Page 16 - 2023-Vol19-Issue2
P. 16
12 | Nasser & Hussain
Fig. 4. the detection flowchart
Fig. 3. the proposal flowchart IP-MAC in the ARP table. An if statement checks whether the
attacker’s IP-MAC address is on the blacklist after decrypting
Output: alarm message. the blacklist. A notice saying ”The MACspoof address has
1: restore the original Mac for the ARP cache table and been banned” will appear if it is. If it doesn’t, the attacker’s
router device will be attacked in reverse to cut it off from the ser-
2: show alert message in dest. Host ’under attack.’ vice, the file will be re-encrypted after the update, and the
3: check the response ip address of the source host in its device will be blacklisted. Below, the response algorithm in
firewall. Algorithm 3 and the flowchart in Fig.5 explain their function.
4: if (response ip in a firewall), then
5: show alert message this IP is blocked Algorithm 3: response algorithm
6: Else:
7: blocking this attacker’s IP from all protocols in dest. Begin:
Host from the firewall Input: (blacklist, original mac, HDDserial)
8: End if Output: 1: Encrypt (blacklist)
End: 2: If (original mac and HDDno. not in blacklist), then
3: Add original mac and HDDno. to blacklist
C. Response model 4: Display alert message ”added the device to blacklist.”
The response model is used if the main program verifies 5: Decrypt (blacklist)
6: Else:
that the IP-MAC packet input information does not match the 7: Display alert message ”the macSpoofed is already in a
blacklist.”
8: End if
9: do a reverse attack on the attacker host to cut service
10: A flood attack on an attacker host
End:
