Analysis of Mitigation Methods for ARP Attacks in Local Area Networks: A Systematic Review
摘要
ARP attacks are a type of attack targeting LANs in which an attacker sends spoofed ARP packets to associate its MAC address with the IP address of a legitimate device. Thus, inside a network, an attacker can perform various malicious actions, such as executing DDoS attacks or redirecting traffic to another network to intercept and analyze information. This systematic review analyzes the results of different mitigation methods for ARP attacks. The analysis begins with the use of the PICOC (population, intervention, comparison, outcomes and context) research tool, which is useful for diagnosing, optimizing treatments and the search for evidence. In this case, it is used to design a systematic search strategy. The inclusion and exclusion criteria were applied to refine the search. The results of the analysis showed that the method based on the DNN (Deep Neural Network) model had the shortest detection time (0.0000607 s) and 100% effectiveness in identifying ARP attacks. It was also evident that most of the tests were performed in virtual environments, using Deep Learning tools such as CNN (Convolutional Neural Network), ANN (Artificial Neural Network) and in SDN (Software-Defined Network) environments. In addition, the use of Port Security, ARPwatch, and ARPon contributed to the mitigation of these attacks, although less effectively. Finally, general studies and forensic analysis on ARP attack mitigation were conducted, providing a standard for dealing with this type of threat. It was concluded that deep learning-based methods, particularly those implemented in Python, are the most promising. It is recommended to deepen the evolution of automatic MAC address assignments to improve network security.