Yohanes Priyo Atmojo, I. M. D. Susila, Ida Bagus Suradarma, Lilis Yuningsih, Erma Sulistyo Rini, Dandy Pramana Hostiadi
{"title":"A New Approach for ARP Poisoning Attack Detection Based on Network Traffic Analysis","authors":"Yohanes Priyo Atmojo, I. M. D. Susila, Ida Bagus Suradarma, Lilis Yuningsih, Erma Sulistyo Rini, Dandy Pramana Hostiadi","doi":"10.1109/ISRITI54043.2021.9702860","DOIUrl":null,"url":null,"abstract":"Address Resolution Protocol (ARP) is a communication protocol to map the computer's addresses to the Media Access Control (MAC) address. In its implementation, ARP is abused, known as ARP poisoning Attack. The impact of ARP poisoning attacks is a deadlock to communicate on the network, identity fraud from addressing a computer through illegal access to steal important and confidential information. Several ARP poisoning attack detection models have been introduced. Still, they depend on application tools requiring complex configuration and mostly state ARP poisoning attacks as normal activity. In this paper, a model for detecting ARP poisoning attacks is proposed using the K-NN classification. The proposed model has a contribution to the feature extraction process based on network traffic flows analysis. The results show that the proposed model can detect ARP poisoning attacks more accurately than some classification algorithms with a TPR value of 97.67% and a detection accuracy of 98.7%.","PeriodicalId":156265,"journal":{"name":"2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISRITI54043.2021.9702860","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
Address Resolution Protocol (ARP) is a communication protocol to map the computer's addresses to the Media Access Control (MAC) address. In its implementation, ARP is abused, known as ARP poisoning Attack. The impact of ARP poisoning attacks is a deadlock to communicate on the network, identity fraud from addressing a computer through illegal access to steal important and confidential information. Several ARP poisoning attack detection models have been introduced. Still, they depend on application tools requiring complex configuration and mostly state ARP poisoning attacks as normal activity. In this paper, a model for detecting ARP poisoning attacks is proposed using the K-NN classification. The proposed model has a contribution to the feature extraction process based on network traffic flows analysis. The results show that the proposed model can detect ARP poisoning attacks more accurately than some classification algorithms with a TPR value of 97.67% and a detection accuracy of 98.7%.