Advertisement

An Active Intrusion Detection System for LAN Specific Attacks

  • Neminath Hubballi
  • S Roopa
  • Ritesh Ratti
  • F. A. Barbhuiya
  • Santosh Biswas
  • Arijit Sur
  • Sukumar Nandi
  • Vivek Ramachandran
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6059)

Abstract

Local Area Network (LAN) based attacks are due to compromised hosts in the network and mainly involve spoofing with falsified IP-MAC pairs. Since Address Resolution Protocol (ARP) is a stateless protocol such attacks are possible. Several schemes have been proposed in the literature to circumvent these attacks, however, these techniques either make IP-MAC pairing static, modify the existing ARP, patch operating systems of all the hosts etc. In this paper we propose an Intrusion Detection System (IDS) for LAN specific attacks without any extra constraint like static IP-MAC, changing the ARP etc. The proposed IDS is an active detection mechanism where every pair of IP-MAC are validated by a probing technique. The scheme is successfully validated in a test bed and results also illustrate that the proposed technique minimally adds to the network traffic.

Keywords

LAN Attack Address Resolution Protocol Intrusion Detection System 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Held, G.: Ethernet Networks: Design, Implementation, Operation, Management, 1st edn. John Wiley & Sons, Ltd., Chichester (2003)Google Scholar
  2. 2.
    Kozierok, C.M.: TCP/IP Guide, 1st edn. No Starch Press (October 2005)Google Scholar
  3. 3.
    Cisco Systems PVT LTD: Cisco 6500 catalyst switchesGoogle Scholar
  4. 4.
  5. 5.
  6. 6.
    Colasoft capsa, http://www.colasoft.com
  7. 7.
    Snort: Light weight intrusion detection, http://www.snort.org
  8. 8.
    Abad, C.L., Bonilla, R.I.: An analysis on the schemes for detecting and preventing arp cache poisoning attacks. In: ICDCSW 2007: Proceedings of the 27th International Conference on Distributed Computing Systems Workshops, Washington, DC, USA, pp. 60–67. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  9. 9.
    Hsiao, H.W., Lin, C.S., Chang, S.Y.: Constructing an arp attack detection system with snmp traffic data mining. In: ICEC 2009: Proceedings of the 11th International Conference on Electronic Commerce, pp. 341–345. ACM, New York (2009)CrossRefGoogle Scholar
  10. 10.
    Gouda, M.G., Huang, C.T.: A secure address resolution protocol. Comput. Networks. 41(1), 57–71 (2003)zbMATHCrossRefGoogle Scholar
  11. 11.
    Lootah, W., Enck, W., McDaniel, P.: Tarp: Ticket-based address resolution protocol, pp. 106–116. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  12. 12.
    Ramachandran, V., Nandi, S.: Detecting arp spoofing: An active technique. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2005. LNCS, vol. 3803, pp. 239–250. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Trabelsi, Z., Shuaib, K.: Man in the middle intrusion detection. In: Globecom, San Francisco, California, USA, pp. 1–6. IEEE Communication Society, Los Alamitos (2006)CrossRefGoogle Scholar
  14. 14.
    Sisaat, K., Miyamoto, D.: Source address validation support for network forensics. In: JWICS ’06: The 1st Joint Workshop on Information security, pp. 387–407 (2006)Google Scholar
  15. 15.
    CISCO Whitepaper, http://www.cisco.com

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Neminath Hubballi
    • 1
  • S Roopa
    • 1
  • Ritesh Ratti
    • 1
  • F. A. Barbhuiya
    • 1
  • Santosh Biswas
    • 1
  • Arijit Sur
    • 1
  • Sukumar Nandi
    • 1
  • Vivek Ramachandran
    • 1
  1. 1.Department of Computer Science and EngineeringIndian Institute of TechnologyGuwahatiIndia

Personalised recommendations