ARP欺骗攻击与硬件防御研究

doi:10.3969/j.issn.1671-1122.2024.10.015

摘要/Abstract

摘要：

针对现有ARP欺骗攻击防御手段配置繁琐、成本高昂等问题，文章设计了基于FPGA的硬件防御设备并在真实网络环境中进行了测试。首先搭建真实的局域网环境，利用arpspoof工具对局域网中的目标主机实施ARP欺骗攻击；然后设计了基于FPGA平台的网络安全防御设备，通过对上下行链路中的网络报文进行解析，并与设置的安全防御策略相应报文的字段进行比对过滤，实现对ARP欺骗报文的识别与过滤；最后将网络安全防御设备接入局域网，并通过VIVADO的ILA抓取ARP欺骗攻击报文的相关字段波形。波形数据表明，网络安全防御设备可有效识别ARP欺骗攻击报文的MAC地址和IP地址等内容并实施有效拦截，同时可对接入系统的网络链路带宽、攻击拦截率和被攻击主机系统资源使用率进行统计。

关键词: 网络安全, 地址解析协议, 欺骗攻击, FPGA, 硬件防御

Abstract:

In view of the cumbersome configuration and high cost of the existing ARP spoofing attack defense methods, a hardware defense device based on FPGA was designed and tested in the real network environment. First, the real LAN environment was built, and the arpspoof tool was used to implement ARP spoofing attack on the target host in the LAN, and the target host couldn’t access the external network after being attacked. A network security protection device based on FPGA platform was designed to identify and filter ARP spoofing packets by analyzing the network packets in the upstream and downstream links and comparing them with the corresponding packet fields of the security protection policy. Finally, the network security protection device was connected to the LAN, and the ILA of VIVADO captured the related field waveforms of ARP spoofing attack packets. The waveform data shows that the network security device can effectively identify the MAC address and IP address of ARP spoofing attack packets and effectively intercept them. The changes of network link bandwidth, attack interception rate, and system resource usage of the attacked host are also collected.

Key words: network security, ARP, spoofing attack, FPGA, hardware defense

中图分类号:

TP309

何开宇, 王彬, 于哲, 陈方. ARP欺骗攻击与硬件防御研究[J]. 信息网络安全, 2024, 24(10): 1604-1610.

HE Kaiyu, WANG Bin, YU Zhe, CHEN Fang. Research on ARP Spoofing Attack and Hardware Defense[J]. Netinfo Security, 2024, 24(10): 1604-1610.

