TY - JOUR
T1 - Implementing an intrusion detection and prevention system using Software-Defined Networking
T2 - Defending against ARP spoofing attacks and Blacklisted MAC Addresses
AU - Girdler, Thomas
AU - Vasilakis, Vasileios
N1 - © 2021 Elsevier Ltd. This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy.
PY - 2021/3/1
Y1 - 2021/3/1
N2 - This work focuses on infiltration methods, such as Address Resolution Protocol (ARP) spoofing, where adversaries sends fabricated ARP messages, linking their Media Access Control (MAC) address to a genuine device’s Internet Protocol (IP) address. We developed a Software-Defined Networking (SDN)-based Intrusion Detection and Prevention System (IDPS), which defends against ARP spoofing and Blacklisted MAC Addresses. This is done by dynamically adjusting SDN’s operating parameters to detect malicious network traffic. Bespoke software was written to conduct the attack tests and customise the IDPS; this was coupled to a specifically developed library to validate user input. Improvements were made to SDN in the areas of attack detection, firewall, intrusion prevention, packet dropping, and shorter timeouts. Our extensive experimental results show that the developed solution is effective and quickly responds to intrusion attempts. In the considered test scenarios, our measured detection and mitigation times are sufficiently low (in the order of a few seconds).
AB - This work focuses on infiltration methods, such as Address Resolution Protocol (ARP) spoofing, where adversaries sends fabricated ARP messages, linking their Media Access Control (MAC) address to a genuine device’s Internet Protocol (IP) address. We developed a Software-Defined Networking (SDN)-based Intrusion Detection and Prevention System (IDPS), which defends against ARP spoofing and Blacklisted MAC Addresses. This is done by dynamically adjusting SDN’s operating parameters to detect malicious network traffic. Bespoke software was written to conduct the attack tests and customise the IDPS; this was coupled to a specifically developed library to validate user input. Improvements were made to SDN in the areas of attack detection, firewall, intrusion prevention, packet dropping, and shorter timeouts. Our extensive experimental results show that the developed solution is effective and quickly responds to intrusion attempts. In the considered test scenarios, our measured detection and mitigation times are sufficiently low (in the order of a few seconds).
U2 - 10.1016/j.compeleceng.2021.106990
DO - 10.1016/j.compeleceng.2021.106990
M3 - Article
SN - 0045-7906
VL - 90
JO - Computers & Electrical Engineering
JF - Computers & Electrical Engineering
M1 - 106990
ER -