Abstract
Most of the LAN based-attacks involves the spoofing of the victim host with falsified IP-MAC pairs. MAC Spoofing is possible because of the stateless nature of the Address Resolution Protocol (ARP), which is responsible for resolving IP Addresses to MAC Addresses. Several mechanisms have been proposed to detect and mitigate ARP spoofing attempts both at the network level and at the host level, but each of them have their own drawback. In this paper we propose a Host-based Intrusion Detection system for LAN attacks which work without any extra constraint like static IP-MAC, modifying ARP etc. The scheme is successfully validated in a test bed with various attack scenarios and the results show the effectiveness of the proposed technique.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Held, G.: Ethernet Networks: Design, Implementation, Operation, Management, 1st edn. John Wiley & Sons, Ltd., Chichester (2003)
Hubballi, N., Roopa, S., Ratti, R., Barburiya, F., Biswas, S., Nandi, S., Sur, A., Ramachandran, V.: An active intrusion detection system for lan specific attacks. In: The 4th International Conference on Information Security and Assurance (2010) (in press)
Kozierok, C.M.: TCP/IP Guide, 1st edn. No Starch Press (October 2005)
Tripunitara, M.V., Dutta, P.: A middleware approach to asynchronous and backward compatible detection and prevention of arp cache poisoning. In: Proceedings of the 15th Annual Computer Security Applications Conference, ACSAC 1999, Washington, DC, USA, p. 303. IEEE Computer Society, Los Alamitos (1999)
Zhenqi Wang, Y.Z.: Monitoring arp attack using responding time and state arp cache. In: The Sixth International Symposium on Neural Networks (ISNN 2009), pp. 701–709 (2009)
Gouda, M.G., Huang, C.T.: A secure address resolution protocol. Comput. Networks 41(1), 57–71 (2003)
Lootah, W., Enck, W., McDaniel, P.: Tarp: Ticket-based address resolution protocol, pp. 106–116. IEEE Computer Society, Los Alamitos (2005)
Zhao, S.L.: Weight intrusion detection, http://www.snort.org
Abad, C.L., Bonilla, R.I.: An analysis on the schemes for detecting and preventing arp cache poisoning attacks. In: Proceedings of the 27th International Conference on Distributed Computing Systems Workshops, ICDCSW 2007, Washington, DC, USA, pp. 60–67. IEEE Computer Society, Los Alamitos (2007)
arpwatch, http://www.arpalert.org
arpguard, https://www.arp-guard.com
xarp, http://www.chrismc.de/
Ramachandran, V., Nandi, S.: Detecting arp spoofing: An active technique. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2005. LNCS, vol. 3803, pp. 239–250. Springer, Heidelberg (2005)
Whalen, S.: An Introduction to ARP Spoofing (April 2001)
Sisaat, K., Miyamoto, D.: Source address validation support for network forensics. In: Yoshiura, H., Sakurai, K., Rannenberg, K., Murayama, Y., Kawamura, S.-i. (eds.) IWSEC 2006. LNCS, vol. 4266, pp. 387–401. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barbhuiya, F.A. et al. (2011). An Active Host-Based Detection Mechanism for ARP-Related Attacks. In: Meghanathan, N., Kaushik, B.K., Nagamalai, D. (eds) Advances in Networks and Communications. CCSIT 2011. Communications in Computer and Information Science, vol 132. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17878-8_44
Download citation
DOI: https://doi.org/10.1007/978-3-642-17878-8_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17877-1
Online ISBN: 978-3-642-17878-8
eBook Packages: Computer ScienceComputer Science (R0)