Network Forensics Against Address Resolution Protocol Spoofing Attacks Using Trigger, Acquire, Analysis, Report, Action Method

Authors

DOI:

https://doi.org/10.26594/register.v8i2.2953

Keywords:

Arp, Spoofing, TAARA, Tzsp, Network Forensics

Abstract

This study aims to obtain attack evidence and reconstruct commonly used address resolution protocol attacks as a first step to launch a moderately malicious attack. MiTM and DoS are the initiations of ARP spoofing attacks that are used as a follow-up attack from ARP spoofing. The impact is quite severe, ranging from data theft and denial of service to crippling network infrastructure systems. In this study, data collection was conducted by launching an test attack against a real network infrastructure involving 27 computers, one router, and four switches. This study uses a Mikrotik router by building a firewall to generate log files and uses the Tazmen Sniffer Protocol, which is sent to a syslog-ng computer in a different virtual domain in a local area network. The Trigger, Acquire, Analysis, Report, Action method is used in network forensic investigations by utilising Wireshark and network miners to analyze network traffic during attacks. The results of this network forensics obtain evidence that there have been eight attacks with detailed information on when there was an attack on the media access control address and internet protocol address, both from the attacker and the victim. However, attacks carried out with the KickThemOut tool can provide further information about the attacker’s details through a number of settings, in particular using the Gratuitous ARP and ICMP protocols.

Author Biographies

Imam Riadi, Universitas Ahmad Dahlan

Department of Information System

Yudi Prayudi, Universitas Islam Indonesia

Department of Informatics

Tri Sudinugraha, Universiti Malaysia Sarawak

Faculty of Computer Science and Information Technology

References

M. Farooq and Q. A. Qureshi, “Privacy of Internet Users in the Era of Transformative Marketing,” Journal of Management Practices, Humanities and Social Sciences, vol. 4, no. 2, pp. 25–28, 2020.

A. Wicaksono and H. Herdiansyah, “The internet of things (iot) for flood disaster early warning in DKI Jakarta: prospect and community preparedness,” IOP Conf Ser Earth Environ Sci, vol. 683, no. 1, p. 012103, Mar. 2021, doi: 10.1088/1755-1315/683/1/012103.

K. Kimani, V. Oduol, and K. Langat, “Cyber security challenges for IoT-based smart grid networks,” International Journal of Critical Infrastructure Protection, vol. 25, pp. 36–49, Jun. 2019, doi: 10.1016/j.ijcip.2019.01.001.

O. A. Hussein, N. A. Manap, M. Rizal, A. Rahman, B. Muntadher, and A. Wahhab, “Cyber Blackmail on Social Media and its Authenticity through Criminal Evidence Cyber Blackmail on Social Media and its Authenticity through Criminal Evidence,” NeuroQuantology, vol. 20, no. 6, pp. 121–132, 2022, doi: 10.14704/nq.2022.20.6.NQ22014.

E. Staddon, V. Loscri, and N. Mitton, “Attack Categorisation for IoT Applications in Critical Infrastructures, a Survey,” Applied Sciences, vol. 11, no. 16, p. 7228, Aug. 2021, doi: 10.3390/app11167228.

Kaspersky, “Incident Response Analyst Report 2021.” 2021. [Online]. Available: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/13085018/Incident-Response-Analyst-Report-eng-2021.pdf

A. Berg and S. Selen, “bitkom 2021,” no. August, p. 19, 2021.

J. Muungano, “How Organisations Become Exposed to Certain Cyber-Attacks or Breaches and Ways to Mitigate”, doi: 10.14704/nq.2022.20.6.NQ22422.

S. Rao Allanki, N. Venu, D. Kumar, and As. Rao, “Botnet Attacks Detection In Internet Of Things Using Machine Learning Botnet Attacks Detection In Internet Of Things Using Machine Learning" NeuroQuantology 2022; 20(4): 743-754, vol. 20, 2022, doi: 10.14704/NQ.2022.20.4.NQ22298.

I. Riadi, M. Sumagita, A. Dahlan, I. Jl Soepomo Sh, K. Yogyakarta, and D. Istimewa Yogyakarta, “Analysis of Secure Hash Algorithm (SHA) 512 for Encryption Process on Web Based Application,” 2018. [Online]. Available: https://www.researchgate.net/publication/327392778

I. Riadi, “Examination of Digital Evidence on Android-based LINE Messenger,” International Journal of Cyber-Security and Digital Forensics, vol. 7, no. 3, pp. 336–343, 2018, doi: 10.17781/P002472.

N. Koroniotis, N. Moustafa, and E. Sitnikova, “A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework,” Future Generation Computer Systems, vol. 110, pp. 91–106, Sep. 2020, doi: 10.1016/j.future.2020.03.042.

