Application and evaluation of SDN policies for the detection and mitigation of internal and external attacks
DOI:
https://doi.org/10.59169/pentaciencias.v8i1.1777Keywords:
Software-defined networks; cybersecurity; attack mitigatio; control plane; network experimentationAbstract
This experimental study analyzed security in software-defined networks, an architecture that enables centralized, programmable control but presents a critical vulnerability in its control plane. The main objective was to evaluate the effectiveness of a variety of security policies for detecting and mitigating internal and external threats. This analysis was conducted using an experimental approach, following the guidelines of the National Institute of Standards and Technology (NIST) security testing guide, by implementing a simulated network managed by the Ryu controller. Attack scenarios such as denial of service, port scanning, spoofing, and unauthorized access were reproduced. Security policies were enforced thru flow rules, filtering mechanisms, and microsegmentation based on the zero-trust model. The results demonstrated a fast and efficient response, reducing the impact on service latency and availability, while also optimizing the use of system resources. In conclusion, this work validates a reproducible experimental model that integrates security best practices, demonstrating that these architectures are effective platforms for strengthening cybersecurity in modern network infrastructures.
Downloads
References
Jaigirdar, F. T., Jayatilaka, A., & Babar, M. A. (2026). Software vulnerability management in IoT systems: a systematic mapping study. Cybersecurity, 9(1), 96. https://link.springer.com/content/pdf/10.1186/s42400-025-00543-6.pdf
Khan, N., Bin Salleh, R., Koubaa, A., Khan, Z., Khan, M. K., & Ali, I. (2023). Data plane failure and its recovery techniques in SDN: A systematic literature review. Journal of King Saud University-Computer and Information Sciences, 35(3), 176-201. https://www.sciencedirect.com/science/article/pii/S1319157823000307
Liu, J., Li, Y., Wang, H., Jin, D., Su, L., Zeng, L., & Vasilakos, T. (2016). Leveraging software-defined networking for security policy enforcement. Information Sciences, 327, 288-299. http://fi.ee.tsinghua.edu.cn/~wanghuandong/papers/infs16.pdf
Quirumbay Yagual, D. I., Castillo Yagual, C. A., & Coronel Suárez, I. A. (2022). Una revisión del aprendizaje profundo aplicado a la ciberseguridad. Revista Científica y Tecnológica UPSE (RCTU), 9(1), 57-65. http://scielo.senescyt.gob.ec/scielo.php?pid=S1390-76972022000200057&script=sci_arttext
Rodríguez Herlein, D. R., Talay, C. A., González, C. N., & Marrone, L. A. (2020). Explorando las redes definidas por software (SDN). XXII Workshop de Investigadores en Ciencias de la Computación (WICC 2020, El Calafate, Santa Cruz).
Sánchez-García, I. D., Rea-Guaman, A., Feliu, T. S., & Calvo-Manzano, J. A. (2024). Auditoría de riesgos de ciberseguridad: Revisión de Literatura, propuesta y aplicación. RISTI-Revista Ibérica de Sistemas e Tecnologias de Informação(53), 69-87. https://scielo.pt/scielo.php?pid=S1646-98952024000100069&script=sci_arttext&tlng=es
Shaji, N. S., & Muthalagu, R. (2024). Survey on security aspects of distributed software-defined networking controllers in an enterprise SD-WLAN. Digital Communications and Networks, 10(6), 1716-1731. https://www.sciencedirect.com/science/article/pii/S2352864823001517
Velez Mejia, C. L. (2018). Análisis de Seguridad en Redes SDN (Redes definidas por software). https://repository.unad.edu.co/bitstream/handle/10596/27165/%20clvelezm.pdf?sequence=1
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Revista Científica Arbitrada Multidisciplinaria PENTACIENCIAS - ISSN 2806-5794.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
