Development and experimental testing of an ARP-spoofing attack detection method based on network traffic and ARP table analysis

The article addresses the problem of securing local computer networks against ARP-spoofing attacks. The relevance of the research is driven by the growing number of network threats and the simplicity of implementing this attack, which leads to traffic interception. The aim of this work is to develop and practically test a method for timely detection of ARP-spoofing. The proposed method is based on a comprehensive analysis of two factors: detecting the receipt of an unsolicited ARP reply and verifying a subsequent change in the host's local ARP table. To validate the method, a software tool was developed, and an experiment was conducted on a testbed using real hardware and attack software. The experimental results confirmed the high efficiency and reliability of the proposed method. The developed solution can be used to protect corporate networks, as well as in the educational process to demonstrate the mechanisms of network attacks and countermeasures.