Traditional tactical networks fail to achieve cyber resiliency for many reasons, but the most prevalent causes include flat designs, the absence of cyber detection capabilities at the lowest level, and immutable resource allocations after instantiation. These design choices allow network threats direct visibility to each device on the network, and the lack of detection allows infections to proliferate. Furthermore, tactical battlefield networks are difficult to secure because of the lack of persistent oversight by an intelligent agent that can exercise control over the network’s topology or resources in real-time. However, advances in software-defined networking (SDN) provide an opportunity to address many of these shortcomings through the use of intelligent and automated network slicing (NS), network function virtualization (NFV), and dynamic network resource control via orchestration. 

Recent developments in SDN control plane capabilities allow for the deployment of network slices, which are logically segregated virtual networks that share a common infrastructure, while simultaneously guaranteeing quality service (QoS) and resource control in each slice. When NS is coupled with intent based programming, the potential exists to orchestrate the creation of elastic network slices so that a network topology can be changed on-the-fly by an orchestrator to secure the enclave. Intents are an SDN abstraction, and allow for an intelligent orchestrator (or human) to avoid programming network behavior in the traditional sense at the command line, and instead issue only intents so that the network controller can create the necessary conditions required for the intent to be realized. These intents can range from adding communication paths for new hosts, to completely reshaping the network based upon some new stimuli.

Similarly, network function virtualization allows for services such as firewalls, intrusion detection systems, and many more to be virtualized in different parts of the network and called into action only when needed. Their use can lower the computational, storage, and network costs when compared to traditional hardware-based services. Software-defined networking also presents the opportunity to dynamically manage resources in network slices, so that network service delivery can be adjusted in response to increases or changes in network resource demand. 

With these exciting SDN concepts in mind, we seize upon the opportunity to answer the following questions in this work: 1) Can elastic and reconfigurable SDN slices together with dynamic NFV increase cyber resilience when threats penetrate the network? 2) What is the overhead cost associated with SDN slicing and NVF deployment in a small platoon-sized tactical network? and 3) How can SDN slicing and NFV be applied using network and battlefield intelligence to reconfigure the network to support a commander’s mission?

In this dissertation we describe how all of these capabilities (SDN, NS, VNF) can be combined in an automated and intelligent framework to increase network resiliency by identifying network threats in real-time, reshaping the network to respond, mitigate, or anticipate threat effects, recover the network into a secure state, and reallocate resources in support of mission requirements on-the-fly. Furthermore, this dissertation will address the network overhead costs associated with such a technique by measuring the overhead costs at multiple levels. Validation results will illustrate how the framework can be implemented with currently available software, and data will show the effectiveness of the framework at providing cyber defense, attack mitigation, and mission-based resource reallocation.