Subektiningsih, Y. Prayudi, and I. Riadi, “Digital Forensics Workflow as A Mapping Model for People, Evidence, and Process in Digital Investigation,” International Journal of Cyber-Security and Digital Forensics, vol. 7, p. 294+, 2018, [Online]. Available: https://link.gale.com/apps/doc/A570819767/AONE?u=anon~5850c42d&sid=googleScholar&xid=9f19e9d5

A. v Kachavimath, S. V. Nazare, and S. S. Akki, “Distributed Denial of Service Attack Detection using Naïve Bayes and K-Nearest Neighbor for Network Forensics,” in 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), Mar. 2020, pp. 711–717. doi: 10.1109/ICIMIA48430.2020.9074929.

A. R. Caesarano and I. Riadi, “Network Forensics for Detecting SQL Injection Attacks Using NIST Method,” 2018. [Online]. Available: https://www.researchgate.net/publication/328135106

R. Umar, I. Riadi, and R. S. Kusuma, “Network Forensics Against Ryuk Ransomware Using Trigger , Acquire , Analysis , Report , and Action ( TAARA ) Methods,” vol. 4, pp. 197–204, 2021.

I. Riadi, J. E. Istiyanto, A. Ashari, and Subanar, “Log Analysis Techniques using Clustering in Network Forensics,” vol. 10, no. 7, 2013, [Online]. Available: http://arxiv.org/abs/1307.0072

H. Nurhairani and I. Riadi, “Analysis Mobile Forensics on Twitter Application using the National Institute of Justice (NIJ) Method,” Int J Comput Appl, vol. 177, no. 27, pp. 35–42, Dec. 2019, doi: 10.5120/ijca2019919749.

B. Suhardjono, A. Syah Putra, N. Aisyah, and V. Valentino, “Analysis Of Nist Methods On Facebook Messenger For Forensic Evidence,” no. 8, 2022.

M. Anathi and K. Vijayakumar, “An intelligent approach for dynamic network traffic restriction using MAC address verification,” Comput Commun, vol. 154, pp. 559–564, 2020, doi: 10.1016/j.comcom.2020.02.021.

M. Data, “The Defense Against ARP Spoofing Attack Using Semi-Static ARP Cache Table,” 3rd International Conference on Sustainable Information Engineering and Technology, SIET 2018 - Proceedings, pp. 206–210, 2018, doi: 10.1109/SIET.2018.8693155.

T. Girdler and V. G. Vassilakis, “Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses,” Computers and Electrical Engineering, vol. 90, no. July 2020, p. 106990, 2021, doi: 10.1016/j.compeleceng.2021.106990.

Z. Miao, G. Liu, H. Wang, and Y. Wang, “Dynamic Trust Model of ARP Real-Time Intrusion Detection Based on Extended Subjective Logic,” Proceedings of 2020 IEEE International Conference on Power, Intelligent Computing and Systems, ICPICS 2020, no. 1705, pp. 615–618, 2020, doi: 10.1109/ICPICS50287.2020.9201994.

V. Rohatgi and S. Goyal, “A detailed survey for detection and mitigation techniques against ARP spoofing,” Proceedings of the 4th International Conference on IoT in Social, Mobile, Analytics and Cloud, ISMAC 2020, pp. 352–356, 2020, doi: 10.1109/I-SMAC49090.2020.9243604.

G. Vira Yudha and R. Wisnu Wardhani, “Design of a Snort-based IDS on the Raspberry Pi 3 Model B+ Applying TaZmen Sniffer Protocol and Log Alert Integrity Assurance with SHA-3,” in 2021 9th International Conference on Information and Communication Technology (ICoICT), Aug. 2021, pp. 556–561. doi: 10.1109/ICoICT52021.2021.9527511.

G. B. Gavilanes, “Persons counter through Wi-Fi’s passive sniffing for IoT,” in 2018 IEEE Third Ecuador Technical Chapters Meeting (ETCM), Oct. 2018, pp. 1–6. doi: 10.1109/ETCM.2018.8580283.

P. D. Bojovi?, I. Baši?evi?, S. Ocovaj, and M. Popovi?, “A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method,” Computers & Electrical Engineering, vol. 73, pp. 84–96, Jan. 2019, doi: 10.1016/j.compeleceng.2018.11.004.

E. OliveiraJr, A. F. Zorzo, and C. V. Neu, “Towards a conceptual model for promoting digital forensics experiments,” Forensic Science International: Digital Investigation, vol. 35, p. 301014, Dec. 2020, doi: 10.1016/j.fsidi.2020.301014.

Downloads

Published

2023-01-07

How to Cite

[1]
A. Wijayanto, I. Riadi, Y. Prayudi, and T. Sudinugraha, “Network Forensics Against Address Resolution Protocol Spoofing Attacks Using Trigger, Acquire, Analysis, Report, Action Method”, Register: Jurnal Ilmiah Teknologi Sistem Informasi, vol. 8, no. 2, pp. 156–169, Jan. 2023.

Issue

Section

Article