1
Automatic attack detection and correction system development (SmartARP) | |
Author | Thanathorn Dechasawatwong |
Call Number | AIT Thesis no.ICT-09-14 |
Subject(s) | TCP/IP (Computer network protocol) |
Note | A thesis submitted in partial fulfillment of the requirements for the degree of Master of Engineering in Information & Communications Technologies, School of Engineering and Technology |
Publisher | Asian Institute of Technology |
Series Statement | Thesis ; no. ICT-09-14 |
Abstract | Currently, there are numerous hacking techniques which are used to compromise the computer systems. Many tools, easily used via GUI application, are developed and available on the Internet. Undoubtedly, the amateur attackers who have no experience in this area would easily attack the systems. For this reason, the amounts of new hackers are increasing significantly everyday. The more attackers we face, the more risks we gain. In this thesis, we would like to represent the vulnerabilities of TCP/IP, and other protocols which are often used in the globalization age. Moreover, we also present the various hacking techniques in order that the administrators would understand the attacking methods, and apply this knowledge to mitigate risks from attackers. In addition, the one of popular hacking techniques, which uses the weakness of ARP protocol namely "ARP spoofmg", is called Man-in-the-Middle attack. The effects of ARP spoofmg attack lead to the critical harm both confidentiality and privacy issues. It does not only steal the sensitive information, but also leads to the collapse of the network communications. The current methods, which are used to deal with this attack, are only passive detections; for example, they monitor invalid MAC to IP addresses mappings, and give the alerts to the administrators. The disadvantages of the passive detection are the time lag between learning and detecting spoofmg. Furthermore, it does neither correct spoofmg automatically, nor does it not resolve to the root of problems (the attacker's host). Hence, we would like to develop the program application namely "SmartARP" to detect, correct and response to the ARP spoofmg attack. The constructed ARP request and TCP SYN packets will be sent into the network in order to verify for inconsistencies. When the program detects ARP spoofmg, it will send the correct ARP packets to the victim's hosts, and their ARP caches will be corrected automatically. In addition, the SmartARP may send invalid ARP reply packets to update ARP cache of attacker's hosts in order to deny their using. These techniques are fast, intelligent, scalable and reliable in detecting and correcting the attack. They can be used to stop the bad behaviors of attackers by blocking their network services for a time as well |
Year | 2009 |
Corresponding Series Added Entry | Asian Institute of Technology. Thesis ; no. ICT-09-14 |
Type | Thesis |
School | School of Engineering and Technology (SET) |
Department | Department of Information and Communications Technologies (DICT) |
Academic Program/FoS | Information and Communication Technology (ICT) |
Chairperson(s) | Teerapat Sanguankotchakorn; |
Examination Committee(s) | Erke, Tapio J.;Dailey, Matthew; |
Scholarship Donor(s) | Royal Thai Government Fellowship; |
Degree | Thesis (M.Eng.) - Asian Institute of Technology, 2009 |