Network Forensics Against Address Resolution Protocol Spoofing Attacks Using Trigger, Acquire, Analysis, Report, Action Method
DOI:
https://doi.org/10.26594/register.v8i2.2953Keywords:
Arp, Spoofing, TAARA, Tzsp, Network ForensicsAbstract
This study aims to obtain attack evidence and reconstruct commonly used address resolution protocol attacks as a first step to launch a moderately malicious attack. MiTM and DoS are the initiations of ARP spoofing attacks that are used as a follow-up attack from ARP spoofing. The impact is quite severe, ranging from data theft and denial of service to crippling network infrastructure systems. In this study, data collection was conducted by launching an test attack against a real network infrastructure involving 27 computers, one router, and four switches. This study uses a Mikrotik router by building a firewall to generate log files and uses the Tazmen Sniffer Protocol, which is sent to a syslog-ng computer in a different virtual domain in a local area network. The Trigger, Acquire, Analysis, Report, Action method is used in network forensic investigations by utilising Wireshark and network miners to analyze network traffic during attacks. The results of this network forensics obtain evidence that there have been eight attacks with detailed information on when there was an attack on the media access control address and internet protocol address, both from the attacker and the victim. However, attacks carried out with the KickThemOut tool can provide further information about the attacker’s details through a number of settings, in particular using the Gratuitous ARP and ICMP protocols.
References
M. Farooq and Q. A. Qureshi, “Privacy of Internet Users in the Era of Transformative Marketing,” Journal of Management Practices, Humanities and Social Sciences, vol. 4, no. 2, pp. 25–28, 2020.
A. Wicaksono and H. Herdiansyah, “The internet of things (iot) for flood disaster early warning in DKI Jakarta: prospect and community preparedness,” IOP Conf Ser Earth Environ Sci, vol. 683, no. 1, p. 012103, Mar. 2021, doi: 10.1088/1755-1315/683/1/012103.
K. Kimani, V. Oduol, and K. Langat, “Cyber security challenges for IoT-based smart grid networks,” International Journal of Critical Infrastructure Protection, vol. 25, pp. 36–49, Jun. 2019, doi: 10.1016/j.ijcip.2019.01.001.
O. A. Hussein, N. A. Manap, M. Rizal, A. Rahman, B. Muntadher, and A. Wahhab, “Cyber Blackmail on Social Media and its Authenticity through Criminal Evidence Cyber Blackmail on Social Media and its Authenticity through Criminal Evidence,” NeuroQuantology, vol. 20, no. 6, pp. 121–132, 2022, doi: 10.14704/nq.2022.20.6.NQ22014.
E. Staddon, V. Loscri, and N. Mitton, “Attack Categorisation for IoT Applications in Critical Infrastructures, a Survey,” Applied Sciences, vol. 11, no. 16, p. 7228, Aug. 2021, doi: 10.3390/app11167228.
Kaspersky, “Incident Response Analyst Report 2021.” 2021. [Online]. Available: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/13085018/Incident-Response-Analyst-Report-eng-2021.pdf
A. Berg and S. Selen, “bitkom 2021,” no. August, p. 19, 2021.
J. Muungano, “How Organisations Become Exposed to Certain Cyber-Attacks or Breaches and Ways to Mitigate”, doi: 10.14704/nq.2022.20.6.NQ22422.
S. Rao Allanki, N. Venu, D. Kumar, and As. Rao, “Botnet Attacks Detection In Internet Of Things Using Machine Learning Botnet Attacks Detection In Internet Of Things Using Machine Learning" NeuroQuantology 2022; 20(4): 743-754, vol. 20, 2022, doi: 10.14704/NQ.2022.20.4.NQ22298.
I. Riadi, M. Sumagita, A. Dahlan, I. Jl Soepomo Sh, K. Yogyakarta, and D. Istimewa Yogyakarta, “Analysis of Secure Hash Algorithm (SHA) 512 for Encryption Process on Web Based Application,” 2018. [Online]. Available: https://www.researchgate.net/publication/327392778
I. Riadi, “Examination of Digital Evidence on Android-based LINE Messenger,” International Journal of Cyber-Security and Digital Forensics, vol. 7, no. 3, pp. 336–343, 2018, doi: 10.17781/P002472.
N. Koroniotis, N. Moustafa, and E. Sitnikova, “A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework,” Future Generation Computer Systems, vol. 110, pp. 91–106, Sep. 2020, doi: 10.1016/j.future.2020.03.042.
Subektiningsih, Y. Prayudi, and I. Riadi, “Digital Forensics Workflow as A Mapping Model for People, Evidence, and Process in Digital Investigation,” International Journal of Cyber-Security and Digital Forensics, vol. 7, p. 294+, 2018, [Online]. Available: https://link.gale.com/apps/doc/A570819767/AONE?u=anon~5850c42d&sid=googleScholar&xid=9f19e9d5
A. v Kachavimath, S. V. Nazare, and S. S. Akki, “Distributed Denial of Service Attack Detection using Naïve Bayes and K-Nearest Neighbor for Network Forensics,” in 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), Mar. 2020, pp. 711–717. doi: 10.1109/ICIMIA48430.2020.9074929.
A. R. Caesarano and I. Riadi, “Network Forensics for Detecting SQL Injection Attacks Using NIST Method,” 2018. [Online]. Available: https://www.researchgate.net/publication/328135106
R. Umar, I. Riadi, and R. S. Kusuma, “Network Forensics Against Ryuk Ransomware Using Trigger , Acquire , Analysis , Report , and Action ( TAARA ) Methods,” vol. 4, pp. 197–204, 2021.
