A New Approach for ARP Poisoning Attack Detection Based on Network Traffic Analysis

2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI) Pub Date : 2021-12-16 DOI:10.1109/ISRITI54043.2021.9702860

Yohanes Priyo Atmojo, I. M. D. Susila, Ida Bagus Suradarma, Lilis Yuningsih, Erma Sulistyo Rini, Dandy Pramana Hostiadi

{"title":"A New Approach for ARP Poisoning Attack Detection Based on Network Traffic Analysis","authors":"Yohanes Priyo Atmojo, I. M. D. Susila, Ida Bagus Suradarma, Lilis Yuningsih, Erma Sulistyo Rini, Dandy Pramana Hostiadi","doi":"10.1109/ISRITI54043.2021.9702860","DOIUrl":null,"url":null,"abstract":"Address Resolution Protocol (ARP) is a communication protocol to map the computer's addresses to the Media Access Control (MAC) address. In its implementation, ARP is abused, known as ARP poisoning Attack. The impact of ARP poisoning attacks is a deadlock to communicate on the network, identity fraud from addressing a computer through illegal access to steal important and confidential information. Several ARP poisoning attack detection models have been introduced. Still, they depend on application tools requiring complex configuration and mostly state ARP poisoning attacks as normal activity. In this paper, a model for detecting ARP poisoning attacks is proposed using the K-NN classification. The proposed model has a contribution to the feature extraction process based on network traffic flows analysis. The results show that the proposed model can detect ARP poisoning attacks more accurately than some classification algorithms with a TPR value of 97.67% and a detection accuracy of 98.7%.","PeriodicalId":156265,"journal":{"name":"2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISRITI54043.2021.9702860","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Address Resolution Protocol (ARP) is a communication protocol to map the computer's addresses to the Media Access Control (MAC) address. In its implementation, ARP is abused, known as ARP poisoning Attack. The impact of ARP poisoning attacks is a deadlock to communicate on the network, identity fraud from addressing a computer through illegal access to steal important and confidential information. Several ARP poisoning attack detection models have been introduced. Still, they depend on application tools requiring complex configuration and mostly state ARP poisoning attacks as normal activity. In this paper, a model for detecting ARP poisoning attacks is proposed using the K-NN classification. The proposed model has a contribution to the feature extraction process based on network traffic flows analysis. The results show that the proposed model can detect ARP poisoning attacks more accurately than some classification algorithms with a TPR value of 97.67% and a detection accuracy of 98.7%.

查看原文本刊更多论文

基于网络流量分析的ARP投毒攻击检测新方法

地址解析协议(ARP)是一种将计算机地址映射到媒体访问控制(MAC)地址的通信协议。在其实现中，ARP被滥用，称为ARP中毒攻击。ARP中毒攻击的影响是造成网络上通信的死锁，通过寻址诈骗身份的计算机通过非法访问窃取重要机密信息。介绍了几种ARP中毒攻击检测模型。尽管如此，它们仍然依赖于需要复杂配置的应用程序工具，并且大多数情况下将ARP中毒攻击视为正常活动。本文提出了一种基于K-NN分类的ARP中毒攻击检测模型。该模型对基于网络流量分析的特征提取过程有一定的贡献。结果表明，该模型对ARP中毒攻击的检测准确率达到97.67%，检测准确率达到98.7%，优于现有的分类算法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI)

自引率

0.00%

发文量