An Active Intrusion Detection System for LAN Specific Attacks

Conference Paper · January 2010with33 Reads
DOI: 10.1007/978-3-642-13577-4_11 · Source: DBLP
Conference: Advances in Computer Science and Information Technology, AST/UCMA/ISA/ACN 2010 Conferences, Miyazaki, Japan, June 23-25, 2010. Joint Proceedings
Abstract
Local Area Network (LAN) based attacks are due to compromised hosts in the network and mainly involve spoofing with falsified IP-MAC pairs. Since Address Resolution Protocol (ARP) is a stateless protocol such attacks are possible. Several schemes have been proposed in the literature to circumvent these attacks, however, these techniques either make IP-MAC pairing static, modify the existing ARP, patch operating systems of all the hosts etc. In this paper we propose an Intrusion Detection System (IDS) for LAN specific attacks without any extra constraint like static IP-MAC, changing the ARP etc. The proposed IDS is an active detection mechanism where every pair of IP-MAC are validated by a probing technique. The scheme is successfully validated in a test bed and results also illustrate that the proposed technique minimally adds to the network traffic.
    • "Various mechanisms have been proposed to detect and mitigate these ARP attacks at both the host-level and network-level. In [2], a literature review on network based IDS for detecting ARP spoofing attacks with their drawbacks have been discussed. The authors also present a new network based IDS to detect such spoofing attacks and highlights how many of the drawbacks are eliminated. "
    [Show abstract] [Hide abstract] ABSTRACT: Spoofing with falsified IP-MAC pair is the first step in most of the LAN based-attacks. Address Resolution Protocol (ARP) is stateless, which is the main cause that makes spoofing possible. Several network level and host level mechanisms have been proposed to detect and mitigate ARP spoofing but each of them has their own drawback. In this paper we propose a Host-based Intrusion Detection system for LAN attacks, which works without any extra constraint like static IP-MAC, modifying ARP etc. The proposed scheme is verified under all possible attack scenarios. The scheme is successfully validated in a test bed with various attack scenarios and the results show the effectiveness of the proposed technique.
    Full-text · Article · Jun 2013
  • [Show abstract] [Hide abstract] ABSTRACT: The function of Address Resolution Protocol (ARP) is critical in local area networking as well as for routing Internet traffic across gateways. ARP, being a Stateless protocol, is prone to various attacks such as ARP spoofing, ARP flooding and ARP poisoning. This work discusses about an efficient scalable implementation of an Intrusion Detection System (IDS) with active detection, to detect ARP spoofing, flooding and related attacks like Man-in-the-Middle(MiTM) and Denial-of-Service(DoS) etc.
    Chapter · Jan 2011
  • [Show abstract] [Hide abstract] ABSTRACT: Most of the LAN based-attacks involves the spoofing of the victim host with falsified IP-MAC pairs. MAC Spoofing is possible because of the stateless nature of the Address Resolution Protocol (ARP), which is responsible for resolving IP Addresses to MAC Addresses. Several mechanisms have been proposed to detect and mitigate ARP spoofing attempts both at the network level and at the host level, but each of them have their own drawback. In this paper we propose a Host-based Intrusion Detection system for LAN attacks which work without any extra constraint like static IP-MAC, modifying ARP etc. The scheme is successfully validated in a test bed with various attack scenarios and the results show the effectiveness of the proposed technique.
    Article · Jan 2011 · International Journal of Network Security & Its Applications
Show more

People who read this publication also read