A Secure Mechanism to Prevent ARP Spoofing and ARP Broadcasting in SDN

Abstract

Conventional networks had several security problems, some of them solved using Software Defined Networking SDN and some others still exist such as Address Resolution Protocol ARP spoofing. In this paper, the SDN controller has been extended by a module which checks every ARP packet in the network to detect and stop the possible spoofed ones. The drawback of this mechanism begging to appear when the network gets larger and the traffic increase. As a result, this will increase the controller’s CPU load and Roundtrip time. As a solution to this problem, the extended module has been modified to handle ARP traffic to reduce ARP overhead in the network via giving the proxy ARP functionality to the controller. The emulation results showed that the proposed mechanism is robust against ARP spoofing attack and successfully prevented ARP broadcast messages in large networks and improved the response time by centrally responding to ARP requests.