ARP Cache Poisoning Mitigation and Forensics Investigation

Mangut, Heman Awang and Al-Nemrat, Ameer and Benzaïd, Chafika and Tawil, Abdel-Rahman H. (2015) ARP Cache Poisoning Mitigation and Forensics Investigation. In: 2015 IEEE Trustcom/BigDataSE/ISPA. IEEE. ISBN 978-1-4673-7952-6

Full text not available from this repository. (Request a copy)


Address Resolution Protocol (ARP) cache spoofing or poisoning is an OSI layer 2 attack that exploits the statelessness vulnerability of the protocol to make network hosts susceptible to issues such as Man in the Middle attack, host impersonation, Denial of Service (DoS) and session hijacking. In this paper, a quantitative research approach is used to propose forensic tools for capturing evidences and mitigating ARP cache poisoning. The baseline approach is adopted to validate the proposed tools. The evidences captured before attack are compared against evidences captured when the network is under attack in order to ascertain the validity of the proposed tools in capturing ARP cache spoofing evidences. To mitigate the ARP poisoning attack, the security features DHCP Snooping and Dynamic ARP Inspection (DAI) are enabled and configured on a Cisco switch. The experimentation results showed the effectiveness of the proposed mitigation technique.

Item Type: Book Section
Identification Number:
Uncontrolled Keywords: Cisco switch, ARP cache poisoning mitigation technique, address resolution protocol, OSI layer 2 attack, man in the middle attack, host impersonation, denial of service, DoS, session hijacking, network hosts, quantitative research approach, forensic tools, ARP poisoning attack, DHCP snooping, dynamic ARP inspection, DAI
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Depositing User: Oana-Andreea Dumitrascu
Date Deposited: 29 Jun 2017 13:43
Last Modified: 22 Mar 2023 12:01

Actions (login required)

View Item View Item


In this section...