An Active Defense Solution for ARP Spoofing in OpenFlow Network  被引量：8

作　　者：XIA Jing CAI Zhiping HU Gang XU Ming 

机构地区：[1]College of Computer,National University of Defense Technology [2]School of Computer and Software,Nanjing University of Information Science & Technology

出　　处：《Chinese Journal of Electronics》2019年第1期172-178,共7页电子学报（英文版）

基　　金：supported by the National Natural Science Foundation of China(No.61379145,No.61379144,No.61501482)

摘　　要：As an emerging network technology,Software-defined network(SDN), has been rapidly developing for recent years due to its advantage in network management and updating. There are still a lot of open problems while applying this novel technology in reality,especially for meeting security demands. The Address resolution protocol(ARP) spoofing, a representative network attack in traditional networks is investigated.We implement the ARP spoofing in SDN network firstly and find that the threat of ARP attack still exists and has big impact on the network. We propose a novel mechanism as defense solution for ARP spoofing oriented to OpenFlow platform. Theoretical analyzation is given, and the mechanism is implemented as a module of POX controller. Experiment results and performance evaluations show that our solution can reduce the security threat of ARP spoofing remarkably on OpenFlow platform and related SDN platforms.As an emerging network technology,Software-defined network(SDN), has been rapidly developing for recent years due to its advantage in network management and updating. There are still a lot of open problems while applying this novel technology in reality,especially for meeting security demands. The Address resolution protocol(ARP) spoofing, a representative network attack in traditional networks is investigated.We implement the ARP spoofing in SDN network firstly and find that the threat of ARP attack still exists and has big impact on the network. We propose a novel mechanism as defense solution for ARP spoofing oriented to OpenFlow platform. Theoretical analyzation is given, and the mechanism is implemented as a module of POX controller. Experiment results and performance evaluations show that our solution can reduce the security threat of ARP spoofing remarkably on OpenFlow platform and related SDN platforms.

关 键 词：Software-defined network (SDN) ADDRESS RESOLUTION PROTOCOL (ARP)spoofing OpenFlow 

分 类 号：TN[电子电信]