ARP Poisoning Attack Detection Based on ARP Update State in Software-Defined Networks

Kim, Youngpin; Ahn, Sung-Won; Thang, Nguyen Canh; Choi, Dongho; Park, Min‐Ho

doi:10.1109/icoin.2019.8718158

Cited by 8 publications

(6 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ARP State Update is another solution proposed in [36]. The authors in [36] were of the view that the ARP spoofing attack tools generate repetitive ARP reply packets, which can be used to detect an ARP Cache Poisoning attack. This solution is run as a module on the Controller and it maintains IP-MAC bindings in a table.…”

Section: Arp State Updatementioning

confidence: 99%

“…Simulations carried out in Mininet with POX Controller and four hosts show that the proposed solution successfully detects the ARP Cache Poisoning attack. However, how this solution detects ARP Cache Poisoning attack carried out via ARP request packets is not explained in [36]. Additionally, authors in [36] have chosen 1 s or 2 s as the timer value with no explanation.…”

Section: Arp State Updatementioning

confidence: 99%

“…However, how this solution detects ARP Cache Poisoning attack carried out via ARP request packets is not explained in [36]. Additionally, authors in [36] have chosen 1 s or 2 s as the timer value with no explanation. Moreover, attack detection time is not calculated by the authors.…”

Section: Arp State Updatementioning

confidence: 99%

“…Therefore, it is important to calculate how much CPU is utilized by any solution. As shown in Table 5, many solutions, e.g., [5,6,12,31,32,36,40,41] have not considered this metric. Future research in this area should consider calculating CPU utilization of the Controller for their proposed solution.…”

Section: Cpu Utilization Of the Controllermentioning

confidence: 99%

See 3 more Smart Citations

Mitigating ARP Cache Poisoning Attack in Software-Defined Networking (SDN): A Survey

Shah

Cosgrove

2019

Electronics

View full text Add to dashboard Cite

Address Resolution Protocol (ARP) is a widely used protocol that provides a mapping of Internet Protocol (IP) addresses to Media Access Control (MAC) addresses in local area networks. This protocol suffers from many spoofing attacks because of its stateless nature and lack of authentication. One such spoofing attack is the ARP Cache Poisoning attack, in which attackers poison the cache of hosts on the network by sending spoofed ARP requests and replies. Detection and mitigation of ARP Cache Poisoning attack is important as this attack can be used by attackers to further launch Denial of Service (DoS) and Man-In-The Middle (MITM) attacks. As with traditional networks, an ARP Cache Poisoning attack is also a serious concern in Software Defined Networking (SDN) and consequently, many solutions are proposed in the literature to mitigate this attack. In this paper, a detailed survey on various solutions to mitigate ARP Cache Poisoning attack in SDN is carried out. In this survey, various solutions are classified into three categories: Flow Graph based solutions; Traffic Patterns based solutions; IP-MAC Address Bindings based solutions. All these solutions are critically evaluated in terms of their working principles, advantages and shortcomings. Another important feature of this survey is to compare various solutions with respect to different performance metrics, e.g., attack detection time, ARP response time, calculation of delay at the Controller etc. In addition, future research directions are also presented in this survey that can be explored by other researchers to propose better solutions to mitigate the ARP Cache Poisoning attack in SDN.

show abstract

Section: Arp State Updatementioning

confidence: 99%

Section: Arp State Updatementioning

confidence: 99%

Section: Arp State Updatementioning

confidence: 99%

Section: Cpu Utilization Of the Controllermentioning

confidence: 99%

See 2 more Smart Citations

Mitigating ARP Cache Poisoning Attack in Software-Defined Networking (SDN): A Survey

Shah

Cosgrove

2019

Electronics

View full text Add to dashboard Cite

show abstract

“…The ARPWATCH monitors the ARP request packets to each destination and ARP central server (ACS) determines the possibility of attacker host through forged ARP cache table. Kim et al, [23] developed an ARP poisoning attack detection model based on ARP update state of the frequent ARP reply packets. This model outperforms the vulnerabilities of the SDN networks and provides high accurate detection of attackers.…”

Section: Sm-arp: Stochastic Markovian Gamementioning

confidence: 99%

SM ARP Stochastic Markovian Game Model for Packet Forwarding Based ARP Spoofing Attacks Detection

Divya¹,

Christopher²

2019

IJEAT

View full text Add to dashboard Cite

Address Resolution Protocol (ARP) spoofing attacks have become the most pivotal attacks in deteriorating the performance of computer networks. The objective of this paper is to develop SM-ARP, Stochastic Markovian game model based ARP spoofing attack detection scheme.Although many recent techniques have been developed to detect and protect against ARP spoofing attacks, the practical challenges has led to ineffective utilization. The major challenge is that the attackers employing ARP spoofing tend to alter the attack strategy at each point and increases the difficulty in detection and security implementations. The packet forwarding relaying is one suchattack strategy which is harder to detect using traditionally proven methodologies. This paper tackles the packet forwarding relay strategy based ARP spoofing attack strategy by using the proposed SM-ARPto eliminate the attack in a practically feasible manner. The proposed model utilizes a stationary Markov model for optimizing the packet forwarding behaviour of the networks. When an ARP spoofing attack is initiated, the SM-ARP model tracks the changes in the packet forwarding patterns through cache table and detects the misbehaviours. As a security measure, these misbehaved nodes are entitled to recovery and repair process to restore the network to stabilized state. Experiments are conducted to evaluate the performance of SM-ARP in an application for student marks management system. The results prove that the proposed SM-ARP model improves the detection of ARP spoofing attacks with accuracy of 88.2% and also reduces the complexity and errors.

show abstract

E2BaSeP: Efficient Bayes Based Security Protocol Against ARP Spoofing Attacks in SDN Architectures

et al. 2020

View full text Add to dashboard Cite

ARP Poisoning Attack Detection Based on ARP Update State in Software-Defined Networks

Cited by 8 publications

References 3 publications

Mitigating ARP Cache Poisoning Attack in Software-Defined Networking (SDN): A Survey

Mitigating ARP Cache Poisoning Attack in Software-Defined Networking (SDN): A Survey

SM ARP Stochastic Markovian Game Model for Packet Forwarding Based ARP Spoofing Attacks Detection

E2BaSeP: Efficient Bayes Based Security Protocol Against ARP Spoofing Attacks in SDN Architectures

Contact Info

Product

Resources

About