Abstract
Address Resolution Protocol (ARP) is the network part that is responsible for identifying a Media Access Control (MAC) address of each other, through mapping an IP address to the corresponding MAC address. Unfortunately, ARP is a stateless protocol, the weakness in ARP effects directly on the security standards of the network and especially in Ethernet. In this paper, we propose a new architecture; named a CSIDS Client/Server based Intrusion Detection System designed to detection and defense against ARP spoofing attacks. The main idea behind this approach is to implement a real-time analyzing for received ARP packets and in case of detection a suspicious ARP packet a resolution message will be exchanged between system parts on the same network. This system is resilience by making at most two objects (client/server) to work efficiently; on the other hand, just one client is capable of defending on himself.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Plummer: An Ethernet address resolution protocol. RFC 826 (1982)
Behrouz: TCP/IP Protocol Suite, ch. 8. McGraw-Hill, New York (2010)
ISL GmbH, ARP-Guard, http://www.arp-guard.com
founder, Roesch: Network Intrusion Detection and Prevention System (IDS/IPS), http://www.snort.org
Hou, X., Jiang, Z., Tian, X.: The detection and prevention for ARP Spoofing based on Snort. In: IEEE Int. Conf. Computer Application and System Modeling, pp. V5-137–V5-139 (2010)
Gouda, M.G., Huang, C.-T.: A secure address resolution protocol. The International Journal of Computer and Telecommunications Networking 41(1), 57–71 (2003)
Bruschi, D., Ornaghi, A., Rosti, E.: S-ARP: a secure address resolution protocol. In: 19th IEEE Annual Computer Security Applications Conference, pp. 66–74 (2003)
Tripunitara, M.V., Dutta, P.: A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning. In: 15th IEEE Annual Computer Security Applications Conference, pp. 303–309 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Salim, H., Li, Z., Tu, H., Guo, Z. (2012). A Client/Server Based Mechanism to Prevent ARP Spoofing Attacks. In: Tan, Y., Shi, Y., Ji, Z. (eds) Advances in Swarm Intelligence. ICSI 2012. Lecture Notes in Computer Science, vol 7332. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31020-1_30
Download citation
DOI: https://doi.org/10.1007/978-3-642-31020-1_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31019-5
Online ISBN: 978-3-642-31020-1
eBook Packages: Computer ScienceComputer Science (R0)