Yohanes Priyo Atmojo, I. M. D. Susila, Ida Bagus Suradarma, Lilis Yuningsih, Erma Sulistyo Rini, Dandy Pramana Hostiadi
{"title":"基于网络流量分析的ARP投毒攻击检测新方法","authors":"Yohanes Priyo Atmojo, I. M. D. Susila, Ida Bagus Suradarma, Lilis Yuningsih, Erma Sulistyo Rini, Dandy Pramana Hostiadi","doi":"10.1109/ISRITI54043.2021.9702860","DOIUrl":null,"url":null,"abstract":"Address Resolution Protocol (ARP) is a communication protocol to map the computer's addresses to the Media Access Control (MAC) address. In its implementation, ARP is abused, known as ARP poisoning Attack. The impact of ARP poisoning attacks is a deadlock to communicate on the network, identity fraud from addressing a computer through illegal access to steal important and confidential information. Several ARP poisoning attack detection models have been introduced. Still, they depend on application tools requiring complex configuration and mostly state ARP poisoning attacks as normal activity. In this paper, a model for detecting ARP poisoning attacks is proposed using the K-NN classification. The proposed model has a contribution to the feature extraction process based on network traffic flows analysis. The results show that the proposed model can detect ARP poisoning attacks more accurately than some classification algorithms with a TPR value of 97.67% and a detection accuracy of 98.7%.","PeriodicalId":156265,"journal":{"name":"2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"A New Approach for ARP Poisoning Attack Detection Based on Network Traffic Analysis\",\"authors\":\"Yohanes Priyo Atmojo, I. M. D. Susila, Ida Bagus Suradarma, Lilis Yuningsih, Erma Sulistyo Rini, Dandy Pramana Hostiadi\",\"doi\":\"10.1109/ISRITI54043.2021.9702860\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Address Resolution Protocol (ARP) is a communication protocol to map the computer's addresses to the Media Access Control (MAC) address. In its implementation, ARP is abused, known as ARP poisoning Attack. The impact of ARP poisoning attacks is a deadlock to communicate on the network, identity fraud from addressing a computer through illegal access to steal important and confidential information. Several ARP poisoning attack detection models have been introduced. Still, they depend on application tools requiring complex configuration and mostly state ARP poisoning attacks as normal activity. In this paper, a model for detecting ARP poisoning attacks is proposed using the K-NN classification. The proposed model has a contribution to the feature extraction process based on network traffic flows analysis. The results show that the proposed model can detect ARP poisoning attacks more accurately than some classification algorithms with a TPR value of 97.67% and a detection accuracy of 98.7%.\",\"PeriodicalId\":156265,\"journal\":{\"name\":\"2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI)\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISRITI54043.2021.9702860\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 4th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISRITI54043.2021.9702860","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A New Approach for ARP Poisoning Attack Detection Based on Network Traffic Analysis
Address Resolution Protocol (ARP) is a communication protocol to map the computer's addresses to the Media Access Control (MAC) address. In its implementation, ARP is abused, known as ARP poisoning Attack. The impact of ARP poisoning attacks is a deadlock to communicate on the network, identity fraud from addressing a computer through illegal access to steal important and confidential information. Several ARP poisoning attack detection models have been introduced. Still, they depend on application tools requiring complex configuration and mostly state ARP poisoning attacks as normal activity. In this paper, a model for detecting ARP poisoning attacks is proposed using the K-NN classification. The proposed model has a contribution to the feature extraction process based on network traffic flows analysis. The results show that the proposed model can detect ARP poisoning attacks more accurately than some classification algorithms with a TPR value of 97.67% and a detection accuracy of 98.7%.