2021 International Conference on Green Energy, Computing and Sustainable Technology (GECOST) | 2021
A Profiling Based Approach To Detect ARP Poisioning Attacks
Abstract
Address Resolution Protocol (ARP) is one of the essential protocols used in LAN communication. It is vulnerable to spoofing attacks since ARP protocols are stateless. Thus, most modern networks are still prone to ARP spoofing attacks. There are many types of approaches being suggested to detect and mitigate ARP spoofing. These approaches are mainly based on ICMP ping, secondary cache, Snort, etc. These approaches consume time or require invasive approaches on the client-side, which make them unpopular. In this paper, we introduce ARPprofiler, which can profile network behavior to identify an attacker and detect ARP poisoning attempts. We have modeled ARPprofiler based on parameters such as the number of ARP packets generated during the attack, frequency of the ARP replies, and whether there exists ARP request and reply pairs. Our results show that by tuning the threshold parameters of ARPprofiler, ARP poisoning attacks from popular hacking tools can be identified, and rectification steps can be taken.