Mitigating Layer 2 Attacks:
Re-Thinking the Division of Labor

Nir Solomon (Supervisor: Prof. Anat Bremler-Barr)
Projects, thesis, and dissertations


We provide an overview of Layer 2 attacks in OpenFlow: ARP Poisoning and a new DDos attack on the Controller, both implemented by us. We will describe our approach to mitigate these attacks, called Switch Reactive ARP-query. The key idea is to shift responsibilities back from the control-plane to the data-plane in order to reduce the load on the Controller.
ARP Poisoning is the kind of attack in which an attacker is able to alter or change the victim’s ARP cache in order to leverage it to Man in the Middle (MitM) attack or a Denial of Service (DoS) attack. A Distributed Denial of Service (DDoS) is a form of attack in which the victim’s resources are being depleted by multiple adversaries.
Both of these attacks are relevant in an OpenFlow-managed SDN network, where the contradicting relationship between the whole view of the network and the centralized Controller may clash.
In this paper, we have successfully mitigated ARP Poisoning attacks and have decreased dramatically and bounded the number of packet-ins, the main cause for the DDoS on the Controller.