Spoofing with falsified IP-MAC pair is the first step in most of the LANbased-attacks. Address Resolution Protocol (ARP) is stateless, which is themain cause that makes spoofing possible. Several network level and host levelmechanisms have been proposed to detect and mitigate ARP spoofing but each ofthem has their own drawback. In this paper we propose a Host-based IntrusionDetection system for LAN attacks, which works without any extra constraint likestatic IP-MAC, modifying ARP etc. The proposed scheme is verified under allpossible attack scenarios. The scheme is successfully validated in a test bedwith various attack scenarios and the results show the effectiveness of theproposed technique.
展开▼
