Skip to main content
SpringerLink
Log in

GaTeBaSep: game theory-based security protocol against ARP spoofing attacks in software-defined networks

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Nowadays, the growth of internet users has led to a significant increase in identity fraud security risks. One of the common forms of identity fraud is the Address Resolution Protocol (ARP) spoofing attack. These cyber-attacks come from ARP vulnerabilities and consist of compromising the victims’ ARP caches by inserting fake IP-MAC pairs. These attacks should be tackled seriously because they can be used to launch more dangerous ones, such as denial of service or man-in-the-middle attacks. Most existing approaches against ARP spoofing attacks use a detection threshold to detect attackers in the network. However, these approaches may be ineffective against an intelligent attacker who avoids exceeding the threshold by combining spoofed ARP packets with normal ones. To address this problem, we leverage the advantages of software-defined networks to propose a game-theoretic approach that predicts the defender’s best moves based on the Nash strategies. This approach is modeled as a non-cooperative game between the attacker who wants to poison victims’ ARP caches, and the defender whose goal is to avoid ARP cache poisoning. The proposed method results in a mixed-strategy Nash equilibrium that identifies the best defensive strategy. It includes a player utility-based algorithm to detect malicious users and block their traffic or redirect them to a honeypot. Simulation results show that the proposed method is more suitable to ensure system security by preventing, detecting, and recovering from ARP spoofing attacks than those proposed in the literature.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Algorithm 1
Algorithm 2
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Data availability

Data sharing not applicable to this article as no datasets were generated or analysed during the current study.

References

  1. Do, C.T., Tran, N.H., Hong, C., Kamhoua, C.A., Kwiat, K.A., Blasch, E., Ren, S., Pissinou, N., Iyengar, S.S.: Game theory for cyber security and privacy. ACM Comput. Surv. 50(2), 1–30 (2017). https://doi.org/10.1145/3057268

    Article  Google Scholar 

  2. Houser, W.: Could what happened to sony happen to us? IT Prof. 17(2), 54–57 (2015). https://doi.org/10.1109/MITP.2015.21

    Article  Google Scholar 

  3. Divya, C., Francis Xavier Christopher, D.: Sm-Arp Stochastic markovian game model for packet forwarding based arp spoofing attacks detection. Int. J. Eng. Adv. Technol. IJEAT (2019). https://doi.org/10.35940/ijeat.B3801.129219

    Article  Google Scholar 

  4. Gao, W.H., Sun, Y.H., Fu, Q., Wu, Z., Ma, X., Zheng, K., Huang, X.: Arp poisoning prevention in internet of things. In: 9th International Conference on Information Technology in Medicine and Education (ITME), pp. 733–736 (2018). https://doi.org/10.1109/ITME.2018.00166

  5. Jeong, Y., Kim, H., Jo, H.J.: ASD: ARP spoofing detector using openwrt. Secur. Commun. Netw. 20, 22 (2022). https://doi.org/10.1155/2022/2196998

    Article  Google Scholar 

  6. Morsy, S.M., Nashat, D.: D-ARP: an efficient scheme to detect and prevent ARP spoofing. IEEE Access 10, 49142–49153 (2022). https://doi.org/10.1109/ACCESS.2022.3172329

    Article  Google Scholar 

  7. Chauhan, A., Yadav, R.K.: Detection of MAC spoofing using SVM technique. Int. J. Comput. Sci. Technol. (IJCST) 7, 194–197 (2016)

    Google Scholar 

  8. Galal, A.A., Ghalwash, A.Z., Nasr, M.: A new approach for detecting and mitigating address resolution protocol (ARP) poisoning. Int. J. Adv. Comput. Sci. Appl. (2022). https://doi.org/10.14569/IJACSA.2022.0130647

    Article  Google Scholar 

  9. Ma, H., Ding, H., Yang, Y., Mi, Z., Zhang, M.: SDN-based ARP attack detection for cloud centers. In: IEEE 12th Intl Conf on Ubiquitous Intelligence and Computing and IEEE 12th Intl Conf on Autonomic and Trusted Computing and IEEE 15th Intl Conf on Scalable Computing and Communications and Its Associated Workshops (UIC-ATC-SCALCOM), pp. 1049–1054 (2015). https://doi.org/10.1109/UIC-ATC-ScalCom-CBDCom-IoP.2015.195

  10. Chakrala, D., D Francis Xavier, C.: Security against ARP spoofing attacks using Bayesian support vector regression. Int. J. Innov. Technol. Explor. Eng. (IJITEE) 8, 2278–3075 (2019)

    Google Scholar 

  11. Tchendji, V.K., Mvah, F., Djamegni, C.T., Yankam, Y.F.: E2basep: efficient Bayes based security protocol against ARP spoofing attacks in SDN architectures. J. Hardw. Syst. Secur. 1, 17 (2021). https://doi.org/10.1007/s41635-020-00105-x

    Article  Google Scholar 

  12. Majumdar, A., Raj, S., Subbulakshmi, T.: Arp poisoning detection and prevention using scapy. J. Phys. Conf. Ser. 1911, 012022 (2021). https://doi.org/10.1088/1742-6596/1911/1/012022

    Article  Google Scholar 

  13. Data, M.: The defense against arp spoofing attack using semi-static arp cache table. In: International Conference on Sustainable Information Engineering and Technology (SIET), pp. 206–210 (2018). https://doi.org/10.1109/SIET.2018.8693155

  14. Ortega, A.P., Marcos, X.E., Chiang, L.D., Abad, C.L.: Preventing ARP cache poisoning attacks: a proof of concept using openwrt. In: Latin American Network Operations and Management Symposium, LANOMS, Punta del Este, Uruguay: Proceedings. IEEE 2009, (2009). https://doi.org/10.1109/LANOMS.2009.5338799

  15. Puangpronpitag, S., Masusai, N.: An efficient and feasible solution to arp spoof problem. In: 6th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology 2, 910–913 (2009). https://doi.org/10.1109/ECTICON.2009.5137193

  16. Zawar, S., Steve, C.: Mitigating ARP cache poisoning attack in software-defined networking (SDN): a survey. Electronics 8(10), 1095 (2019). https://doi.org/10.3390/electronics8101095

    Article  Google Scholar 

  17. Sahoo Kshira, S., Mishra Sambit, K., Sahoo, S., Sahoo, B.: Software defined network: the next generation internet technology. Int. J. Wirel. Microw. Technol. 7, 13–24 (2017). (http://hdl.handle.net/2080/2685)

    Google Scholar 

  18. Girdler, T., Vassilakis, V.G.: Implementing an intrusion detection and prevention system using software-defined networking: defending against ARP spoofing attacks and blacklisted MAC addresses. Comput. Electr. Eng. 90, 106990 (2021). https://doi.org/10.1016/j.compeleceng.2021.106990

    Article  Google Scholar 

  19. Oliveira, R., Shinoda, A.A., Schweitzer, C.M., Rogério, L.I., Ligia R.P.: L3-arpsec—a secure openflow network controller module to control and protect the address resolution protocol. In: XXXIII Simpósio Brasileiro De Telecomunicações–(SBrT2015), pp. 158–162 (2015)

  20. Alharbi, T., Durando, D., Pakzad, F., Portmann, M.: Securing ARP in software defined networks. In: 41st IEEE Conference on Local Computer Networks, LCN 2016, Dubai, United Arab Emirates, pp. 523–526. IEEE Computer Society (2016). https://doi.org/10.1109/LCN.2016.83

  21. Abdelsalam, A., El-Sisi, A., Reddy, V.: Mitigating arp spoofing attacks in software-defined networks. In: 25th International Conference on Computer Theory and Applications (ICCTA), pp. 126–131 (2015). https://doi.org/10.1109/ICCTA37466.2015.9513433

  22. Deepa, B., Agnise Kala, R.X.: A technique for a software-defined and network-based ARP spoof detection and mitigation. Int. J. Appl. Eng. Res. 13, 14823–14826 (2018)

    Google Scholar 

  23. Cox Jacob, H., Clark Russell, J., Owen, H.L.: Leveraging SDN for arp security. In: SoutheastCon 2016, 1–8 (2016). https://doi.org/10.1109/SECON.2016.7506644

  24. Nehra, A., Tripathi, M., Gaur, M.: FICUR: employing SDN programmability to secure ARP. In: IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1–8 (2017). https://doi.org/10.1109/CCWC.2017.7868450

  25. Wei, H., Chunhe, X., Haiquan, W., Cheng, Z., Yi, J.: A game theoretical attack-defense model oriented to network security risk assessment. In: International Conference on Computer Science and Software Engineering, CSSE 2008, Volume 6: Graphic Communication / Other Applications, Wuhan, China, pp. 498–504. IEEE Computer Society (2008). https://doi.org/10.1109/CSSE.2008.1651

