ARP cache poisoning mitigation and forensics investigation
Mangut, Heman Awang, Al-Nemrat, A., Benzaid, Chafika and Tawil, Abdel-Rahman H. 2015. ARP cache poisoning mitigation and forensics investigation. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE. pp. 1392-1397
|Authors||Mangut, Heman Awang, Al-Nemrat, A., Benzaid, Chafika and Tawil, Abdel-Rahman H.|
Address Resolution Protocol (ARP) cache spoofing or poisoning is an OSI layer 2 attack that exploits the statelessness vulnerability of the protocol to make network hosts susceptible to issues such as Man in the Middle attack, host impersonation, Denial of Service (DoS) and session hijacking. In this paper, a quantitative research approach is used to propose forensic tools for capturing evidences and mitigating ARP cache poisoning. The baseline approach is adopted to validate the proposed tools. The evidences captured before attack are compared against evidences captured when the network is under attack in order to ascertain the validity of the proposed tools in capturing ARP cache spoofing evidences. To mitigate the ARP poisoning attack, the security features DHCP Snooping and Dynamic ARP Inspection (DAI) are enabled and configured on a Cisco switch. The experimentation results showed the effectiveness of the proposed mitigation technique.
|Keywords||Attack mitigation; ARP cache poisoning; Forensic investigation|
|Book title||2015 IEEE Trustcom/BigDataSE/ISPA|
|03 Dec 2015|
|Publication process dates|
|Deposited||27 Feb 2017|
|Event||14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom-15)|
|Digital Object Identifier (DOI)||https://doi.org/10.1109/Trustcom.2015.536|
|Web address (URL)||http://doi.org/10.1109/Trustcom.2015.536|
© 2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
|Accepted author manuscript|
5views this month
61downloads this month