GaTeBaSep: game theory-based security protocol against ARP spoofing attacks in software-defined networks

Nowadays, the growth of internet users has led to a significant increase in identity fraud security risks. One of the common forms of identity fraud is the Address Resolution Protocol (ARP) spoofing attack. These cyber-attacks come from ARP vulnerabilities and consist of compromising the victims' ARP caches by inserting fake IP-MAC pairs. These attacks should be tackled seriously because they can be used to launch more dangerous ones, such as denial of service or man-in-the-middle attacks. Most existing approaches against ARP spoofing attacks use a detection threshold to detect attackers in the network. However, these approaches may be ineffective against an intelligent attacker who avoids exceeding the threshold by combining spoofed ARP packets with normal ones. To address this problem, we leverage the advantages of software-defined networks to propose a game-theoretic approach that predicts the defender's best moves based on the Nash strategies. This approach is modeled as a non-cooperative game between the attacker who wants to poison victims' ARP caches, and the defender whose goal is to avoid ARP cache poisoning. The proposed method results in a mixed-strategy Nash equilibrium that identifies the best defensive strategy. It includes a player utility-based algorithm to detect malicious users and block their traffic or redirect them to a honeypot. Simulation results show that the proposed method is more suitable to ensure system security by preventing, detecting, and recovering from ARP spoofing attacks than those proposed in the literature.