信息网络安全 ›› 2024, Vol. 24 ›› Issue (10): 1604-1610.doi: 10.3969/j.issn.1671-1122.2024.10.015

• 入选论文 • 上一篇    下一篇

ARP欺骗攻击与硬件防御研究

何开宇1, 王彬2, 于哲2(), 陈方2   

  1. 1.河南省计量测试科学研究院,郑州 450008
    2.郑州大学国家超级计算郑州中心,郑州 450001
  • 收稿日期:2024-06-05 出版日期:2024-10-10 发布日期:2024-09-27
  • 通讯作者: 于哲, 13501015514@139.com
  • 作者简介:何开宇(1971—),男,河南,高级工程师,主要研究方向为计量技术及管理、电子与机械|王彬(1988—),男,河南,硕士,主要研究方向为数字集成电路设计、网络安全|于哲(1976—),男,北京,副研究员,博士,主要研究方向为集成电路设计、网络与存储安全、密码算法|陈方(1989—),男,湖北,工程师,主要研究方向为数字集成电路、网络安全

Research on ARP Spoofing Attack and Hardware Defense

HE Kaiyu1, WANG Bin2, YU Zhe2(), CHEN Fang2   

  1. 1. Henan Institute of Metrology and Testing Science, Zhengzhou 450008, China
    2. National Supercomputing Center in Zhengzhou, Zhengzhou University, Zhengzhou 450001, China
  • Received:2024-06-05 Online:2024-10-10 Published:2024-09-27

摘要:

针对现有ARP欺骗攻击防御手段配置繁琐、成本高昂等问题,文章设计了基于FPGA的硬件防御设备并在真实网络环境中进行了测试。首先搭建真实的局域网环境,利用arpspoof工具对局域网中的目标主机实施ARP欺骗攻击;然后设计了基于FPGA平台的网络安全防御设备,通过对上下行链路中的网络报文进行解析,并与设置的安全防御策略相应报文的字段进行比对过滤,实现对ARP欺骗报文的识别与过滤;最后将网络安全防御设备接入局域网,并通过VIVADO的ILA抓取ARP欺骗攻击报文的相关字段波形。波形数据表明,网络安全防御设备可有效识别ARP欺骗攻击报文的MAC地址和IP地址等内容并实施有效拦截,同时可对接入系统的网络链路带宽、攻击拦截率和被攻击主机系统资源使用率进行统计。

关键词: 网络安全, 地址解析协议, 欺骗攻击, FPGA, 硬件防御

Abstract:

In view of the cumbersome configuration and high cost of the existing ARP spoofing attack defense methods, a hardware defense device based on FPGA was designed and tested in the real network environment. First, the real LAN environment was built, and the arpspoof tool was used to implement ARP spoofing attack on the target host in the LAN, and the target host couldn’t access the external network after being attacked. A network security protection device based on FPGA platform was designed to identify and filter ARP spoofing packets by analyzing the network packets in the upstream and downstream links and comparing them with the corresponding packet fields of the security protection policy. Finally, the network security protection device was connected to the LAN, and the ILA of VIVADO captured the related field waveforms of ARP spoofing attack packets. The waveform data shows that the network security device can effectively identify the MAC address and IP address of ARP spoofing attack packets and effectively intercept them. The changes of network link bandwidth, attack interception rate, and system resource usage of the attacked host are also collected.

Key words: network security, ARP, spoofing attack, FPGA, hardware defense

中图分类号: