Detecting ARP Attacks in SDN-Based Cloud Environment


Thanks to cloud computing, it’s quite simple for consumers to get access to a large group’s worth of servers, platforms, and software.

There are a variety of safeguards put in place by cloud service providers to ensure client satisfaction and the dependability of their services. Cloud computing is rapidly becoming into a resource that almost no company can afford to ignore. Security, particularly cyber security, is crucial due to the widespread use of cloud computing. In a typical network, nodes evaluate data and transmit packets using the same configuration or set of algorithms. Typically, there is no one hub of authority. However, SDN divides the network into a data plane and a control plane. To put it another way, controllers are in charge of executing algorithms and pushing flow entries onto switches, whereas the sole job of network devices (switches) is to route packets depending on those entries. SDN is essential for cloud computing since it allows for dynamic network configuration through software management.

By using software-defined networking in the cloud, the network may be as adaptable as the computer. When it comes to monitoring traffic and adjusting settings on devices in the event of a security breach, SDN controllers have it covered since they are capable of managing the whole cloud. Having this information may make cloud computing more secure. This research group devised a method for detecting and blocking ARP assaults in a cloud computing environment that makes use of software-defined networking. In operational networks, the ARP protocol does not need modification. It’s important to note that the proposed solution wouldn’t affect network speed since ARP packets wouldn’t be altered in any way, not even when encrypted or decrypted. When dealing with ARP packets from various network nodes, a set of controllers is employed to determine the best course of action. Thanks to DHCP, precise IP-to-MAC mappings may be extracted from DHCP broadcasts. In order to determine whether an IP-MAC mapping exists, controllers examine ARP messages. Should this be the case, they will only forward valid packets while discarding any invalid ones. Multiple flow entries are simultaneously added to switches by controllers to allow packets to travel through while blocking attackers. There are two primary functions that research methodologies provide. One option is for hosts to provide real-time packets, which are then processed, flow entries are added to switches, or the packets are thrown away once they have been processed. The other checks at traffic and packet information on the edge switch ports on a regular basis. This section pauses traffic on a connected port during an ARP flooding assault so that traffic may be regulated.


 ARP, a TCP/IP technique at the network layer, transforms Medium Access Control (MAC) addresses to IP addresses to ensure sure devices may connect. If the source host knows the destination host’s Media Access Control (MAC) address, it may connect directly to the target host on a network. But ARP doesn’t include a set of security mechanisms to make sure the data is valid and secure. No of how genuine an ARP packet is, hosts will update ARP cache tables. Since ARP is the cornerstone of network communication, it may be attacked using DoS, MITM, and host impersonation. So, it is necessary to make sure ARP security in the cloud environment.

  • Researchers will come up with a solution to interpret ARP packets and utilize SDN to safeguard cloud computing networks against ARP assaults. Our technology can also make sure that networks run properly and are safe by employing a set of controllers and secure switches.
  • There is a technique for researchers to look at ARP packets in real time for ARP spoofing attacks and to discover a forwarding route. Also, it could gather information on ARP packets on a regular basis to discover ARP flooding assaults and block traffic straight away.
  • Researchers will employ DHCP to acquire dependable IPMAC mappings to make sure that they can identify ARP attacks.\s• Researchers will explain how their solution defends against ARP assaults in the cloud and test it on the Linux platform to make sure there isn’t a large reduction in performance.


 The solution presented in this article employs controllers to look at ARP packets in order to thwart ARP assaults. Researchers utilize a collection of controllers to spread out network traffic and get rid of performance bottlenecks caused by the massive volume of data on the cloud computing network. Researchers put up a server to handle communications from all controllers and store global data. This made it easy for controllers to converse to one other. The system for researchers may find out information about hosts on the fly, such as how to translate IP addresses to MAC addresses.


With the application arpspoof, researchers are able to simulate ARP spoofing attacks. We suspect that “h1” is an adversary computer that is attempting to deceive other machines on the network. All bogus ARP packets are thrown away by “controller1,” therefore our ARP assaults have no impact on the ARP cache tables of other hosts. The findings suggest that our method to thwart assaults on SDN networks is effective. Our system can determine whether an arp spoofing (ARP) attack is occuring in roughly 190 milliseconds.

When network traffic grows up, ARP attacks require extremely little time, which allows various networks adapt to one other. As the most significant aspect of SDN architecture, controllers are in charge of controlling the complete network and must be able to manage massive volumes of data.


Researchers have come up with a novel technique to discover and thwart ARP assaults in SDN-based cloud computing systems, concentrating on the control layer. By designing controllers, we provide ourselves a mechanism to deal with packets that originate from all network hosts. The controller that received an ARP packet analyzes it for ARP spoofing attempts before determining whether to deliver it or not. Also, the module that looks at statistical data from edge switches may be able to recognize ARP flooding assaults and halt them fast. A cluster of controllers enhances network performance compared to a single, centralized controller. This is beneficial in cloud computing setups with a lot of computer resources. Also, both ARP spoofing and ARP flooding attacks can be immediately discovered and prevented, which helps our solution safeguard network security successfully. Because cloud computing may provide users various resources at different times, the network may receive host addresses on the fly. When employing a controller cluster, it is crucial to have the proper amount of controllers. The number of controllers in the network may have a huge influence on how effectively it performs. In the future, we will look at the ideal amount of controllers for a network so that efficiency and performance are at their best.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top