Leveraging SDN for ARP security

Jacob H. Cox, Russell J. Clark, Henry L. Owen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

25 Scopus citations


Insider threats are a growing concern for industry, government, and campus networks. Yet, vulnerabilities inherent in Address Resolution Protocol (ARP) are exploitable by insiders seeking to launch sophisticated attacks on local area networks (LANs). Such attacks, initialized through ARP spoofing, include denial of service, server redirect, and man-in-the-middle attacks. Unfortunately, the current state of the art technologies for detecting and preventing ARP poisoning are tediously complex, slow to detect, and difficult to maintain. However, software defined networking (SDN) enables the implementation of novel security measures that are capable of detecting and eliminating ARP spoofing before it can impact other hosts. Hence, this paper presents Network Flow Guard for ARP (NFGA), an SDN security module that augments simple, MAC-learning, protocols on OpenFlow-enabled switches. NFG works by hashing a host's physical address with an appropriate IP: port association to deny ARP spoofing at real-time. Moreover, our framework's key contribution is that it achieves ARP security with minimal intervention by network operators while supporting both dynamic and static port allocations, requiring no changes to the network's topology or protocols, and requiring no client software installation.

Original languageEnglish (US)
Title of host publicationSoutheastCon 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509022465
StatePublished - Jul 7 2016
EventSoutheastCon 2016 - Norfolk, United States
Duration: Mar 30 2016Apr 3 2016

Publication series

NameConference Proceedings - IEEE SOUTHEASTCON
ISSN (Print)0734-7502


ConferenceSoutheastCon 2016
Country/TerritoryUnited States


  • ARP Poisoning
  • DHCP
  • Network Protocols
  • Network Topology
  • Security
  • Software Defined Networks

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Software
  • Electrical and Electronic Engineering
  • Control and Systems Engineering
  • Signal Processing


Dive into the research topics of 'Leveraging SDN for ARP security'. Together they form a unique fingerprint.

Cite this