Unlock instant, AI-driven research and patent intelligence for your innovation.

ARP spoofing attack detection method and device, computer equipment and storage medium

A technology of ARP spoofing and secondary detection, applied in computer parts, calculation, character and pattern recognition, etc., can solve the problems of lack of benchmark reference, not supporting detection and monitoring of multiple LANs, small traffic analysis, etc., to achieve accurate and comprehensive ARP spoofing detection, expanding the scope of detection, and ensuring the effect of accuracy

Pending Publication Date: 2021-04-30
CHINA SOUTHERN POWER GRID DIGITAL GRID RES INST CO LTD
View PDF8 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the current detection methods and detection tools can only detect the local host being attacked by ARP spoof, and cannot detect the ARP spoof behavior between other hosts in the LAN. Detection methods and detection tools usually only use whether the ARP cache table has been modified as the only judgment logic. Lack of benchmark reference, many misjudgments, and the analysis traffic is small, it does not support one system to detect and monitor multiple LANs, it is impossible to analyze and monitor in a unified way, and there is a problem of detection limitations

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • ARP spoofing attack detection method and device, computer equipment and storage medium
  • ARP spoofing attack detection method and device, computer equipment and storage medium
  • ARP spoofing attack detection method and device, computer equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0063] In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, and are not intended to limit the present application.

[0064] The ARP spoofing attack detection method provided by this application can be applied to such as figure 1 shown in the application environment. Wherein, the terminal 102 communicates with the server 104 through the network. Terminal 102 acquires the mirrored traffic of each host computer in the local area network to be analyzed from the server; And extracts the ARP reply message from the mirrored traffic; The mapping table is used to perform preliminary detection on the ARP reply message; when the result of the preliminary detection is abnormal, the terminal 102 ge...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an ARP spoofing detection method and device, computer equipment and a storage medium. The method comprises the steps of obtaining mirror image traffic of each host in a to-be-analyzed local area network; extracting an ARP reply message from the mirror image flow, according to the MAC address and the IP address carried by the ARP reply message, constructing a mapping table of the MAC address and the IP address, and carrying out preliminary detection on the ARP reply message; when the preliminary detection result is abnormal, generating a target feature vector corresponding to the host according to the ARP reply message information; and based on a preset benchmark reference library, performing secondary detection on the target feature vector, and determining whether an ARP spoofing attack exists or not. By adopting the method, the ARP spoofing attack can be accurately captured, ARP spoofing detection of each host in the local area network is achieved, and accurate and comprehensive ARP spoofing detection is achieved.

Description

technical field [0001] The present application relates to the technical field of power monitoring, in particular to an ARP spoofing attack detection method, device, computer equipment and storage medium. Background technique [0002] In the industrial control system of power monitoring, when the hosts in the local area network (or between the host and the gateway) need to communicate, they will use the ARP (Address Resolution Protocol, ARP) protocol to obtain the MAC address corresponding to the target IP address. ARP spoof (ARP spoofing) attacks will occur during the process. ARP spoof attacks send malicious ARP reply (ARP reply) packets to the target host in the LAN, causing the ARP cache entry of the ARP target to be maliciously replaced. In the local area network of the system, ARP spoof attacks will cause abnormal communication between industrial control system equipment, resulting in the failure of the industrial control system to work normally and serious power failur...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12G06K9/62
CPCH04L63/1416H04L63/1425H04L61/103G06F18/23
Inventor 王金贺梁志宏陈海光彭伯庄邱荣发胡朝辉赖宇阳吴佩泽张丽娟邓建峰李汉巨
Owner CHINA SOUTHERN POWER GRID DIGITAL GRID RES INST CO LTD