At present, there are a large number of cyber-attacks in global networks, which pose a serious threat to critical infrastructure and cause a large number of potential security risks. In this paper, we discussed the hybrid application of software-defined network technology and honeypot technology to protect critical infrastructure, which can defend against attacks such as advanced persistent threats (APT). Therefore, we propose a honeypot-enable selector based on software defined networking (SDN) technology, which can establish an authentication link through a special packet to achieve access control. Besides, the selector can implement protection without changing the original network topology. Finally, we evaluate our proposed selector through experiments. Experimental results show that the proposed selector can divert packets from non-authenticated sources to the honeypot, which can protect actual devices. Furthermore, the experimental results show that the proposed selector has good forwarding performance.