Page 18 - 2023-Vol19-Issue2
P. 18
14 | Nasser & Hussain
Fig. 9. Result detection algorithm.
Fig. 11. Result decrypt blacklist.
Fig. 10. Result response algorithm.
function. The results of 10 experiments measuring detection
speed are as shown in fig.13.
The figure 13 shows how fast the method can find an
attack on a protected network. Based on the results of the
previous trial, it was determined that the median time to detect
an attack was 0.933 seconds. Here’s how fast the system can
get back to normal after an attack has been stopped.
The average response time was 3.05 seconds in the prior
experiment. Our proposed approach was tested intensively
and found to be relatively secure against cyberattacks.
VI. SECURITY ANALYSIS Fig. 12. Result reverse attack.
This section analyzes our proposal and discusses how our users with network access, gateway access, and the ability to
approach may successfully withstand common harmful ap- perform fraudulent actions using other users’ identities. This
proaches. Also, the method suggested is safe, and a compari- attack is mitigated by utilizing Fernet encryption to secure
son of technologies that are almost the same is given. database records.
Theorem1. Our proposed approach can resist a MITM Theorem3. Our proposed approach resists DOS at-
attack. tacks.
Proof: In a MITM attack on a local network, the first step Proof: After getting the router’s IP-MAC address, the
is to change the ARP table. The attacker pretends to be the attacker sends fake traffic or a lot of requests, which breaks
Mac of any device on the network (a victim) so that they can the service. The method described here checks the blacklist,
make fake requests, get real answers, and get to the victim’s which contains all of the attackers’ addresses, and if it finds
sensitive information. Before sending responses to requests the request, it ignores it and does not filter any network traffic
sent and received over a network, the proposed method checks related to the ARP table attack, as shown in steps 3-9 of the
and filters them to ensure they are real. As shown in steps algorithm1. It also prevents the false IP-MAC from being
(7-9) of the algorithm (1), algorithm (2), and Figures 3 and 4, used by all protocols and ports that the attacker may use to
when the computer finds fake requests, it alerts the victim of DOS the victim, preventing it from sending fake requests.
an attack.
Theorem4. Our proposed approach resists mac cloning
Theorem2. Our proposed approach resists insider at-
tacks.
Proof: Insider attacks are conducted by current or former