E2BaSeP: Efficient Bayes Based Security Protocol Against ARP Spoofing Attacks in SDN Architectures

Virtual networks, just like classical IP networks, usually face many external threats such as ARP spoofing attacks. These attacks come from Address Resolution Protocol (ARP) vulnerabilities. Indeed, the ARP protocol can allow a virtual machine to be identified by one or more IP-MAC pairs, thus facil...

Full description

Saved in:
Bibliographic Details
Published inJournal of hardware and systems security Vol. 5; no. 1; pp. 58 - 74
Main Authors Tchendji, Vianney Kengne, Mvah, Fabrice, Djamegni, Clémentin Tayou, Yankam, Yannick Florian
Format Journal Article
LanguageEnglish
Published Cham Springer International Publishing 01.03.2021
Springer Nature B.V
Subjects
Access control
Algorithms
Circuits and Systems
Computer Hardware
Cybersecurity
Denial of service attacks
Embedded systems
Engineering
Information Systems Applications (incl.Internet)
Internet Protocol
IP (Internet Protocol)
Software-defined networking
Spoofing
Systems and Data Security
Virtual environments
Virtual networks
Dynamic addressing
Bayes probabilities
Software-defined network
Global ARP cache
ARP spoofing
Virtual networks
Online AccessGet full text
ISSN2509-3428
2509-3436
DOI10.1007/s41635-020-00105-x

Cover

More Information
Summary:Virtual networks, just like classical IP networks, usually face many external threats such as ARP spoofing attacks. These attacks come from Address Resolution Protocol (ARP) vulnerabilities. Indeed, the ARP protocol can allow a virtual machine to be identified by one or more IP-MAC pairs, thus facilitating users’ impersonation and forged IP-MAC pair insertion into the victims’ ARP caches. This type of attack is the beginning of more dangerous attacks such as man-in-the-middle and denial-of-service. Several solutions based on SDN (Software-Defined Network) technology, known for their suitable adaptation to large-scale networks, have been proposed. These solutions use a global ARP cache built into the controller which contains the virtual machines’ IP-MAC pairs, as attacker detection knowledge. The main drawbacks of these methods are the collection and unsecured storage of IP-MAC pairs into the global ARP cache and failure to consider IP address reallocation cases, as well as users’ connection and reconnection scenarios in the attacker detection process. To remedy these shortcomings, we propose an Efficient Bayes Based Security Protocol (E2BaSeP) which detects attackers using a Bayes-based algorithm. This solution works in both dynamically and statically addressing networks. Simulation results show that the E2BaSeP protocol provides effective protection for ARP caches and performs better than those observed in the literature.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2509-3428
2509-3436
DOI:10.1007/s41635-020-00105-x