An Active Intrusion Detection System for LAN Specific Attacks
Local Area Network (LAN) based attacks are due to compromised hosts in the network and mainly involve spoofing with falsified IP-MAC pairs. Since Address Resolution Protocol (ARP) is a stateless protocol such attacks are possible. Several schemes have been proposed in the literature to circumvent these attacks, however, these techniques either make IP-MAC pairing static, modify the existing ARP, patch operating systems of all the hosts etc. In this paper we propose an Intrusion Detection System (IDS) for LAN specific attacks without any extra constraint like static IP-MAC, changing the ARP etc. The proposed IDS is an active detection mechanism where every pair of IP-MAC are validated by a probing technique. The scheme is successfully validated in a test bed and results also illustrate that the proposed technique minimally adds to the network traffic.
KeywordsLAN Attack Address Resolution Protocol Intrusion Detection System
Unable to display preview. Download preview PDF.
- 1.Held, G.: Ethernet Networks: Design, Implementation, Operation, Management, 1st edn. John Wiley & Sons, Ltd., Chichester (2003)Google Scholar
- 2.Kozierok, C.M.: TCP/IP Guide, 1st edn. No Starch Press (October 2005)Google Scholar
- 3.Cisco Systems PVT LTD: Cisco 6500 catalyst switchesGoogle Scholar
- 4.Arpwatch, http://www.arpalert.org
- 5.Arpdefender, http://www.arpdefender.com
- 6.Colasoft capsa, http://www.colasoft.com
- 7.Snort: Light weight intrusion detection, http://www.snort.org
- 8.Abad, C.L., Bonilla, R.I.: An analysis on the schemes for detecting and preventing arp cache poisoning attacks. In: ICDCSW 2007: Proceedings of the 27th International Conference on Distributed Computing Systems Workshops, Washington, DC, USA, pp. 60–67. IEEE Computer Society, Los Alamitos (2007)Google Scholar
- 11.Lootah, W., Enck, W., McDaniel, P.: Tarp: Ticket-based address resolution protocol, pp. 106–116. IEEE Computer Society, Los Alamitos (2005)Google Scholar
- 14.Sisaat, K., Miyamoto, D.: Source address validation support for network forensics. In: JWICS ’06: The 1st Joint Workshop on Information security, pp. 387–407 (2006)Google Scholar
- 15.CISCO Whitepaper, http://www.cisco.com