Address Resolution Protocol (ARP) is the network part that is responsible for identifying a Media Access Control (MAC) address of each other, through mapping an IP address to the corresponding MAC address. Unfortunately, ARP is a stateless protocol, the weakness in ARP effects directly on the security standards of the network and especially in Ethernet. In this paper, we propose a new architecture; named a CSIDS Client/Server based Intrusion Detection System designed to detection and defense against ARP spoofing attacks. The main idea behind this approach is to implement a real-time analyzing for received ARP packets and in case of detection a suspicious ARP packet a resolution message will be exchanged between system parts on the same network. This system is resilience by making at most two objects (client/server) to work efficiently; on the other hand, just one client is capable of defending on himself.
[1]
Danilo Bruschi,et al.
S-ARP: a secure address resolution protocol
,
2003,
19th Annual Computer Security Applications Conference, 2003. Proceedings..
[2]
Partha Dutta,et al.
A middleware approach to asynchronous and backward compatible detection and prevention of ARP cache poisoning
,
1999,
Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).
[3]
Chin-Tser Huang,et al.
A secure address resolution protocol
,
2003,
Comput. Networks.
[4]
Zhiping Jiang,et al.
The detection and prevention for ARP Spoofing based on Snort
,
2010,
2010 International Conference on Computer Application and System Modeling (ICCASM 2010).