An efficient fusion method for Protecting Software-Defined Networks Against ARP Attacks: Analysis and Experimental Validation

Ehab R. Mohamed,Heba M. Mansour,Osama M. El-Komy,,,
DOI: https://doi.org/10.54216/fpa.120101
2023-01-01
Abstract:In this paper, to protect software-defined networks (SDN) from various ARP attacks, we implement a three-dimensional algorithm (TDA). The main objective of TDA is to limit the methods by which attackers can breach SDN privacy and to prevent the three main types of ARP attacks, such as ARP flooding, ARP spoofing, and ARP broadcasting. This work discusses the three different ARP attack types, which are broken down into five different scenarios, and how the proposed solution detects and mitigates each one. We simulated the five attack scenarios by creating five Python scripts utilizing the Scapy library. And then we applied an efficient TDA to restrict the five scenarios of ARP attacks more efficiently and faster than existing methods. TDA provides the Ryu controller with a modified module to detect and mitigate these types of attacks, using a three-dimensional secure channel to analyze incoming ARP packets, which works as a filter that analyzes and filters incoming ARP packets from malicious ones, and then giving the controller the choice to forward or drop the packet. To simulate our investigation and apply our proposed solution, we used a Mininet emulator. To evaluate TDA, we calculated the delay times, accuracy controller's throughput, bandwidth, and other metrics. The results that we showed after applying TDA 100 times on our test scenarios indicate that the accuracy is 99.9% for the three stages and that the detection and mitigation times are very short compared to the existing solutions, which are that the minimum detection time is only from 0.1ms to 3.6ms, and the minimum mitigation time is only from 0.3ms to 2.9ms. We evaluated our algorithm by other important metrics such as controller bandwidth, which ranged from 18 GB/sec to 17.7 GB/sec in the cases before and after the attack and 16.5GB/sec in the case of attack; controller throughput, which recorded 1.72GB/sec in the case under the attack and reached 2.11GB/sec in the case after defense; and CPU utilization, which recorded 30.4% during the attack and reduced to 0.3% after mitigation. These metrics proved that our algorithm achieved the highest efficiency compared to other work in this field.
What problem does this paper attempt to address?