A secure architecture for defending ARP spoofing attacks using a switch based methodology

Abstract EN

In local networks, security weaknesses in the data link layer enable internal attacks.

Although switches and routers have some built in security features, they are not enough to fully ensure the security of local networks.

Moreover, these features require network administrators' involvement and are prone to miss-configuration.

In addition, data link layer protocols used in local area networks (LANs) are not designed with built-in security features.

The most dangerous attacks on layer 2 are ARP spoofing and MAC flooding attacks.

Several schemes to mitigate, detect and prevent these attacks have been proposed, but each has its limitations.

This paper proposes a detection and prevention system for ARP spoofing attacks.

The system consists of two back to back servers.

An application on the servers allows authentication of users to a centralized server.

The server, in turn, retrieves logged users to the switch.

Hence filtering of untrusted users is performed by telneting the main switch.

The Performance study has shown the efficiency and superiority of the proposed system, as compared to the previous work.

Several performance metrics have been measured to show its fast response to detection and prevention of the ARP spoofing attacks.

The system has been compared to one of the famous commercial tools.

The comparison has shown the superiority of our system, since the system detection time is 20 time faster than that of the commercial tool.