By the same authors

From the same journal

Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses

Research output: Contribution to journalArticlepeer-review

Author(s)

Department/unit(s)

Publication details

JournalComputers & Electrical Engineering
DateAccepted/In press - 18 Jan 2021
DateE-pub ahead of print - 28 Jan 2021
DatePublished (current) - 1 Mar 2021
Volume90
Number of pages12
Early online date28/01/21
Original languageEnglish

Abstract

This work focuses on infiltration methods, such as Address Resolution Protocol (ARP) spoofing, where adversaries sends fabricated ARP messages, linking their Media Access Control (MAC) address to a genuine device’s Internet Protocol (IP) address. We developed a Software-Defined Networking (SDN)-based Intrusion Detection and Prevention System (IDPS), which defends against ARP spoofing and Blacklisted MAC Addresses. This is done by dynamically adjusting SDN’s operating parameters to detect malicious network traffic. Bespoke software was written to conduct the attack tests and customise the IDPS; this was coupled to a specifically developed library to validate user input. Improvements were made to SDN in the areas of attack detection, firewall, intrusion prevention, packet dropping, and shorter timeouts. Our extensive experimental results show that the developed solution is effective and quickly responds to intrusion attempts. In the considered test scenarios, our measured detection and mitigation times are sufficiently low (in the order of a few seconds).

Bibliographical note

© 2021 Elsevier Ltd. This is an author-produced version of the published paper. Uploaded in accordance with the publisher’s self-archiving policy.

Discover related content

Find related publications, people, projects, datasets and more using interactive charts.

View graph of relations