Spoofing Attack Mitigation in Address Resolution Protocol (ARP) and DDoS in Software-Defined Networking

Abstract

Software Defined Networking (SDN) shows network operations to be performed for efficient network operations. Due to the increase in network devices, the percentage of attacks is also increased, and it is challenging to provide defense against such attacks. In SDN, the control plan is separated from the data plane. The control plan is implemented using some central devices called SDN controllers. In SDN Address Resolution Protocol (ARP), spoofing and Distributed Denial of Services (DDoS) attacks are carried out on an enormous scale. These are commonly launched attacks in SDN. Due to these attacks, the network performance is down, and network services are dead. This paper proposed a new auto detection methodology to detect ARP and DDoS attacks and mitigate SDN networks from these attacks. Additionally, we implemented two algorithms: one for flow rules and the second for attack detection. An individual server was installed to check the malicious traffic installation. We present the new forward flooding rules to detect and mitigate attacks. The experiments are performed using LINUX-based network implementation. Our proposal successfully improves network security and enhances network efficiency.