An Active Host-Based Intrusion Detection System for ARP-Related Attacks and its Verification
This addresses security vulnerabilities in local area networks for users and administrators, but it appears incremental as it builds on existing host-based mechanisms.
The paper tackles the problem of ARP spoofing in LAN attacks by proposing a host-based intrusion detection system that operates without extra constraints like static IP-MAC or ARP modifications, and it is verified to be effective in all possible attack scenarios through test bed validation.
Spoofing with falsified IP-MAC pair is the first step in most of the LAN based-attacks. Address Resolution Protocol (ARP) is stateless, which is the main cause that makes spoofing possible. Several network level and host level mechanisms have been proposed to detect and mitigate ARP spoofing but each of them has their own drawback. In this paper we propose a Host-based Intrusion Detection system for LAN attacks, which works without any extra constraint like static IP-MAC, modifying ARP etc. The proposed scheme is verified under all possible attack scenarios. The scheme is successfully validated in a test bed with various attack scenarios and the results show the effectiveness of the proposed technique.