Paper Info
Title
ARP Cache Poisoning Mitigation and Forensics Investigation
Abstract
Address Resolution Protocol (ARP) cache spoofing or poisoning is an OSI layer 2 attack that exploits the statelessness vulnerability of the protocol to make network hosts susceptible to issues such as Man in the Middle attack, host impersonation, Denial of Service (DoS) and session hijacking. In this paper, a quantitative research approach is used to propose forensic tools for capturing evidences and mitigating ARP cache poisoning. The baseline approach is adopted to validate the proposed tools. The evidences captured before attack are compared against evidences captured when the network is under attack in order to ascertain the validity of the proposed tools in capturing ARP cache spoofing evidences. To mitigate the ARP poisoning attack, the security features DHCP Snooping and Dynamic ARP Inspection (DAI) are enabled and configured on a Cisco switch. The experimentation results showed the effectiveness of the proposed mitigation technique.
Year
DOI
Venue
2015
10.1109/Trustcom-BigDataSe-ISPA.2015.536
TrustCom/BigDataSE/ISPA
Keywords
Field
DocType
ARP cache poisoning, Forensic investigation, Attack mitigation
Man-in-the-middle attack,Denial-of-service attack,Spoofing attack,Computer security,Cache,Computer science,Session hijacking,ARP spoofing,Computer network,DHCP snooping,Address Resolution Protocol
Conference
Citations 
PageRank 
References 
2
0.49
11
Authors
4
Name
Order
Citations
PageRank
Heman Awang Mangut120.49
Ameer Al-Nemrat2429.12
Chafika Benzaid35413.06
Abdel-Rahman H. Tawil45011.63