S.M. Morsy1, and Dalia Nashat2,*
Dalia Nashat
1Faculty of Computers and Information Technology, The Egyptian E-Learning University, Giza, Egypt
2Department of Information Technology, Faculty of Computers and Information, Assuit University, Assiut, Egypt
*Corresponding author
A man-in-the-middle attack (MITM) is considered one of the main significant concerns for many network security. MITM involves an unauthorized third party secretly accessing communication between endpoints to intercept or modify transmitted data. The most common and dangerous network attack is Address Resolution Protocol (ARP) spoofing-based MITM. ARP spoofing-based MITM attack exploits ARP protocol weakness to associate the attacker’s MAC address with the IP address for an intended legitimate host. Several defense schemes have been proposed to counteract ARP spoofing, but they possess limitations, such as dependence on static entries in the cache table or a central server that is susceptible to being a single point of failure.
This paper presents VB-ARP, a novel ARP spoofing attack defense scheme. VB-ARP is designed to identify defective ARP packets by using a voting mechanism based on the Boyer-Moore majority (BMMV) algorithm. First, we collect all ARP packets which received from the original ARP packets and voting reply packets to create the suspect list. Then, identifying the ARP Spoofing attacks is carried out by analyzing ARP packets, applying BMMV, and calculating the probabilities of the suspect list entries. In addition, VB-ARP prevents ARP spoofing attacks by transmitting a trap packet to the suspected hosts. Also, preventing adding entries to the cache table without ensuring their validity, and blocking detected attacks.
Man-in-the-middle, ARP, ARP Spoofing, Boyer-Moore Algorithm
S.M. Morsy, and Dalia Nashat (2024). VB-ARP: Boyer–Moore Majority Voting Algorithm Based Defense for ARP Spoofing. Journal of Networking and Network Applications, Volume 4, Issue 4, pp. 172–177. https://doi.org/10.33969/J-NaNA.2024.040404.
[1] M. B. Muzammil, M. Bilal, S. Ajmal, S. C. Shongwe, and Y. Y. Ghadi, “Unveiling vulnerabilities of web attacks considering man in the middle attack and session hijacking,” IEEE Access, 2024.
[2] M. M. Inuwa and R. Das, “A comparative analysis of various machine learning methods for anomaly detection in cyber attacks on iot net-works,” Internet of Things, vol. 26, p. 101162, 2024.
[3] R. Goenka, M. Chawla, and N. Tiwari, “A comprehensive survey of phishing: mediums, intended targets, attack and defence techniques and a novel taxonomy,” International Journal of Information Security, vol. 23, no. 2, pp. 819–848, 2024.
[4] E. Alalwany and I. Mahgoub, “Security and trust management in the internet of vehicles (iov): Challenges and machine learning solutions,” Sensors, vol. 24, no. 2, p. 368, 2024.
[5] M. Conti, N. Dragoni, and V. Lesyk, “A Survey of Man In The Middle Attacks,” IEEE Communications Surveys & Tutorials, vol. 18, no. 3, pp. 2027–2051, 2016.
[6] M. Lehto, “Cyber-attacks against critical infrastructure,” in Cyber Secu-rity: Critical Infrastructure Protection, pp. 3–42, Springer, 2022.
[7] S. Morsy and D. Nashat, “D-ARP: An Efficient Scheme to Detect and Prevent ARP Spoofing,” IEEE Access, 2022.
[8] M. R. F. Eslava, J. C. H. Lozada, M. H. Bola˜nos, and J. S. Guti´errez, “Firewall system for the internet of things,” in International Congress of Telematics and Computing, pp. 73–85, Springer, 2023.
[9] C. P. David, “An ethernet address resolution protocol,” RFC 826, 1982.
[10] S. Bhirud and V. Katkar, “Light weight approach for IP-ARP spoofing detection and prevention,” in 2011 Second Asian Himalayas Interna-tional Conference on Internet (AH-ICI), pp. 1–5, IEEE, 2011.
[11] B. Prabadevi and N. Jeyanthi, “Security solution for ARP cache poison-ing attacks in large data centre networks,” Cybernetics and Information Technologies, vol. 17, no. 4, pp. 69–86, 2017.
[12] H. Xi, “Research and application of ARP protocol vulnerability attack and defense technology based on trusted network,” in AIP Conference Proceedings, vol. 1820, pp. 090019.1—-090019.7, AIP Publishing LLC, 2017.
[13] B. Prabadevi and N. Jeyanthi, “A framework to mitigate ARP sniffing attacks by cache poisoning,” International Journal of Advanced Intelli-gence Paradigms, vol. 10, no. 1-2, pp. 146–159, 2018.
[14] D. Hercog and D. Hercog, “Arp protocol,” Communication Protocols: Principles, Methods and Specifications, pp. 321–322, 2020.
[15] G. Song, J. Hu, and H. Wang, “A novel frame switching model based on virtual mac in sdn,” International Journal of Information Security, vol. 22, no. 3, pp. 723–736, 2023.
[16] G. Jinhua and X. Kejian, “ARP spoofing detection algorithm using ICMP protocol,” in 2013 International Conference on Computer Communica-tion and Informatics, pp. 1–6, IEEE, 2013.
[17] N. Saxena and N. S. Chaudhari, “Secure-AKA: An efficient AKA pro-tocol for UMTS networks,” Wireless personal communications, vol. 78, no. 2, pp. 1345–1373, 2014.
[18] S. Jadhav, A. Thakur, S. Nalbalwar, S. Shah, and S. Chordia, “Detection and mitigation of arp spoofing attack,” in International Conference On Innovative Computing And Communication, pp. 383–396, Springer, 2023.
[19] M. M. Alani, A. I. Awad, and E. Barka, “Arp-probe: An arp spoofing detector for internet of things networks using explainable deep learning,” Internet of Things, vol. 23, p. 100861, 2023.
[20] R. S. Boyer and J. S. Moore, “Mjrty—a fast majority vote algorithm,” in Automated reasoning: essays in honor of Woody Bledsoe, pp. 105–117, Springer, 1991.
[21] Y. Sun, Y. Han, Y. Zhang, M. Chen, S. Yu, and Y. Xu, “Ddos attack detection combining time series-based multi-dimensional sketch and machine learning,” in 2022 23rd Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 01–06, 2022.
[22] L. Pike, N. Wegmann, S. Niller, and A. Goodloe, “Copilot: monitoring embedded systems,” Innovations in Systems and Software Engineering, vol. 9, pp. 235–255, 2013.
[23] S. Jose, T. G. Selvaraj, K. Samuel, J. T. Philip, S. Nanjappan Jothiraj, S. Muthu Swamy Pandian, V. S. Handiru, and E. S. Suviseshamuthu, “Intramuscular emg classifier for detecting myopathy and neuropathy,” International Journal of Imaging Systems and Technology, vol. 33, no. 2, pp. 659–669, 2023.
[24] S. Y. Nam, S. Djuraev, and M. Park, “Collaborative approach to mitigating ARP poisoning-based Man-in-the-Middle attacks,” Computer Networks, vol. 57, no. 18, pp. 3866–3884, 2013.
[25] P. Arote and K. V. Arya, “Detection and prevention against ARP poi-soning attack using modified ICMP and voting,” in 2015 International Conference on Computational Intelligence and Networks, pp. 136–141, IEEE, 2015.
[26] H. Salim and Z. Li, “A Precise Model to Secure Systems on Ethernet Against Man-In-The-Middle Attack,” IT Professional, vol. 23, no. 1, pp. 72–85, 2021.
[27] A. Majumdar, S. Raj, and T. Subbulakshmi, “ARP Poisoning Detection and Prevention using Scapy,” in Journal of Physics: Conference Series, vol. 1911, p. 012022, IOP Publishing, 2021.
[28] H. I. Nasser and M. A. Hussain, “Provably curb man-in-the-middle attack-based arp spoofing in a local network,” Bulletin of Electrical Engineering and Informatics, vol. 11, no. 4, pp. 2280–2291, 2022.
[29] F. Mvah, V. Kengne Tchendji, C. Tayou Djamegni, A. H. Anwar, D. K. Tosh, and C. Kamhoua, “Gatebasep: game theory-based security protocol against arp spoofing attacks in software-defined networks,” International Journal of Information Security, vol. 23, no. 1, pp. 373–387, 2024.
[30] D. Bruschi, A. Ornaghi, and E. Rosti, “S-ARP: a secure address resolution protocol,” in 19th Annual Computer Security Applications Conference, 2003. Proceedings., pp. 66–74, IEEE, 2003.
[31] S. Singh and D. Singh, “ARP Poisoning Detection and Prevention Mechanism using Voting and ICMP Packets,” Indian Journal of Science and Technology, vol. 11, no. 22, pp. 1–9, 2018.