A SDN-based deployment framework for Computer Network Defense Policy

Computer Network Defense Policy is a kind of policy-based network management method which aims to achieve specific security objectives. Although it brings much efficiency in the field of computer network defense, it can´t be widely used because the existing Computer Network Defense Policy models are all proposed on P2DRR architecture and lack specific deployment framework as well as methods. In this paper, we utilize programmability and centralized control of software defined networking and propose a SDN-based deployment framework. Also, we come up with defense selection method and ?traffic steering? method for policy deployment. The implementation and experiments in cloud environment shows that under the proposed framework, we can execute the process of policy resolution and configuration deployment automatically and correctly.