ABSTRACT
Software-Defined Security is an approach to implementing, managing and controlling information security in a computing environment using the software. The security components such as intrusion detection, access control, network segmentation are automated and managed through software. There is very limited or no hardware-based security dependence. The software-defined networking framework helps in managing and orchestrating the security needs of an organization in an intelligent fashion.
The Intelligent Software-Defined Security (ISDS) that we discuss in this chapter comprises of key properties of an intelligent software system such as situation awareness, self-healing, end-to-end monitoring, network analytic capability, and feedback mechanism to dynamically reconfigure the network in case of any compromising activity.
We discuss some important architectural considerations in the application of Machine Learning (ML) and Artificial Intelligence (AI) in security in Section 11.1. Different ML and AI techniques such as neural networks, expert systems, learning mechanisms along with their security applications have been briefly discussed in this section. Additionally, we use an intrusion detection system (IDS) as an example to showcase the application of intelligence in the field of security in Section 11.1. SDN-based intelligent security design that incorporates ML and AI have been described in Section 11.1.4. Section 11.2 has been dedicated to the study of advanced persistent threats (APTs). The difference between traditional attacks and APTs, examples of most notable APT events and vulnerabilities have been discussed in this section. The techniques used in detection and mitigation of APT have been discussed in Subsection 11.2.4. Subsection 11.2.5 describes the use of SDN based microsegmentation and defense-in-depth security to disrupt the propagation of APTs. Section 11.3 has been dedicated to the study of problems associated with the application of intelligence in security such as variance in network traffic, high cost or errors because of incorrect attack prediction.
