Portal de Periódicos da CAPES

A New Method to Detect Abnormal IP Address on DHCP

2009; Academy Publisher; Volume: 4; Issue: 6 Linguagem: Inglês

10.4304/jnw.4.6.458-464

1796-2056

Ling-Feng Chiang, Jiang-Whai Dai,

Advanced Malware Detection Techniques

Dynamic Host Configuration Protocol (DHCP) provides a means of allocating and managing IP addresses dynamically over a network. An important characteristic of the DHCP server is that different hosts or network cards are not allowed to simultaneously use the same IP address in the DHCP mechanism. However, anyone can guest corresponding parameters such as IP address, subnet mask, and default gateway from the DHCP mode, and then reconfigure a static IP to access the network from DHCP mode. According to the DHCP mechanism, this study traces abnormalities of the client IP or MAC address by comparing the ARP table and DHCP binding table in this paper. This work performs the proposed method to detect abnormal hosts on both DHCPv4 and DHCPv6. The difference between these two tables provides illegality information to transmit to relevant routers or switching devices via the DHCP server to block the illegal user from accessing network resources. This study approach requires no source address or MAC address retrieval of the packet. This work significantly improves system performance by effectively blocking illegal users before packets transmit.