With　the　development　of　virtualization　technology　and　fast　expansion　of　network-scale,　SDN　has　been　employed　in　various　cases　from　campus　networks　to　cloud　data　center　networks.　However,　SDN　networks　are　also　facing　some　new　security　issues,　relative　to　the　traditional　networks.　In　this　work,　we　demonstrate　a　novel　network　isolation　attack　in　SDN　networks,　called　Network　Harvesting,　that　lets　an　attacker　can　access　to　the　user＇s　network　privileges　without　the　awareness　of　victim　and　OpenFlow　SDN　architecture,　which　significantly　increases　persistence.　We　then　present　a　defense,　SpoofDefender,　that　prevents　network　isolation　attacks　or　other　spoofing　attacks　by　leveraging　SDN＇s　data　and　control　plane　separation,　global　network　view,　and　programmatic　control　of　the　network,　while　building　upon　IEEE　802.1x　and　encryption.　In　addition,　we　also　implement　SpoofDefender　on　ONOS　1.10.4　and　Mininet　with　a　real　network,　and　extensive　simulation　results　demonstrate　that　our　proposed　SpoofDefender　is　highly　effective　in　terms　of　computation　and　communication　costs.　©　2018　IEEE.