图/表 10

图1

图2

图3

图4

图5

图6

图7

图8

表1

表2

参考文献 17

[1]	ZHANG Feng, YU Xiumin, BAO Juan. Research on Campus Network Preventing ARP Spoofing[J]. Journal of Dalian University, 2019, 40(3): 10-14.
	张峰, 于秀敏, 包娟. 高校校园网防ARP欺骗的研究[J]. 大连大学学报, 2019, 40(3):10-14.
[2]	QIU Hong, SHI Junyu, TU Qiuyue. A Brief Analysis of ARP Attack and Protection in LAN[J]. Computer & Network, 2021, 47(1): 56-59.
	仇虹, 施俊宇, 涂秋月. 浅析局域网内ARP攻击与防护[J]. 计算机与网络, 2021, 47(1):56-59.
[3]	LIU Lang. Analysis and Practice of ARP Virus Spoofing[J]. Network Security and Informatization, 2022(10): 153-155.
	刘浪. 关于ARP病毒欺骗的分析与实践[J]. 网络安全和信息化, 2022(10):153-155.
[4]	LIN Chenyu, CHEN Jun. ARP Protocol Analysis and Research on Attack and Defense Technology[J]. Journal of Xiangyang Polytechnic, 2023, 22(3): 104-109.
	林晨钰, 陈俊. ARP协议分析及攻防技术研究[J]. 襄阳职业技术学院学报, 2023, 22(3):104-109.
[5]	XIA Jing, CAI Zhiping, HU Gang, et al. An Active Defense Solution for ARP Spoofing in OpenFlow Network[J]. Chinese Journal of Electronics, 2019, 28(1): 172-178. doi: 10.1049/cje.2017.12.002
[6]	FIESSLER A, LORENZ C, HAGER S, et al. HyPaFilter+: Enhanced Hybrid Packet Filtering Using Hardware Assisted Classification and Header Space Analysis[J]. IEEE/ACM Transactions on Networking, 2017, 25(6): 3655-3669.
[7]	TANG Dengping, WANG Jin, XIAO Guangdi. ARP Protocol Principle Simulation Experiment Design and Implementation[J]. Laboratory Research and Exploration, 2016, 35(12): 126-129.
	唐灯平, 王进, 肖光娣. ARP协议原理仿真实验的设计与实现[J]. 实验室研究与探索, 2016, 35(12):126-129.
[8]	WANG Yongsheng. ARP Attack Principle and Defense Measures[J]. Digital Technology & Application, 2020, 38(2): 181-182.
	汪永生. ARP攻击原理与防御措施[J]. 数字技术与应用, 2020, 38(2):181-182.
[9]	ZHOU Chuang, WANG Honglin. ARP Spoofing Prevention Technology Based on SDN[J]. Journal of Chongqing University of Science and Technology (Natural Sciences Edition), 2019, 21(1): 100-103.
	周创, 王红林. 基于SDN的ARP欺骗防范技术[J]. 重庆科技学院学报(自然科学版), 2019, 21(1):100-103.
[10]	KE Cai. Analysis and Research of Network Monitoring Based on ARP Spoofing[J]. Electronic Design Engineering, 2020, 28(13): 124-127.
	柯采. 基于ARP欺骗的网络监听分析与研究[J]. 电子设计工程, 2020, 28(13):124-127.
[11]	MORSY S M, NASHAT D. D-ARP: An Efficient Scheme to Detect and Prevent ARP Spoofing[J]. IEEE Access, 2022, 10: 49142-49153.
[12]	HU Zhiming. Research on Man-in-the-Middle Attack and Defense Technology Based on ARP Deception[J]. Information Technology and Informatization, 2020(12): 111-114.
	胡志明. 基于ARP欺骗的中间人攻击与防御技术研究[J]. 信息技术与信息化, 2020(12):111-114.
[13]	ZHAO Jing. Research on Man-in-the-Middle Attacks Based on ARP Deception and Countermeasures[J]. Network Security Technology & Application, 2021(3): 6-8.
	赵菁. 基于ARP欺骗的中间人攻击及防范对策研究[J]. 网络安全技术与应用, 2021(3):6-8.
[14]	LI Zhaobin, MAO Fangyi, WANG Yaojun, et al. Application of Scapy in Network Equipment Safety Testing[J]. Journal of Beijing Electronic Science and Technology Institute, 2016, 24(4): 73-77.
	李兆斌, 茅方毅, 王瑶君, 等. Scapy在网络设备安全性测试中的应用[J]. 北京电子科技学院学报, 2016, 24(4):73-77.
[15]	BIAN Zhonghao, TIAN Ye, SI Yi, et al. Hardware Circuit Design of Network Acceleration Card Based on FPGA[J]. Communications Technology, 2021, 54(6): 1521-1528.
	卞中昊, 田野, 司艺, 等. 基于FPGA的多端口网络协议解析加速卡硬件电路设计[J]. 通信技术, 2021, 54(6):1521-1528.
[16]	QU Chenxin, DI Zhixiong, TIAN Shuo, et al. Design and Implementation of Ethernet MAC Layer Switch Based on FPGA[J]. Information Technology and Informatization, 2021(5): 217-219.
	屈晨昕, 邸志雄, 田硕, 等. 基于FPGA的以太网MAC层交换机设计与实现[J]. 信息技术与信息化, 2021(5):217-219.
[17]	REN Yongfeng, SHANG Chenyang. Design of Gigabit Ethernet Interface IP Core Based on FPGA[J]. Microcontrollers & Embedded Systems, 2022, 22(11): 49-53.
	任勇峰, 尚辰阳. FPGA千兆以太网接口的IP核设计[J]. 单片机与嵌入式系统应用, 2022, 22(11):49-53.

时间/min	攻击主机发包数量/个	硬件设备拦截有效率
5	2754786	100%
10	5509697	100%
60	31942800	100%

硬件防御策略	CPU利用率	内存利用率
开启前	44%	58%
开启后	29%	36%