Addressing critical vulnerabilities in network security, this study presents an advanced detection and mitigation framework against ARP spoofing—a major threat exploiting authentication gaps in the ARP protocol. Leveraging Scapy integrated with Software-Defined Networking (SDN) technologies, including the Ryu controller and Open vSwitch, the research introduces a custom ARP cache poisoning script that covertly reroutes network traffic to an attacker-controlled node with precision and control. Deployed in a virtualized environment, the script was tested against tools like Ettercap and Bettercap, achieving superior manipulation capabilities and a 100% ARP table compromise rate. The tailored SDN-based detection tool further demonstrated strong performance, identifying 98.33% of spoofing activities with a low detection latency of 0.024 s and minimal CPU usage, ensuring network efficiency. This research sets a new benchmark in ARP spoofing mitigation and paves the way for future enhancements such as ARP table pre-population and broader protocol support, strengthening defenses in virtualized environments.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Dynamic ARP Cache Poisoning Detection and Enhanced Prevention in Virtual Networks Using SDN and Real-Time Traffic Analysis with Scapy

  • Ala’a Alsheikh Ali,
  • Ken McGarry,
  • David Baglee,
  • Neil Eliot

摘要

Addressing critical vulnerabilities in network security, this study presents an advanced detection and mitigation framework against ARP spoofing—a major threat exploiting authentication gaps in the ARP protocol. Leveraging Scapy integrated with Software-Defined Networking (SDN) technologies, including the Ryu controller and Open vSwitch, the research introduces a custom ARP cache poisoning script that covertly reroutes network traffic to an attacker-controlled node with precision and control. Deployed in a virtualized environment, the script was tested against tools like Ettercap and Bettercap, achieving superior manipulation capabilities and a 100% ARP table compromise rate. The tailored SDN-based detection tool further demonstrated strong performance, identifying 98.33% of spoofing activities with a low detection latency of 0.024 s and minimal CPU usage, ensuring network efficiency. This research sets a new benchmark in ARP spoofing mitigation and paves the way for future enhancements such as ARP table pre-population and broader protocol support, strengthening defenses in virtualized environments.