I. Riadi, J. E. Istiyanto, A. Ashari, and Subanar, “Log Analysis Techniques using Clustering in Network Forensics,” vol. 10, no. 7, 2013, [Online]. Available: http://arxiv.org/abs/1307.0072
H. Nurhairani and I. Riadi, “Analysis Mobile Forensics on Twitter Application using the National Institute of Justice (NIJ) Method,” Int J Comput Appl, vol. 177, no. 27, pp. 35–42, Dec. 2019, doi: 10.5120/ijca2019919749.
B. Suhardjono, A. Syah Putra, N. Aisyah, and V. Valentino, “Analysis Of Nist Methods On Facebook Messenger For Forensic Evidence,” no. 8, 2022.
M. Anathi and K. Vijayakumar, “An intelligent approach for dynamic network traffic restriction using MAC address verification,” Comput Commun, vol. 154, pp. 559–564, 2020, doi: 10.1016/j.comcom.2020.02.021.
M. Data, “The Defense Against ARP Spoofing Attack Using Semi-Static ARP Cache Table,” 3rd International Conference on Sustainable Information Engineering and Technology, SIET 2018 - Proceedings, pp. 206–210, 2018, doi: 10.1109/SIET.2018.8693155.
T. Girdler and V. G. Vassilakis, “Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses,” Computers and Electrical Engineering, vol. 90, no. July 2020, p. 106990, 2021, doi: 10.1016/j.compeleceng.2021.106990.
Z. Miao, G. Liu, H. Wang, and Y. Wang, “Dynamic Trust Model of ARP Real-Time Intrusion Detection Based on Extended Subjective Logic,” Proceedings of 2020 IEEE International Conference on Power, Intelligent Computing and Systems, ICPICS 2020, no. 1705, pp. 615–618, 2020, doi: 10.1109/ICPICS50287.2020.9201994.
V. Rohatgi and S. Goyal, “A detailed survey for detection and mitigation techniques against ARP spoofing,” Proceedings of the 4th International Conference on IoT in Social, Mobile, Analytics and Cloud, ISMAC 2020, pp. 352–356, 2020, doi: 10.1109/I-SMAC49090.2020.9243604.
G. Vira Yudha and R. Wisnu Wardhani, “Design of a Snort-based IDS on the Raspberry Pi 3 Model B+ Applying TaZmen Sniffer Protocol and Log Alert Integrity Assurance with SHA-3,” in 2021 9th International Conference on Information and Communication Technology (ICoICT), Aug. 2021, pp. 556–561. doi: 10.1109/ICoICT52021.2021.9527511.
G. B. Gavilanes, “Persons counter through Wi-Fi’s passive sniffing for IoT,” in 2018 IEEE Third Ecuador Technical Chapters Meeting (ETCM), Oct. 2018, pp. 1–6. doi: 10.1109/ETCM.2018.8580283.
P. D. Bojovi?, I. Baši?evi?, S. Ocovaj, and M. Popovi?, “A practical approach to detection of distributed denial-of-service attacks using a hybrid detection method,” Computers & Electrical Engineering, vol. 73, pp. 84–96, Jan. 2019, doi: 10.1016/j.compeleceng.2018.11.004.
E. OliveiraJr, A. F. Zorzo, and C. V. Neu, “Towards a conceptual model for promoting digital forensics experiments,” Forensic Science International: Digital Investigation, vol. 35, p. 301014, Dec. 2020, doi: 10.1016/j.fsidi.2020.301014.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2022 Agus Wijayanto, Imam Riadi, Yudi Prayudi, Tri Sudinugraha
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Please find the rights and licenses in Register: Jurnal Ilmiah Teknologi Sistem Informasi. By submitting the article/manuscript of the article, the author(s) agree with this policy. No specific document sign-off is required.
1. License
The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
2. Author(s)' Warranties
The author warrants that the article is original, written by stated author(s), has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author(s).
3. User/Public Rights
Register's spirit is to disseminate articles published are as free as possible. Under the Creative Commons license, Register permits users to copy, distribute, display, and perform the work for non-commercial purposes only. Users will also need to attribute authors and Register on distributing works in the journal and other media of publications. Unless otherwise stated, the authors are public entities as soon as their articles got published.
4. Rights of Authors
Authors retain all their rights to the published works, such as (but not limited to) the following rights;
Copyright and other proprietary rights relating to the article, such as patent rights,
The right to use the substance of the article in own future works, including lectures and books,
The right to reproduce the article for own purposes,
The right to self-archive the article (please read out deposit policy),
The right to enter into separate, additional contractual arrangements for the non-exclusive distribution of the article's published version (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal (Register: Jurnal Ilmiah Teknologi Sistem Informasi).
5. Co-Authorship
If the article was jointly prepared by more than one author, any authors submitting the manuscript warrants that he/she has been authorized by all co-authors to be agreed on this copyright and license notice (agreement) on their behalf, and agrees to inform his/her co-authors of the terms of this policy. Register will not be held liable for anything that may arise due to the author(s) internal dispute. Register will only communicate with the corresponding author.
6. Royalties
Being an open accessed journal and disseminating articles for free under the Creative Commons license term mentioned, author(s) aware that Register entitles the author(s) to no royalties or other fees.
7. Miscellaneous
Register will publish the article (or have it published) in the journal if the article’s editorial process is successfully completed. Register's editors may modify the article to a style of punctuation, spelling, capitalization, referencing and usage that deems appropriate. The author acknowledges that the article may be published so that it will be publicly accessible and such access will be free of charge for the readers as mentioned in point 3.
Editorial Board
Author Guidelines
Focus and Scope
Online Submissions
Author Fees 
Journal History
