Automatic attack detection and correction system development

Recently, there are increasingly numerous hacking techniques which are used to compromise the computer systems. One popular hacking technique is called Man-in-the-Middle attack [1]. This technique uses the weakness of ARP protocol [5] namely “ARP spoofing” to damage the users on both confidentiality and privacy issues. It does not only steal the sensitive information, but also leads to the collapse of the network communications. The current methods to secure the users are mainly only passive detections; for example, to monitor invalid MAC to IP addresses mappings, and give the alerts to the administrators. The main disadvantages of this method are the time lag between learning and detecting spoofing. Moreover, it does neither correct spoofing automatically, nor does it not resolve at the root of problems (the attacker´s host). In this work, we propose the algorithm called “SmartARP” to detect and correct the ARP spoofing attack. The algorithm works as follows: the constructed ARP-Request and TCP SYN packets are sent to the network to verify the inconsistencies. When the algorithm detects ARP spoofing, it will send the correct ARP packets to the victim´s hosts to correct their ARP caches automatically. In addition, the invalid ARP-Reply packets will be sent to update the attacker´s host to deny it. We measure the performance of our proposed techniques using various evaluation metrics such as Response time, Correction time, the Successful Correction ratio, CPU Usage and Network Utilization. It can be shown that our proposed techniques are fast, intelligent, scalable and reliable in detecting and correcting attacks.