Advancement and Research in Instrumentation Engineering (e-ISSN:2582-4341)

The Address Resolution Protocol (ARP) plays a vital role in the Internet protocol suite, but it lacks built-in security features, particularly in verifying the legitimacy of ARP replies. This vulnerability allows attackers to inject fake ARP messages into a Local Area Network (LAN), thereby corrupting the ARP cache of targeted devices. Successful ARP spoofing can enable attackers to carry out man-in-the-middle (MITM) attacks— intercepting or altering data—or even launch denial-of-service (DoS) attacks. Therefore, identifying and preventing ARP cache poisoning is essential. While several studies have proposed methods to address this threat, our review of the existing literature indicates that most of these solutions are not sufficiently effective at detecting and mitigating the problem. In response, this paper introduces a distributed algorithm designed to quickly detect ARP cache poisoning, identify the compromised hosts involved in the attack, and neutralize the threat using the collected data. We developed a prototype implementation of this algorithm, referred to as an "agent," which is deployed on every host in the network. These agents work collaboratively to form a distributed security framework capable of detecting and countering ARP cache poisoning attacks in real time.

P. Limmaneewichid and W. Lilakiatsakun. 2011. "P-ARP: A Novel Enhanced Authentication Scheme for Securing ARP." In Proceedings of the 2011 International Conference on Telecommunication Technology and Applications, Vol. 5. IACSIT Press, Singapore.

A. Chronopoulos, Abdul Khan, Mudassar Aslam, and Daniyal Sakhawat. 2019. "Agent-based ARP Cache Poisoning Detection in Switched LAN Environments." IET Networks 8 (01 2019). DOI: 10.1049/iet-net.2018.5084.

Zouheir Trabelsi. 2005. "Switched Network Sniffers Detection Technique Based on IP Packet Routing." Information Systems Security

(09 2005), pp. 51–60. DOI:

1201/1086.1065898X/45528.14.4.20050901/90089.7

Session 2 CySSS '22, May 30, 2022, Na.

Ghazi Al Sukkar, Ramzi Saifan, Sufian Khwaldeh, Mahmoud Maqableh, and Iyad Jafar. 2016. "Address Resolution Protocol (ARP): Spoofing Attack and Proposed Defense." Communications and Network 08 (01 2016), pp. 118–130. DOI: 10.4236/cn.2016.83012.

S. Kumar and S. Tapaswi. 2012. "A Centralized Detection and Prevention Technique Against ARP Poisoning." In Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare, and Digital Forensics (CyberSec), pp. 259–264. DOI: 10.1109/CyberSec.2012.6246087.

Myeongjin Oh, Young-Gab Kim, Seungpyo Hong, and Sung Deok Cha. 2012. "ASA: Agent-based Secure ARP Cache Management." IET Communications 6, 7 (2012), pp. 685–693. DOI: 10.1049/iet- com.2011.0566.

D. Srinath, S. Panimalar, A. Simla, and J. Deepa. 2015. "Detection and Prevention of ARP Spoofing Using Centralized Server." International Journal of Computer Applications 113 (2015), pp. 26–30.

Zouheir Trabelsi. 2005. "Switched Network Sniffers Detection Technique Based on IP Packet Routing." Information Systems Security

(09 2005), pp. 51–60. DOI:

1201/1086.1065898X/45528.14.4.20050901/90089.7

Session 2 CySSS '22, May 30, 2022, Na.