NIS04-4: Man in the Middle Intrusion Detection

Author

Trabelsi, Zouheir ; Shuaib, Khaled

Author_Institution

Coll. of Inf. Technol., UAE Univ., Al Ain

fYear

2006

fDate

Nov. 27 2006-Dec. 1 2006

Firstpage

1

Lastpage

6

Abstract

Local area network (LAN) security is a critical and mandatory element that network administrators must master. It is often thought of network security as protecting the network from external attacks and intrusions. However, internal attacks can also be as damaging and malicious as external ones. One of the well known attacks in networking is packet spoofing at the different network layers. This paper discusses how spoofed ARP packets can be used by malicious users to redirect and use network´s traffic to launch an attack against users´ hosts. Limitations of current intrusion detection systems (IDSs) in detecting traffic redirection attacks are also discussed. The paper then proposes practical and efficient mechanisms for detecting such malicious attacks in a switched LAN environment. In addition, the effect of the proposed techniques on network performance is shown to be minimal given the gained benefits.

Keywords

local area networks; security of data; telecommunication security; ARP packets; intrusion detection systems; local area network; network security; packet spoofing; Authentication; Communication system security; Cryptographic protocols; Cryptography; Electronic mail; Information security; Intrusion detection; Local area networks; Protection; Telecommunication traffic;

fLanguage

English

Publisher

ieee

Conference_Titel

Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE

Conference_Location

San Francisco, CA

ISSN

1930-529X

Print_ISBN

1-4244-0356-1

Electronic_ISBN

1930-529X

Type

conf

DOI

10.1109/GLOCOM.2006.282

Filename

4150912