This disclosure relates to the technical field of computer network security. Computer networks are at risk of a variety of different types of attacks. For example, a network intruder or malicious software may intercept data communications traveling through the network, or initiate commands that disrupt the network's normal operation. Some commonly known types of network attacks include wiretapping, port scanners, idle scans, denial-of-service attacks, spoofing, and cyber-attacks. Traditionally, a network is secured by a implementing a well-defined security policy that is instantiated for the particular network topology. In traditional network environments, the security policy is often deployed and enforced statically and consistently across the entire network infrastructure.
Software-defined networking refers to an approach for building a computer network that allows for programmable network switch infrastructures, in which the rules that determine how the network switches are to process network flows can be dynamically specified and changed. Such programmability is useful, for instance, in the management of virtual computing resources that may be spawned or terminated on demand. The OPENFLOW network model is one example of a protocol that may be used to implement software-defined networking.