Active network-based ARP Poisoning Detection System (ARPoiDS)

Date of Publication

2014

Document Type

Bachelor's Thesis

Degree Name

Bachelor of Science in Computer Science

College

College of Computer Studies

Department/Unit

Computer Science

Thesis Adviser

Alexis V. Pantola

Defense Panel Member

Gregory G. Cu
Arlyn Verina L. Ong
Geanne Ross L. Franco

Abstract/Summary

Address Resolution Protocol (ARP) was introduced in RFC 826 having in mind that the different protocol stacks needed a unified standard that can be distributed to other systems without any modifications thereafter. With it, a protocol was produced with minimal overhead and optimal speed needed while overlooking the security issues it poses to local area networks. A definite weakness of ARP is that there are no encryption or authentication mechanisms for identifying hosts communicating over the network. Anyone with the right hacking tools is able to execute attacks such as Denial of Service (DoS), Man-in-the-Middle (MitM), and session hijacking to name a few. This study aims to create an active network-based ARP poisoning detection system that has the capability to delay the effects of attacks associated with ARP poisoning, specifically, those attempts made for MitM attacks. The system also aims to solve the problem of current active probing network-based ARP poisoning detection tools that are highly dependent on probing network-based ARP positioning detection tools that are highly dependent on personal firewall configuration, as this poses vulnerability to the network. Based on experiments conducted, ARPoiDS is able to detect and delay the effects of ARP poisoning giving the administrator ample time to address the attack. The system detects attacks using an active approach, delays attacks effects by probing ARP packets and sending antidote packets to the network, which prevents the attacker from sniffing victims packets completely. With the active network-based approach, the detection and delaying of attacks effects are done simultaneously. Results vary depending on different scenarios, but overall, ARPoiDS is proven successful. Furthermore, it is not dependent on any firewall configuration since only ARP packers are used in the approach.

Abstract Format

html

Language

English

Format

Print

Accession Number

TU18425

Shelf Location

Archives, The Learning Commons, 12F, Henry Sy Sr. Hall

Physical Description

1 v. (various foliations) : ill. (some colors) ; 28 cm.

This document is currently not available here.

Share

COinS