English

Safeguard: Security Controls at the Software Defined Network Layer

Cryptography and Security 2026-01-27 v1 Networking and Internet Architecture

Abstract

Improvements in software defined networking allow for policy to be informed and modified by data-driven applications that can adjust policy to accommodate fluctuating requirements at line speed. However, there is some concern that over-correction can occur and cause unintended consequences depending on the data received. This is particularly problematic for network security features, such as machine-learning intrusion detection systems. We present Safeguard, a rule-based policy that overlaps a data-driven policy to prevent unintended responses for edge cases in network traffic. We develop a reference implementation of a network traffic classifier that enforces firewall rules for malicious traffic, and show how additional rulesets to allow known-good traffic are essential in utilizing a data-driven network policy.

Keywords

Cite

@article{arxiv.2601.17355,
  title  = {Safeguard: Security Controls at the Software Defined Network Layer},
  author = {Yi Lyu and Shichun Yu and Joe Catudal},
  journal= {arXiv preprint arXiv:2601.17355},
  year   = {2026}
}
R2 v1 2026-07-01T09:18:23.050Z