Volume 12 , Issue 1 , PP: 08-23, 2023 | Cite this article as | XML | Html | PDF | Full Length Article
Ehab R. Mohamed 1 * , Heba M. Mansour 2 , Osama M. El-Komy 3
Doi: https://doi.org/10.54216/FPA.120101
In this paper, to protect software-defined networks (SDN) from various ARP attacks, we implement a three-dimensional algorithm (TDA). The main objective of TDA is to limit the methods by which attackers can breach SDN privacy and to prevent the three main types of ARP attacks, such as ARP flooding, ARP spoofing, and ARP broadcasting. This work discusses the three different ARP attack types, which are broken down into five different scenarios, and how the proposed solution detects and mitigates each one. We simulated the five attack scenarios by creating five Python scripts utilizing the Scapy library. And then we applied an efficient TDA to restrict the five scenarios of ARP attacks more efficiently and faster than existing methods. TDA provides the Ryu controller with a modified module to detect and mitigate these types of attacks, using a three-dimensional secure channel to analyze incoming ARP packets, which works as a filter that analyzes and filters incoming ARP packets from malicious ones, and then giving the controller the choice to forward or drop the packet. To simulate our investigation and apply our proposed solution, we used a Mininet emulator. To evaluate TDA, we calculated the delay times, accuracy controller's throughput, bandwidth, and other metrics. The results that we showed after applying TDA 100 times on our test scenarios indicate that the accuracy is 99.9% for the three stages and that the detection and mitigation times are very short compared to the existing solutions, which are that the minimum detection time is only from 0.1ms to 3.6ms, and the minimum mitigation time is only from 0.3ms to 2.9ms. We evaluated our algorithm by other important metrics such as controller bandwidth, which ranged from 18 GB/sec to 17.7 GB/sec in the cases before and after the attack and 16.5GB/sec in the case of attack; controller throughput, which recorded 1.72GB/sec in the case under the attack and reached 2.11GB/sec in the case after defense; and CPU utilization, which recorded 30.4% during the attack and reduced to 0.3% after mitigation. These metrics proved that our algorithm achieved the highest efficiency compared to other work in this field.
Software-defined networks , ARP spoofing , ARP flooding , ARP broadcasting , scapy library , Ryu controller
[1] J. Xia, Z. Cai, G. Hu, and M. Xu, “An active defense solution for ARP spoofing in OpenFlow network,” Chinese Journal of Electronics, vol. 28, no. 1, pp. 172–178, 2019.
[2] I. Ahmad, S. Namal, M. Ylianttila, and A. Gurtov, “Security in software defined networks: A survey,” IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2317–2346, 2015.
[3] S. Sun, X. Fu, B. Luo, and X. Du, “Detecting and mitigating ARP attacks in SDN-based cloud environment,” in IEEE INFOCOM 2020-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), IEEE, 2020, pp. 659–664.
[4] H. Y. Ibrahim, P. M. Ismael, A. A. Albabawat, and A. B. Al-Khalil, “A secure mechanism to prevent ARP spoofing and ARP broadcasting in SDN,” in 2020 International Conference on Computer Science and Software Engineering (CSASE), IEEE, 2020, pp. 13–19.
[5] S. Buzura, M. Lehene, B. Iancu, and V. Dadarlat, “An Extendable Software Architecture for Mitigating ARP Spoofing-Based Attacks in SDN Data Plane Layer,” Electronics (Basel), vol. 11, no. 13, p. 1965, 2022.
[6] M. N. Munther, F. Hashim, N. A. A. Latiff, K. A. Alezabi, and J. T. Liew, “Scalable and secure SDN based ethernet architecture by suppressing broadcast traffic,” Egyptian Informatics Journal, vol. 23, no. 1, pp. 113–126, 2022.
[7] N. Ahuja, G. Singal, D. Mukhopadhyay, and A. Nehra, “Ascertain the efficient machine learning approach to detect different ARP attacks,” Computers and Electrical Engineering, vol. 99, p. 107757, 2022.
[8] V. K. Tchendji, F. Mvah, C. T. Djamegni, and Y. F. Yankam, “E2BaSeP: Efficient Bayes based security protocol against ARP spoofing attacks in SDN architectures,” Journal of Hardware and Systems Security, vol. 5, no. 1, pp. 58–74, 2021.
[9] T. Girdler and V. G. Vassilakis, “Implementing an intrusion detection and prevention system using software-defined networking: defending against ARP spoofing attacks and blacklisted MAC addresses,” Computers & Electrical Engineering, vol. 90, p. 106990, 2021.
[10] A. Majumdar, S. Raj, and T. Subbulakshmi, “ARP poisoning detection and prevention using Scapy,” in Journal of Physics: Conference Series, IOP Publishing, 2021, p. 012022.
[11] H. Y. Ibrahim, P. M. Ismael, A. A. Albabawat, and A. B. Al-Khalil, “A secure mechanism to prevent ARP spoofing and ARP broadcasting in SDN,” in 2020 International Conference on Computer Science and Software Engineering (CSASE), IEEE, 2020, pp. 13–19.
[12] A. M. AbdelSalam, A. B. El-Sisi, and V. Reddy, “Mitigating ARP spoofing attacks in software-defined networks,” in 2015 25th International Conference on Computer Theory and Applications (ICCTA), IEEE, 2015, pp. 126–131.
[13] S. G. Bhirud and V. Katkar, “Light weight approach for IP-ARP spoofing detection and prevention,” in 2011 Second Asian Himalayas International Conference on Internet (AH-ICI), IEEE, 2011, pp. 1–5.
[14] X. Hou, Z. Jiang, and X. Tian, “The detection and prevention for ARP Spoofing based on Snort,” in 2010 International Conference on Computer Application and System Modeling (ICCASM 2010), IEEE, 2010, pp. V5-137.
[15] V. Ramachandran and S. Nandi, “Detecting ARP spoofing: An active technique,” in International conference on information systems security, Springer, 2005, pp. 239–250.
[16] D. Bruschi, A. Ornaghi, and E. Rosti, “S-ARP: a secure address resolution protocol,” in 19th Annual Computer Security Applications Conference, 2003. Proceedings., IEEE, 2003, pp. 66–74.
[17] H.-C. Wei, Y.-H. Tung, and C.-M. Yu, “Counteracting UDP flooding attacks in SDN,” in 2016 IEEE NetSoft Conference and Workshops (NetSoft), IEEE, 2016, pp. 367–371.
[18] H. Y. Ibrahim, P. M. Ismael, A. A. Albabawat, and A. B. Al-Khalil, “A secure mechanism to prevent ARP spoofing and ARP broadcasting in SDN,” in 2020 International Conference on Computer Science and Software Engineering (CSASE), IEEE, 2020, pp. 13–19.
[19] H. Aldabbas and R. Amin, “A novel mechanism to handle address spoofing attacks in SDN based IoT,” Cluster Comput, vol. 24, no. 4, pp. 3011–3026, 2021.