  26. Kumar, B., Bhuyan, B.: Using game theory to model dos attack and defence. Sādhanā 44(12), 1–12 (2019). https://doi.org/10.1007/s12046-019-1228-4

    Article  MathSciNet  Google Scholar 

  27. Kaho, W., Joel, C.: Game-theoretic modeling of DDoS attacks in cloud computing. In: UCC ’21: 2021 IEEE/ACM 14th International Conference on Utility and Cloud Computing, Leicester, pp. 1:1–1:10. ACM (2021). https://doi.org/10.1145/3468737.3494093

  28. Chowdhary, A., Pisharody, S., Alshamrani, A., Huang, D.: Dynamic game based security framework in sdn-enabled cloud networking environments. In: Ahn, G.J., Gu, G., Hu, H., Shin, S. (eds.) Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, SDN-NFVSec@CODASPY 2017, Scottsdale, Arizona, pp. 53–58. ACM (2017). https://doi.org/10.1145/3040992.3040998

  29. Basak, A., Kamhoua, C. A., Venkatesan, S., Gutierrez, M., Anwar, A.H., Kiekintveld, C.: Identifying stealthy attackers in a game theoretic framework using deception. In: Decision and Game Theory for Security—10th International Conference, GameSec 2019, Stockholm, Sweden, Proceedings, volume 11836 of Lecture Notes in Computer Science, pp. 21–32. Springer (2019). https://doi.org/10.1007/978-3-030-32430-8_2

  30. de Oliveira, R.L.S., Schweitzer, C.M., Shinoda, A.A: Ligia Rodrigues Prete. Using mininet for emulation and prototyping software-defined networks. In: 2014 IEEE Colombian Conference on Communications and Computing (COLCOM), pp. 1–6 (2014). https://doi.org/10.1109/ColComCon.2014.6860404

  31. Sahoo, K.S., Mohanty, S., Tiwary, M., Mishra Brojo, K., Sahoo, B.: A comprehensive tutorial on software defined network: the driving force for the future internet technology. In: Proceedings of the International Conference on Advances in Information Communication Technology & Computing, pp. 1–6 (2016)

  32. De Oliveira, R.L.S., Marie Schweitzer, C., Akira Shinoda, A., Rodrigues Prete, L.: Using mininet for emulation and prototyping software-defined networks. In: IEEE Colombian Conference on Communications and Computing (COLCOM), pp. 1–6 (2014)

  33. Ghadeer, D., Vorobeva Alisa, A., Korzhuk Viktoriia, M.: An efficient mechanism to detect and mitigate an ARP spoofing attack in software-defined networks. J. Sci. Tech. Inf. Technol. Mech. Opt. 133(3), 401–409 (2021). https://doi.org/10.17586/2226-1494-2021-21-3-401-409

  34. Stepanov, P.P., Nikonova, G.V., Pavlychenko, T.S., Gil, A.S.: The problem of security address resolution protocol. J. Phys. Conf. Ser. 1791, 012061 (2021). https://doi.org/10.1088/1742-6596/1791/1/012061

    Article  Google Scholar 

Download references

Acknowledgements

Research was sponsored by the Army Research Office and was accomplished under Grant Number W911NF-21-1-0326. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Army Research Office or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation herein.

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Science, University of Dschang, PO Box 67, Dschang, Cameroon

    Fabrice Mvah, Vianney Kengne Tchendji & Clémentin Tayou Djamegni

  2. US Army Research Laboratory, Adelphi, MD 20783, USA

    Ahmed H. Anwar & Charles Kamhoua

  3. Department of Computer Science, The University of Texas at El Paso, El Paso, TX, 79968, USA

    Deepak K. Tosh

Authors
  1. Fabrice Mvah
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Vianney Kengne Tchendji
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Clémentin Tayou Djamegni
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ahmed H. Anwar
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Deepak K. Tosh
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Charles Kamhoua
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vianney Kengne Tchendji.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest. This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mvah, F., Kengne Tchendji, V., Tayou Djamegni, C. et al. GaTeBaSep: game theory-based security protocol against ARP spoofing attacks in software-defined networks. Int. J. Inf. Secur. 23, 373–387 (2024). https://doi.org/10.1007/s10207-023-00749-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-023-00749-0

Keywords

Search

Navigation