Publication: Detection and Prevention of ARP Cache Poisoning in Advanced Persistent Threats Using Multiphase Validation and Firewall
Date
2022
Authors
Al-Mwald M.N.
Jamil N.
Ibrahim Z.A.
Cob Z.C.
Abdul Rahim F.
Journal Title
Journal ISSN
Volume Title
Publisher
Springer Science and Business Media Deutschland GmbH
Abstract
Protocols define a set of rules that govern the communication between hosts connected via a network. Under normal circumstances, the operation proceeds without incident. However, attackers are always on the lookout for ways to exploit loopholes in protocols. This study aimed to investigate Address Resolution Protocol (ARP) issues and develop a technique to detect and prevent malicious ARP activity and anomalies caused by its various implementations. We propose sending three Internet Control Message Protocol (ICMP) probe packets to each host to validate the new binding, one to the previous binding and the other two to the contemporary binding. ARP packets are used together with these ICMP packets to provide multiphase validation for new entries that have no previous ARP cache entries. The asynchronous nature of the proposed scheme requires no changes to the existing protocol. In addition, the proposed technique uses a host-based firewall to block malicious hosts without affecting the ARP�s performance. � 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
Description
Security of data; Security systems; Address Resolution Protocol; Address resolution protocol cache poisoning; Address resolution protocol spoofing attack; Cache poisoning; Internet control message protocol protocol; Internet control message protocols; MITM; Spoofing attacks; Internet protocols