XIA Jing, CAI Zhiping, HU Gang, XU Ming. An Active Defense Solution for ARP Spoofing in OpenFlow Network[J]. Chinese Journal of Electronics, 2019, 28(1): 172-178. doi: 10.1049/cje.2017.12.002
Citation: XIA Jing, CAI Zhiping, HU Gang, XU Ming. An Active Defense Solution for ARP Spoofing in OpenFlow Network[J]. Chinese Journal of Electronics, 2019, 28(1): 172-178. doi: 10.1049/cje.2017.12.002

An Active Defense Solution for ARP Spoofing in OpenFlow Network

doi: 10.1049/cje.2017.12.002
Funds:  This work is supported by the National Natural Science Foundation of China(No.61379145, No.61379144, No.61501482).
More Information
  • Corresponding author: CAI Zhiping (corresponding author) received the B.S., M.S., and Ph.D. degrees in computer science from NUDT, China, in 1996, 2002, and 2005, respectively. Now, he is a professor of College of Computer, NUDT. His current research interests include network security and big data. He is a senior member of CCF. (Email:zpcai@nudt.edu.cn)
  • Received Date: 2017-03-27
  • Rev Recd Date: 2017-06-05
  • Publish Date: 2019-01-10
  • As an emerging network technology, Software-defined network (SDN), has been rapidly developing for recent years due to its advantage in network management and updating. There are still a lot of open problems while applying this novel technology in reality, especially for meeting security demands. The Address resolution protocol (ARP) spoofing, a representative network attack in traditional networks is investigated. We implement the ARP spoofing in SDN network firstly and find that the threat of ARP attack still exists and has big impact on the network. We propose a novel mechanism as defense solution for ARP spoofing oriented to OpenFlow platform. Theoretical analyzation is given, and the mechanism is implemented as a module of POX controller. Experiment results and performance evaluations show that our solution can reduce the security threat of ARP spoofing remarkably on OpenFlow platform and related SDN platforms.
  • loading
  • Y.A. Shu, "Heterogeneous networking architecture based on SDN", Chinese Journal of Electronics, Vol.26, No.1, pp.166-171, 2017.
    N. McKeown, T. Anderson, H. Balakrishnan, etal., "OpenFlow:Enabling innovation in campus networks", ACM SIGCOMM Computer Communication Review, Vol.38, No.2, pp.69-74, 2008.
    Z.-P. Cai, Z.-J. Wang, K. Zheng, etal., "A distributed TCAM coprocessor architecture for integrated longest prefix matching, policy filtering, and content filtering", IEEE Transaction on Computers, Vol.62, No.3, pp.417-427, 2013.
    W. Wang, W. He and J. Su, "Network intrusion detection and prevention middlebox management in SDN", 2015 IEEE 34th International Performance Computing and Communications Conference (IPCCC), Nanjing, China, pp.1-8, 2015.
    Open Networking Foundation, "OpenFlow Switch Specification-Version 1.4.0", available at https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow/openflow-spec-v1.4.0.pdf,2013-10-14.
    Y. Bhaiji, "Network security technologies and solutions", CCIE professional development series, 2008.
    I. Teterin. "Antidote". available at http://online.securityfocus.com/archive/1/299929,2002-11-14.
    R. Philip, "Securing wireless networks from arp cache poisoning", available at http://www.cs.sjsu.edu/faculty/stamp/students/Roney298report.pdf,2007-05.
    D. Bruschi, A. Ornaghi and E. Rosti, "S-arp:A secure address resolution protocol", Proc. of the IEEE 19th Annual Computer Security Applications Conference, Las Vegas, NV, USA, pp.66-74, 2003.
    W. Lootah, W. Enck and P. McDaniel, "Tarp:Ticket-based address resolution protocol", Computer Networks, Vol.51, No.15, pp.4322-4337, 2007.
    S. Y. Nam, D. Kim, J. Kim, et al., "Enhanced arp:Preventing arp poisoning-based man-in-the-middle attacks", IEEE Communications Letters, Vol.14, No.2, pp.187-189, 2010.
    S. Y. Nam, S. Djuraev and M. Park, "Collaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks", Computer Networks, Vol.57, No.18, pp.3866-3884, 2013.
    D. Kreutz, F. Ramos, P. Esteves Verissimo, et al., "Softwaredefined networking:A comprehensive survey", Proceedings of the IEEE, Vol.103, No.1, pp.14-16, 2015.
    A. Crenshaw. "Security and software defined networking:Practical possibilities and potential pitfalls", available at http://www.irongeek.com/i.php?page=security/security-andsoftware-defined-networking-sdn-openflow,2013.
    J.H. Cox, R.J. Clark and H.L. Owen, "Leveraging SDN for ARP security", SoutheastCon 2016, Norfolk, VA, USA, pp.1-8, 2016.
    A. Nehra, M. Tripathi and M.S. Gaur, "FICUR:Employing SDN programmability to secure ARP", 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), Las Vega, NV, USA, pp.1-8, 2017.
    S. Whalen. "An introduction to arp spoofing", available at https://www.security-audit.com/files/intro to arp spoofing.pdf, 2001.
  • 加载中


    通讯作者: 陈斌, bchen63@163.com
    • 1. 

      沈阳化工大学材料科学与工程学院 沈阳 110142

    1. 本站搜索
    2. 百度学术搜索
    3. 万方数据库搜索
    4. CNKI搜索

    Article Metrics

    Article views (142) PDF downloads(1069) Cited by()
    Proportional views


    DownLoad:  Full-Size Img  PowerPoint