyberthreats.