A Framework for Threats Analysis Using Software-Defined Networking

The ability to analyze network threats is very important in security research. Traditional approaches, involving sandboxing technology are limited to simulating a single host, missing local network attacks. This issue is addressed by designing a threat analysis framework that uses software-defined networking for simulating arbitrary networks. The presented system offers flexibility, allowing a security researcher to define a virtual network that is able to capture malicious actions and to be restored to the initial state afterwards. Both the framework design and common usage scenarios are described. By providing this framework, we aim to ease the analysis effort in combating cyberthreats.