Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses

Artigo Acesso aberto Revisado por pares

Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses

2021; Elsevier BV; Volume: 90; Linguagem: Inglês

10.1016/j.compeleceng.2021.106990

ISSN

1879-0755

Autores

Thomas Girdler, Vassilios G. Vassilakis,

Tópico(s)

Internet Traffic Analysis and Secure E-voting

Resumo

This work focuses on infiltration methods, such as Address Resolution Protocol (ARP) spoofing, where adversaries sends fabricated ARP messages, linking their Media Access Control (MAC) address to a genuine device’s Internet Protocol (IP) address. We developed a Software-Defined Networking (SDN)-based Intrusion Detection and Prevention System (IDPS), which defends against ARP spoofing and Blacklisted MAC Addresses. This is done by dynamically adjusting SDN’s operating parameters to detect malicious network traffic. Bespoke software was written to conduct the attack tests and customise the IDPS; this was coupled to a specifically developed library to validate user input. Improvements were made to SDN in the areas of attack detection, firewall, intrusion prevention, packet dropping, and shorter timeouts. Our extensive experimental results show that the developed solution is effective and quickly responds to intrusion attempts. In the considered test scenarios, our measured detection and mitigation times are sufficiently low (in the order of a few seconds).

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses