Menu
Publications
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
Editor-in-Chief
Nikiforov
Vladimir O.
D.Sc., Prof.
Partners
doi: 10.17586/2226-1494-2021-21-3-401-409
An efficient mechanism to detect and mitigate an ARP spoofing attack in software-defined networks
Read the full article ';
Article in English
For citation:
Abstract
For citation:
Darwesh G., Vorobeva A.A., Korzhuk V.M. An efficient mechanism to detect and mitigate an ARP spoofing attack in software-defined networks. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2021, vol. 21, no. 3, pp. 401–409. doi: 10.17586/2226-1494-2021-21-3-401-409
Abstract
The work focuses on software-defined network security, as it was always one of these foremost critical concerns due to the centralized nature in SDN architecture where many serious attacks in traditional networks still appear in SDN networks such as ARP spoofing attack despite many existing security algorithms, methods and systems. In this work, we proposed a new approach to secure SDN from an ARP poisoning attack. The new solution extends the controller with a new module that uses a new algorithm to detect and mitigate the ARP spoofing attacks according to three states of each host in the network. The new mechanism involves the DHCP and manual assignment of IP addresses using three classes to classify the hosts according to their situations in the network. The CHT helps to set the host in an intermediate state between verifying and banning and detect the attack according to the next step of the host. The proposed mechanism was tested successfully in a simulated environment using Mininet and POX controller. The solution was effectively able to accomplish the objective for which it was built, with a limited overhead on the network. This proposed solution neither has an extra overload in the network, nor requires any changes in the infrastructure or additional hardware to install. According to the experiment results of this solution, the average time to detect the ARP spoofing attack is about 11 ms, with minor overhead on the controller CPU.
Keywords: ARP, Software-Defined Networking (SDN), ARP cache poisoning attack, ARP spoofing, SDN security, OpenFlow security
References
References
1. Kreutz D., Ramos F.M.V., Verissimo P.E., Rothenberg C.E., Azodolmolky S., Uhlig S. Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 2015, vol. 103, no. 1, pp. 14–76. doi: 10.1109/JPROC.2014.2371999
2. Dhawan M., Poddar R., Mahajan K., Mann V. SPHINX: Detecting security attacks in software-defined networks. Proc. 2015 Network and Distributed System Security Symposium, 2015, pp. 8–11. doi: 10.14722/ndss.2015.23064
3. Hong S., Xu L., Wang H., Gu G. Poisoning network visibility in software-defined networks: New attacks and countermeasures. Proc. 2015 Network and Distributed System Security Symposium, 2015. doi: 10.14722/ndss.2015.23283
4. Feamster N., Rexford J., Zegura E. The Road to SDN: An intellectual history of programmable networks. Queue, 2013, vol. 11, no. 12, pp. 2560327. doi: 10.1145/2559899.2560327
5. Nathan A.J. Scobell A. How China sees America: The Sum of Beijing's Fears. Foreign Affairs, 2012, vol. 91, no. 5, pp. 32–47.
6. Droms R. RFC 2131 - Dynamic Host Configuration Protocol. 1997. Available at: https://tools.ietf.org/html/rfc2131 (accessed: 04.11.2020).
7. Plummer D. An Ethernet Address Resolution Protocol: Or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware. doi: 10.17487/RFC0826
8. Nehra A., Tripathi M., Gaur M.S. FICUR: Employing SDN programmability to secure ARP. Proc. 7th IEEE Annual Computing and Communication Workshop and Conference. (CCWC), 2017, pp. 7868450. doi: 10.1109/CCWC.2017.7868450
9. Alharbi T., Durando D., Pakzad F., Portmann M. Securing ARP in Software Defined Networks. Proc. 41st IEEE Conference on Local Computer Networks (LCN), 2016, pp. 523–526. doi: 10.1109/LCN.2016.83
10. Jehan N. Haneef A.M. Scalable Ethernet Architecture using SDN by Suppressing broadcast traffic. Proc. 5th International Conference on Advances in Computing and Communications (ICACC), 2015, pp. 24–27. doi: 10.1109/ICACC.2015.66
11. De Oliveira R., Shinoda A., Schweitzer C., Iope R., Prete L. L3-ARPSec – A Secure Openflow Network Controller Module to control and protect the Address Resolution Protocol. Proc. XXXIII Simpósio Brasileiro de Telecomunicações, 2015, pp. 1–4. doi: 10.14209/sbrt.2015.29
12. Jero S., Koch W., Skowyra R., Okhravi H., Nita-Rotaru C., Bigelow D. Identifier binding attacks and defenses in software-defined networks. Proc. 26th USENIX Security Symposium, 2017, pp. 415–432.
13. Balagopal D., Rani X.A.K. NetWatch: Empowering software-defined network switches for packet filtering. Proc. 1st International Conference on Applied and Theoretical Computing and Communication Technology (iCATccT), 2015, pp. 837–840. doi: 10.1109/ICATCCT.2015.7456999
14. Cox J.H., Clark R.J., Owen H.L. Leveraging SDN for ARP security. Proc. IEEE SoutheastCon 2016, 2016, pp. 7506644. doi: 10.1109/SECON.2016.7506644
15. Shah Z., Cosgrove S. Mitigating ARP Cache Poisoning attack in Software-Defined Networking (SDN): A survey. Electronics, 2019, vol. 8, no. 10, pp. 1095. doi: 10.3390/electronics8101095
16. Bruschi D., Ornaghi A., Rosti E. S-ARP: A secure address resolution protocol. Proc. 19th Annual Computer Security Applications Conference (ACSAC), 2003, pp. 66–74. doi: 10.1109/CSAC.2003.1254311
17. Hou X., Jiang Z., Tian X. The detection and prevention for ARP Spoofing based on Snort. Proc. 2010 International Conference on Computer Application and System Modeling (ICCASM), 2010, pp. V5137–V5139. doi: 10.1109/ICCASM.2010.5619113
18. Ortega A.P., Marcos X.E., Chiang L.D., Abad C.L. Preventing ARP cache poisoning attacks: A proof of concept using OpenWrt. Proc. 6th IEEE/IFIP Latin American Network Operations and Management Symposium (LANOMS), 2009, pp. 5338799. doi: 10.1109/LANOMS.2009.5338799