A solution for ARP attacks in software defined network

Abstract:
SDN (Software Defined Network) is a novel network architecture in which control and forwarding are separated. The whole network is centralized controlled by the controller, whose north interface can be programmed, which is convenient for the management and control of network devices and the deployment of application services. However, traditional ARP attacks can still occur in SDN, and even cause more serious impact. The proposed solutions based on the traditional distributed network are not applicable to the centralized SDN network, and those existed attack-detection methods in SDN cannot accurately detect the ARP attacks. In view of this problem, a solution applicable for SDN network to accurately detect the ARP attack is proposed in this paper. The scheme enables the controller to verify the truth of the source host’s MAC-IP mapping and MAC address when the ARP packet is processed, thereby ensuring the network from ARP attacks. Finally, we performed experiments in a simulation SDN network, and the results show that the scheme can accurately detect ARP attacks, without affecting normal communications between hosts. Though avoiding a large amount of ARP broadcast communication, the ARP interaction time between hosts is also reduced.