Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses

Thomas Girdler, Vasileios Vasilakis

Research output: Contribution to journalArticlepeer-review

Abstract

This work focuses on infiltration methods, such as Address Resolution Protocol (ARP) spoofing, where adversaries sends fabricated ARP messages, linking their Media Access Control (MAC) address to a genuine device’s Internet Protocol (IP) address. We developed a Software-Defined Networking (SDN)-based Intrusion Detection and Prevention System (IDPS), which defends against ARP spoofing and Blacklisted MAC Addresses. This is done by dynamically adjusting SDN’s operating parameters to detect malicious network traffic. Bespoke software was written to conduct the attack tests and customise the IDPS; this was coupled to a specifically developed library to validate user input. Improvements were made to SDN in the areas of attack detection, firewall, intrusion prevention, packet dropping, and shorter timeouts. Our extensive experimental results show that the developed solution is effective and quickly responds to intrusion attempts. In the considered test scenarios, our measured detection and mitigation times are sufficiently low (in the order of a few seconds).
Original languageEnglish
Article number106990
Number of pages12
JournalComputers & Electrical Engineering
Volume90
Early online date28 Jan 2021
DOIs
Publication statusPublished - 1 Mar 2021

Bibliographical note

© 2021 Elsevier Ltd. This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy.

Cite this