OrchSec: An orchestrator-based architecture for enhancing network-security using Network Monitoring and SDN Control functions

The original design of the Internet did not take network security aspects into consideration, instead it aimed to facilitate the process of information exchange between end-hosts. Consequently, many protocols that are part of the Internet infrastructure expose a set of vulnerabilities that can be exploited by attackers. To reduce these vulnerabilities, several security approaches were introduced as a form of add-ons to the existing Internet architecture. However, these approaches have their drawbacks (e.g., lack of centralized control, and automation). In this paper, to address these drawbacks, the features provided by Software Defined Networking (SDN) such as network-visibility, centralized management and control are considered for developing security applications. Although the SDN architecture provides features that can aid in the process of network security, it has some deficiencies when it comes to using SDN for security. To address these deficiencies, several architectural requirements are derived to adapt the SDN architecture for security use cases. For this purpose, OrchSec, an Orchestrator-based architecture that utilizes Network Monitoring and SDN Control functions to develop security applications is proposed. The functionality of the proposed architecture is demonstrated, tested, and validated using a security application.