SDN-based Intrusion Detection and Prevention System Against ARP Spoofing Attacks

Authors

  • Muhammad Junaid PMAS Arid Agriculture University Rawalpindi, Rawalpindi, Pakistan
  • Syed Mushhad Mustuzhar Gilani University of Agriculture Faisalabad, Faisalabad, Pakistan
  • Asif Kabir University of Kotli, Azad Jammu and Kashmir, Kotli, Pakistan
  • Qamar Nawaz University of Agriculture Faisalabad, Faisalabad, Pakistan

DOI:

https://doi.org/10.33897/fujeas.v6i1.965

Keywords:

Software Defined Network, Intrusion Detection, Intrusion Prevention, ARP Spoofing Attacks, Network Security, Cyber Security

Abstract

Software Defined Networking (SDN) separates the control plane from the data plane, enabling centralized configuration through the SDN controller. While this centralization simplifies management, it also makes the controller’s ARP table a critical target, as the stateless nature of ARP allows spoofing attacks. To mitigate this vulnerability, we propose an Intrusion Detection and Prevention System integrated as a controller module. The system monitors ARP and DHCP packets, maintaining a permanent ARP table synchronized with a DHCP table to ensure reliable IP–MAC bindings. The IDPS applies four validation checks in both IP and MAC address scanning modules, ensuring robust detection and prevention of spoofed packets. To achieve scalability, the design employs hashmaps for all lookups, ensuring that each check executes in constant time (O(1)), independent of network size. While this methodology introduces a higher baseline mitigation time (~2.2s) compared to some lightweight approaches, it guarantees predictable performance at scale and comprehensive coverage of spoofing attacks.

Downloads

Published

2025-07-31

Issue

Vol. 6 No. 1 (2025): Foundation University Journal of Engineering and Applied Sciences

Section

Articles