E2BaSeP: Efficient Bayes Based Security Protocol Against ARP Spoofing Attacks in SDN Architectures

Virtual networks, just like classical IP networks, usually face many external threats such as ARP spoofing attacks. These attacks come from Address Resolution Protocol (ARP) vulnerabilities. Indeed, the ARP protocol can allow a virtual machine to be identified by one or more IP-MAC pairs, thus facilitating users’ impersonation and forged IP-MAC pair insertion into the victims’ ARP caches. This type of attack is the beginning of more dangerous attacks such as man-in-the-middle and denial-of-service. Several solutions based on SDN (Software-Defined Network) technology, known for their suitable adaptation to large-scale networks, have been proposed. These solutions use a global ARP cache built into the controller which contains the virtual machines’ IP-MAC pairs, as attacker detection knowledge. The main drawbacks of these methods are the collection and unsecured storage of IP-MAC pairs into the global ARP cache and failure to consider IP address reallocation cases, as well as users’ connection and reconnection scenarios in the attacker detection process. To remedy these shortcomings, we propose an Efficient Bayes Based Security Protocol (E2BaSeP) which detects attackers using a Bayes-based algorithm. This solution works in both dynamically and statically addressing networks. Simulation results show that the E2BaSeP protocol provides effective protection for ARP caches and performs better than those observed in the literature.