Enhancing security in Software-Defined Networks: An approach to efficient ARP spoofing attacks detection and mitigation

Abstract

The proliferation of Software-Defined Networks (SDNs) has introduced unparalleled flexibility and efficiency to network management, but at the same time, it has introduced new challenges in securing network infrastructures. Among these challenges, Address Resolution Protocol (ARP) spoofing attacks remain a pervasive threat, compromising network integrity and data confidentiality. In this manuscript, we present an approach to ARP spoofing mitigation within SDNs, addressing the limitations of existing methodologies. Our proposed solution employs a multifaceted strategy that combines dynamic ARP cache management, real-time traffic analysis, and adaptive flow rule orchestration. Central to our approach is a dedicated device that continuously monitors the network topology and detects any deviations from established norms. Notably, our solution adapts seamlessly to networks of varying sizes, ensuring scalability and efficacy across diverse infrastructures. One of our key contributions is the integration of a deep learning-based Deep Neural Network (DNN) model to detect and mitigate ARP spoofing attacks. Leveraging a self-generated ARP spoofing dataset from SDN environments, our model demonstrates exceptional accuracy and adaptability, enhancing the network’s capability to identify and counter such threats effectively. Our approach showcases exceptional reliability, achieving 100% accuracy rate in detection of ARP spoofing, which is crucial for sustaining network responsiveness.