Abstract

This study presents an advanced detection and mitigation framework against ARP spoofing—a major threat exploiting authentication gaps in the ARP protocol. Leveraging Scapy integrated with Software-Defined Networking (SDN) technologies, including the Ryu controller and Open vSwitch, the research introduces a custom ARP cache poisoning script that covertly reroutes network traffic to an attacker-controlled node with precision and control. Deployed in a virtualized environment, the script was evaluated against tools like Ettercap and Bettercap, achieving superior manipulation capabilities and a 100% ARP table compromise rate. The tailored SDN-based detection tool further demonstrated impressive performance, identifying 98.33% of spoofing activities with a low detection latency of 0.024 seconds and minimal CPU usage, ensuring network efficiency. This research sets a new benchmark in ARP spoofing mitigation and paves the way for future enhancements such as ARP table pre-population and broader protocol support, strengthening defenses in virtualized environments.