Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A distributed detection method and system for arp deception

A technology of ARP spoofing and detection methods, applied in the field of distributed detection methods and systems of ARP spoofing, can solve the problems of no system, easy to generate errors, and high network administrators, and achieve efficient dynamic ARP attacks and countermeasures and detection of ARP attacks and counteracting effects

Active Publication Date: 2018-03-23
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the system has a premise that it can only deal with it after detecting ARP spoofing. If the system does not detect the actual ARP spoofing, then the system will have no effect.
This method has high requirements for network administrators, a large workload, and is prone to errors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A distributed detection method and system for arp deception
  • A distributed detection method and system for arp deception
  • A distributed detection method and system for arp deception

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The specific embodiments of the invention will be further described below in conjunction with the accompanying drawings. The following examples are only used to illustrate the technical solution of the present invention more clearly, but not to limit the protection scope of the present invention.

[0036] figure 1 A schematic flowchart of a distributed detection method for ARP spoofing provided by an embodiment of the present invention is shown, as shown in figure 1 As shown, the method includes:

[0037]101. Monitor the number of first data packets containing the IP addresses of the first terminal and the second terminal in requests and responses for communication between the first terminal and the second terminal within a preset period of time, and the number of first data packets of the first terminal and the second terminal The number of second data packets communicated between the first MAC address corresponding to a terminal and the second MAC address correspond...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a distributed detection method and system for ARP (Address Resolution Protocol) cheating. The method comprises: monitoring the quantity of first data packets requested and answered for communication between a first terminal and a second terminal and including IP addresses of the first terminal and the second terminal, and the quantity of second data packets for communication between a first MAC (Multimedia Access Control) address corresponding to the first terminal and a second MAC address corresponding to the second terminal in a preset time period; judging whether the first data packets for communication between the first terminal and the second terminal have abnormal communication data packets to be verified according to the quantity of the first data packets and the quantity of the second data packets; and when the first data packets have the abnormal communication data packets to be verified, sending the abnormal communication data packets to be verified to the first terminal corresponding to the first MAC address, so that the first terminal verifies the abnormal communication data packets to be verified. The method and the system can be used for detecting ARP cheating behaviors in real time, and have high detection accuracy and high detection efficiency.

Description

technical field [0001] The invention relates to the technical field of communications, in particular to a distributed detection method and system for ARP spoofing. Background technique [0002] Man-in-the-middle attack (Man-in-the-middle attack) is a method of attacking data packets between two or more terminals in the network. When launching an attack, the attacker is located in the middle of the communication path of the legitimate terminal, and achieves the purpose of the attack by capturing, modifying, and forwarding the data packets between the two parties. [0003] The ARP protocol, full name Address Resolution Protocol, works in the second layer of the OSI seven-layer network model - the data link layer. Its function is to obtain the corresponding hardware address MAC according to the IP of the target terminal. There is a problem in the design of ARP, that is, it does not verify whether the source of the ARP message is legal, does not check whether the received respo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416
Inventor 朱大立庞娜范哲铭
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products