Ginting, Veny Charnita Br (2019) Deteksi Serangan Arp Spoofing Berdasarkan Analisis Lalu Lintas Paket Protokol Arp. Sarjana thesis, Universitas Brawijaya.
Abstract
Local Area Network(LAN) adalah network domain yang menghubungkan ruang lingkup kecil seperti rumah, sekolah, kantor, dan lain-lain. Perangkat yang terhubung ke dalam LAN memiliki alamat MAC dan alamat IP yang unik. Pada LAN terdapat protokol ARP(Address Resolution Protocol) yang berfungsi menerjemahkan alamat IP suatu host menjadi alamat MAC. Protokol ARP digunakan apabila sebuah host ingin berkomunikasi dengan host lainnya, namun alamat MAC host tujuan belum diketahui. Protokol ARP menggunakan paket ARP request yang dikirimkan secara broadcast untuk menanyakan alamat MAC pada IP tertentu. Paket ARP reply digunakan untuk memberikan balasan dari ARP Request yang diterima. Namun protokol ARP bersifat stateless yang membuat protokol ARP memiliki celah keamanan. ARP Spoofing atau ARP Cache Table Poisoning adalah serangan yang memanfaatkan celah keamanan pada protokol ARP dimana attacker mengirimkan paket ARP palsu untuk mengubah ARP cache tabel victim. Pada penelitian ini melakukan deteksi serangan ARP Spoofing yang dilakukan oleh detektor host yang akan melakukan analisa lalu lintas ARP berdasarkan informasi header, memeriksa ARP request dari paket ARP reply, memeriksa frekuensi paket arp, dan memeriksa alamat source dan destination yang abnormal pada paket ARP. Hasil penelitian ini memiliki rata-rata Akurasi yaitu 89.64%. Akurasi detektor host bergantung kepada jumlah serangan dan jumlah paket yang diperiksa. Rata-rata Waktu yang dibutuhkan untuk mendeteksi serangan ARP Spoofing adalah 0,4 detik. Hasil analisa yang dilakukan dalam penelitian ini akan di simpan ke dalam sebuah log file. Log file berisi informasi seperti waktu kejadian serangan, informasi alamat IP korban, alamat MAC palsu serta informasi tambahan seperti metode yang digunakan oleh penyerang dalam menjalankan arp spoofing
English Abstract
Local Area Network is a domain network that connects small area such as homes, schools, offices, etc. Each device that connects to Local Area Network has a unique MAC address and IP address. ARP (Address Resolution Protocol) is a protocol for mapping an Internet Protocol (IP) Address to a Physical Machine Address (MAC) that is recognized in the local network. ARP is used when a host wants to communicate with another hosts whose hardware address is unknown, it broadcast an ARP request for the hardware address associated with the IP address of the destination. And the host with corresponding protocol address sends a unicast reply to the sender with its IP address and MAC address pair. ARP protocol plays a big role in local area network communication, however ARP Protocol has a vulnerability which can be used to run a serious network attack. ARP Protocol is a stateless protocol and its reply packets are not authenticated, all hosts blindly cache the ARP replies they receive from the network. ARP Spoofing or ARP Cache Table is a network attack that uses ARP vulnerability by sending a poisoned ARP packets to change the ARP cache of the victim’s ARP Cache Table. This research was conducted to detect ARP Spoofing attacks based on ARP packet traffic. This research use one detector host which analyze ARP traffic by checking ARP header, checking ARP request of ARP reply packet, checking the frequency of packet ARP, and checking abnormal packet ARP destination and source addresses. The average of classification rate of detecting ARP Spoofing by using this method is 89.64%. The classification rate depends on the number of attacks and the number of ARP packet. The average time to detect ARP Spoofing is 0.4 second. All ARP spoofing packet information will be written in log files. Log file will contain the time of attack, victim IP address, spoofed MAC address, and additional information such as the ARP spoofing method that used by attacker.
Other obstract
-
| Item Type: | Thesis (Sarjana) |
|---|---|
| Identification Number: | SKR/FILKOM/2019/220/051902970 |
| Uncontrolled Keywords: | LAN, ARP, ARP Spoofing, ARP Cache Table, : LAN, ARP, ARP Spoofing, ARP Cache Table |
| Subjects: | 000 Computer science, information and general works > 005 Computer programming, programs, data > 005.8 Data security |
| Divisions: | Fakultas Ilmu Komputer > Teknik Informatika |
| Depositing User: | Nur Cholis |
| Date Deposited: | 24 Aug 2020 06:45 |
| Last Modified: | 24 Oct 2021 05:19 |
| URI: | http://repository.ub.ac.id/id/eprint/169516 |
Preview |
Text
VenyCharnita_Skripsi (2).pdf Download (2MB) | Preview |
Actions (login required)
 |
View Item |