Portal de Periódicos da CAPES

ASD: ARP Spoofing Detector Using OpenWrt

2022; Hindawi Publishing Corporation; Volume: 2022; Linguagem: Inglês

10.1155/2022/2196998

1939-0114

Yeonseon Jeong, Hyung-Hoon Kim, Hyo Jin Jo,

IPv6, Mobility, Handover, Networks, Security

The address resolution protocol (ARP) is one of the most important communication protocols in a local area network (LAN). However, since there is no authentication procedure, the ARP is vulnerable to cyberattack such as ARP spoofing. Since ARP spoofing can be connected to critical attacks, including a man-in-the-middle (MITM) attack, detecting ARP spoofing initially without returning false-positive alarms is important. In general, however, existing works for ARP spoofing are unable to distinguish between ARP spoofing and connections from virtual machine (VM) guests, which results in false-positive alarms. In this article, we propose an access point-based ARP Spoofing Detector (ASD) that can detect ARP spoofing attacks without returning a false-positive rate. Our proposed system distinguishes between ARP spoofing and connections from VM guests using three information tables, AssocList, ARP cache table, and DHCP table, which are commonly managed by the access point based on a Linux system. We evaluated the performance of ASD on ARP spoofing attack experiments.