@inbook{812507c81f5d48a2af0076a7c727944c,
title = "Detection and Prevention of ARP Cache Poisoning in Advanced Persistent Threats Using Multiphase Validation and Firewall",
abstract = "Protocols define a set of rules that govern the communication between hosts connected via a network. Under normal circumstances, the operation proceeds without incident. However, attackers are always on the lookout for ways to exploit loopholes in protocols. This study aimed to investigate Address Resolution Protocol (ARP) issues and develop a technique to detect and prevent malicious ARP activity and anomalies caused by its various implementations. We propose sending three Internet Control Message Protocol (ICMP) probe packets to each host to validate the new binding, one to the previous binding and the other two to the contemporary binding. ARP packets are used together with these ICMP packets to provide multiphase validation for new entries that have no previous ARP cache entries. The asynchronous nature of the proposed scheme requires no changes to the existing protocol. In addition, the proposed technique uses a host-based firewall to block malicious hosts without affecting the ARP{\textquoteright}s performance.",
keywords = "ARP, ARP cache poisoning, ARP spoofing attack, ICMP Protocol, MITM",
author = "Al-Mwald, \{Muaadh Nasr\} and Norziana Jamil and Ibrahim, \{Zul Azri\} and Cob, \{Zaihisma Che\} and \{Abdul Rahim\}, Fiza",
note = "Publisher Copyright: {\textcopyright} 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.",
year = "2022",
doi = "10.1007/978-3-031-13181-3\_12",
language = "English",
series = "Signals and Communication Technology",
publisher = "Springer Science and Business Media Deutschland GmbH",
pages = "155--170",
booktitle = "Signals and Communication Technology",
}