AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND ITS VERIFICATION
Ferdous A Barbhuiya, Santosh Biswas and Sukumar Nandi
Department of Computer Science and Engineering Indian Institute of Technology Guwahati, India - 781039
ABSTRACT
Spoofing with falsified IP-MAC pair is the first step in most of the LAN based-attacks. Address Resolution Protocol (ARP) is stateless, which is the main cause that makes spoofing possible. Several network level and host level mechanisms have been proposed to detect and mitigate ARP spoofing but each of them has their own drawback. In this paper we propose a Host-based Intrusion Detection system for LAN attacks, which works without any extra constraint like static IP-MAC, modifying ARP etc. The proposed scheme is verified under all possible attack scenarios. The scheme is successfully validated in a test bed with various attack scenarios and the results show the effectiveness of the proposed technique.
KEYWORDS
Active Detection, ARP spoofing, host based ids, LAN attack, Verification
Original Scoure Link : http://airccse.org/journal/nsa/0511ijnsa11.pdf
No comments:
Post a Comment