1. Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses.
- Author
-
Girdler, Thomas and Vassilakis, Vassilios G.
- Subjects
- *
SOFTWARE-defined networking , *INTERNET protocols , *ACCESS control , *LIBRARY users - Abstract
This work focuses on infiltration methods, such as Address Resolution Protocol (ARP) spoofing, where adversaries sends fabricated ARP messages, linking their Media Access Control (MAC) address to a genuine device's Internet Protocol (IP) address. We developed a Software-Defined Networking (SDN)-based Intrusion Detection and Prevention System (IDPS), which defends against ARP spoofing and Blacklisted MAC Addresses. This is done by dynamically adjusting SDN's operating parameters to detect malicious network traffic. Bespoke software was written to conduct the attack tests and customise the IDPS; this was coupled to a specifically developed library to validate user input. Improvements were made to SDN in the areas of attack detection, firewall, intrusion prevention, packet dropping, and shorter timeouts. Our extensive experimental results show that the developed solution is effective and quickly responds to intrusion attempts. In the considered test scenarios, our measured detection and mitigation times are sufficiently low (in the order of a few seconds). [Display omitted] • SDN can be used to develop a comprehensive Intrusion Detection and Prevention System. • OpenFlow can be employed to dynamically adjust the network operating parameters. • Experimental results indicate low detection and mitigation times. [ABSTRACT FROM AUTHOR]
- Published
- 2021
- Full Text
- View/download PDF