Mechanism for detection and mitigation of address resolution protocol spoofing attacks in large-scale software-defined networks
No Thumbnail Available
Date
2025-03
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
NM-AIST
Abstract
Address Resolution Protocol (ARP) spoofing has been a long-standing problem, with no clear remedy until now. The attacks can be launched easily, utilizing an enormous number of publicly available tools on the web. However, they are extremely tough to counterattack due to ARP's stateless nature for not authenticating ARP replies for subsequent requests. Previous studies have demonstrated significant efforts to counterattack these assaults in Software Defined Networks (SDN). However, they mainly focused on detecting the assaults, with little effort being made to address performance bottlenecks, scalability, and Single Point of Failure (SPOF) issues in large-scale LANs. This study focuses on developing ARP spoofing attacks detection and mitigation mechanism in large-scale SDN that is resistant to SPOF, performance bottlenecks, and scalability constraints. It enables controllers to intercept and analyze incoming ARP packets, learn address mappings, and store them in the application’s memory for ongoing ARP cache comparisons while maintaining a global ARP cache in the controller. Simulation experiments were carried out in a closed network environment to
precisely monitor network traffic and result patterns. Mininet and Open Network Operating System were used to implement the data plane and OpenFlow-based control plane, respectively. The results show that the proposed solution is resistant to ARP spoofing attacks, with an average detection and mitigation time of 4.3 and 26.19 milliseconds, respectively. Further significant improvement has been observed in alleviating SPOF, performance bottlenecks, and scalability constraints. Further improvement can be done to enhance the proposed solution to counterattack multiple types of assaults through machine learning models.
Sustainable Development Goals
SDG-11:Supports sustainable digital infrastructure in smart cities.
SDG-16:Promotes secure information systems and digital trust.
SDG-17:Encourages open-source collaboration and technology sharing.