Citadel: Cyber threat intelligence assisted defense system for software-defined networks

Yurekten Ö., DEMİRCİ M.

Computer Networks, vol.191, 2021 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 191
  • Publication Date: 2021
  • Doi Number: 10.1016/j.comnet.2021.108013
  • Journal Name: Computer Networks
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, PASCAL, ABI/INFORM, Aerospace Database, Applied Science & Technology Source, Business Source Elite, Business Source Premier, Communication Abstracts, Compendex, Computer & Applied Sciences, INSPEC, Library and Information Science Abstracts, Library, Information Science & Technology Abstracts (LISTA), Metadex, zbMATH, Civil Engineering Abstracts
  • Keywords: Cyber security, Cyber defense, Cyber threat intelligence, CTI, Software-defined networking, SDN, Network function virtualization, NFV, Service function chaining, SFC, SECURITY
  • Middle East Technical University Affiliated: Yes


© 2021 Elsevier B.V.Defending networks is becoming more challenging due to the growing number and variety of cyber threats. On the other hand, network security professionals have new technologies and tools at their disposal. This paper focuses on a few of these technologies and investigates new ways to take advantage of them. To this end, we present Citadel, a novel security system utilizing cyber threat intelligence (CTI) to construct automated defense solutions in software-defined networking (SDN) environments. Citadel also incorporates network function virtualization (NFV) and service function chaining (SFC) to achieve flexible, cost-efficient, and proactive network defense. We examine CTI data to extract common attacker models and design security services as virtual network functions chained together using SFC to counter these threats. The modular and extensible nature of Citadel makes it suitable for incremental deployment in networks. Besides, we propose a new CTI data model to use as an extension of the existing CTI models for better compatibility with automated network defense. Extensive evaluations demonstrate that our proposals are applicable and effectively facilitate the management of agile defense in SDN/NFV-enabled networks.