Harman Y. Ibrahim, Parishan M. Ismael, A. A. Albabawat, A. Al-Khalil
{"title":"A Secure Mechanism to Prevent ARP Spoofing and ARP Broadcasting in SDN","authors":"Harman Y. Ibrahim, Parishan M. Ismael, A. A. Albabawat, A. Al-Khalil","doi":"10.1109/CSASE48920.2020.9142092","DOIUrl":null,"url":null,"abstract":"Conventional networks had several security problems, some of them solved using Software Defined Networking SDN and some others still exist such as Address Resolution Protocol ARP spoofing. In this paper, the SDN controller has been extended by a module which checks every ARP packet in the network to detect and stop the possible spoofed ones. The drawback of this mechanism begging to appear when the network gets larger and the traffic increase. As a result, this will increase the controller’s CPU load and Roundtrip time. As a solution to this problem, the extended module has been modified to handle ARP traffic to reduce ARP overhead in the network via giving the proxy ARP functionality to the controller. The emulation results showed that the proposed mechanism is robust against ARP spoofing attack and successfully prevented ARP broadcast messages in large networks and improved the response time by centrally responding to ARP requests.","PeriodicalId":254581,"journal":{"name":"2020 International Conference on Computer Science and Software Engineering (CSASE)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 International Conference on Computer Science and Software Engineering (CSASE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSASE48920.2020.9142092","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Conventional networks had several security problems, some of them solved using Software Defined Networking SDN and some others still exist such as Address Resolution Protocol ARP spoofing. In this paper, the SDN controller has been extended by a module which checks every ARP packet in the network to detect and stop the possible spoofed ones. The drawback of this mechanism begging to appear when the network gets larger and the traffic increase. As a result, this will increase the controller’s CPU load and Roundtrip time. As a solution to this problem, the extended module has been modified to handle ARP traffic to reduce ARP overhead in the network via giving the proxy ARP functionality to the controller. The emulation results showed that the proposed mechanism is robust against ARP spoofing attack and successfully prevented ARP broadcast messages in large networks and improved the response time by centrally responding to ARP requests.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
