TY - GEN
T1 - Detecting and mitigating ARP attacks in SDN-based cloud environment
AU - Sun, Sixian
AU - Fu, Xiao
AU - Luo, Bin
AU - Du, Xiaojiang
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/7
Y1 - 2020/7
N2 - Cloud computing is making a greater impact on internet industry, medical industry, insurance industry, and so on. Due to its influence, cloud computing networking is in great need of security, and protecting cloud environment from diverse attacks has been a hot issue. On the other hand, Software Defined Network (SDN) separates the control plane from the data plane and makes networks programmable, which promotes the centralized management of network devices. Compared to traditional networks, SDN increases the utilization efficiency of resources, increases the flexibility of network services, and reduces the cost of maintenance. Therefore, in this paper, we apply SDN to protect cloud computing networking from Address Resolution Protocol (ARP) attacks. In the proposed approach, a cluster of controllers detects ARP packets that hosts send, in order to find out the forged ones and to prevent ARP spoofing attacks. Also, controllers monitor statistical data of ARP packets once in a while to detect ARP flooding attacks. Once an attack is detected, controllers install flow entries on corresponding switches, to block flow for a specific time. Finally, we conduct experiments to show that our approach is useful to detect and mitigate ARP attacks in SDN-based cloud environment.
AB - Cloud computing is making a greater impact on internet industry, medical industry, insurance industry, and so on. Due to its influence, cloud computing networking is in great need of security, and protecting cloud environment from diverse attacks has been a hot issue. On the other hand, Software Defined Network (SDN) separates the control plane from the data plane and makes networks programmable, which promotes the centralized management of network devices. Compared to traditional networks, SDN increases the utilization efficiency of resources, increases the flexibility of network services, and reduces the cost of maintenance. Therefore, in this paper, we apply SDN to protect cloud computing networking from Address Resolution Protocol (ARP) attacks. In the proposed approach, a cluster of controllers detects ARP packets that hosts send, in order to find out the forged ones and to prevent ARP spoofing attacks. Also, controllers monitor statistical data of ARP packets once in a while to detect ARP flooding attacks. Once an attack is detected, controllers install flow entries on corresponding switches, to block flow for a specific time. Finally, we conduct experiments to show that our approach is useful to detect and mitigate ARP attacks in SDN-based cloud environment.
KW - ARP attack
KW - Cloud computing networking
KW - Network security
KW - Software defined network
UR - http://www.scopus.com/inward/record.url?scp=85091502015&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85091502015&partnerID=8YFLogxK
U2 - 10.1109/INFOCOMWKSHPS50562.2020.9162965
DO - 10.1109/INFOCOMWKSHPS50562.2020.9162965
M3 - Conference contribution
AN - SCOPUS:85091502015
T3 - IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020
SP - 659
EP - 664
BT - IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020
T2 - 2020 IEEE INFOCOM Conference on Computer Communications Workshops, INFOCOM WKSHPS 2020
Y2 - 6 July 2020 through 9 July 2020
ER -