Page 16 - 2023-Vol19-Issue2
P. 16

12 |                                                            Nasser & Hussain

                                                                Fig. 4. the detection flowchart

                  Fig. 3. the proposal flowchart                IP-MAC in the ARP table. An if statement checks whether the
                                                                attacker’s IP-MAC address is on the blacklist after decrypting
    Output: alarm message.                                      the blacklist. A notice saying ”The MACspoof address has
    1: restore the original Mac for the ARP cache table and     been banned” will appear if it is. If it doesn’t, the attacker’s
router                                                          device will be attacked in reverse to cut it off from the ser-
    2: show alert message in dest. Host ’under attack.’         vice, the file will be re-encrypted after the update, and the
    3: check the response ip address of the source host in its  device will be blacklisted. Below, the response algorithm in
firewall.                                                       Algorithm 3 and the flowchart in Fig.5 explain their function.
    4: if (response ip in a firewall), then
    5: show alert message this IP is blocked                        Algorithm 3: response algorithm
    6: Else:
    7: blocking this attacker’s IP from all protocols in dest.      Begin:
Host from the firewall                                              Input: (blacklist, original mac, HDDserial)
    8: End if                                                       Output: 1: Encrypt (blacklist)
    End:                                                            2: If (original mac and HDDno. not in blacklist), then
                                                                    3: Add original mac and HDDno. to blacklist
C. Response model                                                   4: Display alert message ”added the device to blacklist.”
   The response model is used if the main program verifies          5: Decrypt (blacklist)
                                                                    6: Else:
that the IP-MAC packet input information does not match the         7: Display alert message ”the macSpoofed is already in a
                                                                blacklist.”
                                                                    8: End if
                                                                    9: do a reverse attack on the attacker host to cut service
                                                                    10: A flood attack on an attacker host
                                                                    End:
   11   12   13   14   15   16   17   18   19   20   21