A Subnet Based Intrusion Detection Scheme for Tracking down the Origin of Man-In-The-Middle Attack
The Address Resolution Protocol (ARP), has proved to work well under regular circumstances, but it is not equipped to cope with malicious hosts. Several methods to mitigate, detect and prevent these attacks do exist for the gateways/routers and nodes. This paper is focused towards developing the authors' own tailor made Intrusion Detection technique at the subnet level and they present an algorithm that detects the source of ARP poisoning in the Man-in-the-Middle attack. It is designed to detect both the attack and the attacker.