Active network-based ARP Poisoning Detection System (ARPoiDS)
Date of Publication
2014
Document Type
Bachelor's Thesis
Degree Name
Bachelor of Science in Computer Science
College
College of Computer Studies
Department/Unit
Computer Science
Thesis Adviser
Alexis V. Pantola
Defense Panel Member
Gregory G. Cu
Arlyn Verina L. Ong
Geanne Ross L. Franco
Abstract/Summary
Address Resolution Protocol (ARP) was introduced in RFC 826 having in mind that the different protocol stacks needed a unified standard that can be distributed to other systems without any modifications thereafter. With it, a protocol was produced with minimal overhead and optimal speed needed while overlooking the security issues it poses to local area networks. A definite weakness of ARP is that there are no encryption or authentication mechanisms for identifying hosts communicating over the network. Anyone with the right hacking tools is able to execute attacks such as Denial of Service (DoS), Man-in-the-Middle (MitM), and session hijacking to name a few. This study aims to create an active network-based ARP poisoning detection system that has the capability to delay the effects of attacks associated with ARP poisoning, specifically, those attempts made for MitM attacks. The system also aims to solve the problem of current active probing network-based ARP poisoning detection tools that are highly dependent on probing network-based ARP positioning detection tools that are highly dependent on personal firewall configuration, as this poses vulnerability to the network. Based on experiments conducted, ARPoiDS is able to detect and delay the effects of ARP poisoning giving the administrator ample time to address the attack. The system detects attacks using an active approach, delays attacks effects by probing ARP packets and sending antidote packets to the network, which prevents the attacker from sniffing victims packets completely. With the active network-based approach, the detection and delaying of attacks effects are done simultaneously. Results vary depending on different scenarios, but overall, ARPoiDS is proven successful. Furthermore, it is not dependent on any firewall configuration since only ARP packers are used in the approach.
Abstract Format
html
Language
English
Format
Accession Number
TU18425
Shelf Location
Archives, The Learning Commons, 12F, Henry Sy Sr. Hall
Physical Description
1 v. (various foliations) : ill. (some colors) ; 28 cm.
Recommended Citation
Buena, D. B., Garcia, C. C., Villafuerte, C. V., & Yu, A. H. (2014). Active network-based ARP Poisoning Detection System (ARPoiDS). Retrieved from https://animorepository.dlsu.edu.ph/etd_bachelors/11754