Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method of automatically detecting host-passing-off ARP spoofing

A technology of ARP spoofing and automatic detection, applied in the field of network communication, it can solve the problems of ARP firewall's self-defense, difficult centralized management, system performance degradation, etc., to avoid misjudgment and maintain good performance.

Active Publication Date: 2017-06-27
SHANTOU UNIV
View PDF10 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the above-mentioned methods have some disadvantages: it is difficult to centrally manage the installation of an ARP firewall on the user's computer, and the ARP firewall defends itself but not others, and even some ARP firewalls use attacks to counter attacks so as to cause harm to the entire network; two-way binding MAC-IP The maintenance workload is huge, and it cannot adapt to more and more laptops and WiFi environments; only the current ARP spoofing can be detected through network packet capture, and listening to different network segments in the switching network requires frequent port switching or configuration For different port mirroring, the workload of packet capture and analysis is very heavy and there are relatively high technical requirements for network administrators; enabling DHCP Snooping, IP Source Guard and DAI has relatively high requirements for the entire network environment and switch equipment, many low-end Switches (such as Cisco2960) do not support it. In addition, IP Source Guard still needs to statically bind MAC-IP in a network environment where static IP and DHCP coexist. In addition to DAI, there are many other methods to prevent ARP spoofing. Both are "invasive" to the existing network, need to change the network protocol, need to change the existing network equipment, these methods are still difficult to promote in reality even if they are perfect in theory; now there are some "non-invasive" through Analyzing the router's ARP table to detect fake host ARP spoofing methods, but some of these methods did not save the router's ARP table to the database, and other methods lost historical records because they did not find the best strategy for saving MAC-IP to the database or because Saving a large amount of duplicate data leads to a decrease in system performance, and the existing methods may lead to misjudgment due to special circumstances such as the MAC address of the gateway, computers running multiple virtual machines, and laptops for mobile office.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method of automatically detecting host-passing-off ARP spoofing
  • Method of automatically detecting host-passing-off ARP spoofing
  • Method of automatically detecting host-passing-off ARP spoofing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0013] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0014] The implementation of the present invention discloses a method for automatically detecting fake host ARP spoofing, the topological structure diagram is as follows figure 1 As shown, it includes two parts: the data collection method and the ARP spoofing detection method, and the detection method includes preliminary screening and analysis and confirmation.

[0015] 1. Data Acquisition Program

[0016] The data collection program uses the SNMP protocol to automatically and regularly obtain the ARP table of the three-layer device (router, three-layer switch, firewall and other devices that work on the third layer of the TCP / IP protocol) and save it to the database. The collection frequency should be less than the expiration of the device's ARP table Time (us...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a method of automatically detecting host-passing-off ARP (Address Resolution Protocol) spoofing. The method of automatically detecting host-passing-off ARP spoofing includes a data acquisition method and an ARP spoofing detection method, wherein a data acquisition program uses an SNMP (Simple Network Management Protocol) to automatically obtain an ARP table of three-layer equipment on time and saving the ARP table in a database; the ARP spoofing detection method includes an initial screening stage and an analysis determination stage and includes the following steps: initially screening and obtaining the record that the number of different IP (Internet Protocol) addresses corresponding to one MAC (Media Access Control) address in the database is greater than one threshold; performing analysis and determination on each MAC address of the initial screening result; and through a white list, analysis of the value of ipNetToMediatype, analysis of the distribution range and the tense change rule of IP addresses, and other technical means, eliminating the special situations that the address is the own MAC address of a router and other network devices and a plurality of virtual machines are running on one computer, determining that the address is the ARP spoofing.

Description

technical field [0001] The invention relates to the technical field of network communication, in particular to a method for automatically detecting ARP spoofing of fake hosts. Background technique [0002] ARP is the abbreviation of Address Resolution Protocol, which is an address resolution protocol. The function of ARP is to provide dynamic mapping between IP (Internet Protocol) addresses and MAC (Media Access Control) addresses. The original intention of the ARP protocol design is to assume that the hosts and data packets in the network are trusted, but the fact is far from this. ARP spoofing has caused huge security risks to network security. Many local area networks (LANs) have suffered greatly from it, and some ARP spoofing is caused by viruses, and some are artificially designed illegal monitoring and malicious counterfeiting network attacks. [0003] In order to deal with ARP spoofing, people have taken many methods: including installing an ARP firewall on the compu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/12
CPCH04L61/103H04L63/1416H04L63/1466
Inventor 吉杰蔡伟鸿翁楚强姚佑川
Owner SHANTOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com