Detection of ARP Spoofing Attacks in Software Defined Networks

Abstract

Software Defined Networks (SDN) are single authority controlled networks that are vulnerable to many threats and requires for a high level of security for their controller. Attackers can intercept communication between network devices using a Man in the Middle technique Address Resolution Protocol (ARP) spoofing, otherwise ARP poisoning. Due to the repeated ARP messages used in this attack to spoof the MAC address of the attacker with the authorized genuine user's IP address, the Software-Defined Network is exposed to security vulnerabilities. This paper proposes an ARP spoofing detection module that monitors the ARP traffic and analyzes inconsistencies after the injection of ARP request packets into the network. This module uses IP-MAC address bindings and checks the same with the incoming packets. The proposed algorithm helps to resolve the problem of ARP spoofing. A RYU controller, open vswitches with host machines, and the generation of attack over the network using arp spoof are all emulated by Mininet. The objective of this work is to detect the ARP attack as early as possible and to initiate the mitigation process to secure the network from the attack. Different network metrics like packet latency, packet loss, detection time, memory consumption, and CPU utilization are examined for the proposed algorithm.