TAARA Method for Processing on the Network Forensics in the Event of an ARP Spoofing Attack
According to reports in 2021 by Kaspersky, requests for investigations into suspicious network activity, such as ARP Spoofing, which can result in sophisticated attacks, reached up to 22%. Several difficulties with examining network systems have been overcome thanks to network forensic investigations. This study aims to perform a network forensic analysis of ARP spoofing attacks using Wireshark forensic tools and Network Miner with a sniffer design process to capture traffic on the router side. In order to gather reliable evidence, this study employs the TAARA method as a network forensic investigation process. Based on the research conducted, it can be demonstrated that an attack took place from eight PCAP files. The information that was gathered, such as the IP address and MAC address of the attacker, the IP address and MAC address of the target, and the date and time of the attack are examples of evidence information that was gathered. This study also shows that network forensic operations can use the Wireshark forensic tool to obtain more detailed data.
Kaspersky, (2021). Incident Response Analyst Report 2021. [Online]. Available: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/13085018/Incident-Response-Analyst-Report-eng-2021.pdf
T. Girdler and V.G. Vassilakis, “Implementing an intrusion detection and prevention system using Software-Defined Networking: Defending against ARP spoofing attacks and Blacklisted MAC Addresses,” Computers & Electrical Engineering, vol. 90, p. 106990, Mar. 2021, https://doi.org/10.1016/j.compeleceng.2021.106990.
G. Tully, N. Cohen, D. Compton, G. Davies, R. Isbell, and T. Watson, “Quality standards for digital forensics: Learning from experience in England & Wales,” Forensic Science International: Digital Investigation, vol. 32, p. 200905, Mar. 2020, https://doi.org/10.1016/j.fsidi.2020.200905.
R. Umar, I. Riadi, and R.S. Kusuma, “Network Forensics Against Ryuk Ransomware Using Trigger, Acquire, Analysis, Report, and Action (TAARA) Method,” Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control, vol. 6, no. 2, pp. 133–140, May 2021, https://doi.org/10.22219/kinetik.v6i2.1225.
R. Rizal, I. Riadi, and Y. Prayudi, “Network Forensics for Detecting Flooding Attack on Internet of Things (IoT) Device,” International Journal of Cyber-Security and Digital Forensics (IJCSDF), vol. 7, no. 4, pp. 382–390, Dec. 2018, http://dx.doi.org/10.17781/P002477.
A. Yudhana, I. Riadi, and F. Ridho, “DDoS Classification Using Neural Network and Naïve Bayes Methods for Network Forensics,” International Journal of Advanced Computer Science and Applications, vol. 9, no. 11, 2018, https://doi.org/10.14569/IJACSA.2018.091125.
M. Hikmatyar, Y. Prayudi, and I. Riadi, “Network Forensics Framework Development using Interactive Planning Approach,” Int J Comput Appl, vol. 161, no. 10, pp. 41–48, Mar. 2017, https://doi.org/10.5120/ijca2017913352.
H. Abdulla, H. Al-Raweshidy, and W.S. Awad, “ARP Spoofing Detection for IoT Networks Using Neural Networks,” SSRN Electronic Journal, 2020, https://doi.org/10.2139/ssrn.3659129.
D. Spiekermann, J. Keller, and T. Eggendorfer, “Network forensic investigation in OpenFlow networks with ForCon,” Digit Investig, vol. 20, pp. S66–S74, Mar. 2017, https://doi.org/10.1016/j.diin.2017.01.007.
I. Riadi, J. Eko Istiyanto, and A. Ashari, “Log Analysis Techniques using Clustering in Network Forensics,” International Journal of Computer Science and Information Security, vol. 10, no. 7, 2012, http:// arxiv.org/abs/1307.0072.
R.Y. Patil and S.R. Devane, “Network Forensic Investigation Protocol to Identify True Origin of Cyber Crime,” Journal of King Saud University - Computer and Information Sciences, vol. 34, no. 5, pp. 2031–2044, May 2022, https://doi.org/10.1016/j.jksuci.2019.11.016.
D. Mualfah and I. Riadi, “Network Forensics For Detecting Flooding Attack On Web Server,” International Journal of Computer Science and Information Security, vol. 15, no. 2, 2017, [Online]. Available: https://sites.google.com/site/ijcsis/
M. Alim, I. Riadi, and Y. Prayudi, “Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard,” Int J Comput Appl, vol. 180, no. 35, pp. 23–30, Apr. 2018, https://doi.org/10.5120/ijca2018916879.
D. Saputra, “Network Forensics Analysis of Man in the Middle Attack Using Live Forensics Method,” International Journal of Cyber-Security and Digital Forensics, vol. 8, no. 1, pp. 66–73, 2019, https://doi.org/10.17781/P002558.
I. Riadi, R. Umar, I. Busthomi, and A.W. Muhammad, “Block-hash of blockchain framework against man-in-the-middle attacks,” Register: Jurnal Ilmiah Teknologi Sistem Informasi, vol. 8, no. 1, p. 1, May 2021, https://doi.org/10.26594/register.v8i1.2190.
H.H. Satyanegara and K. Ramli, “Implementation of CNN-MLP and CNN-LSTM for MitM Attack Detection System,” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 6, no. 3, pp. 387–396, Jun. 2022, https://doi.org/10.29207/resti.v6i3.4035.
M. Data, “The Defense Against ARP Spoofing Attack Using Semi-Static ARP Cache Table,” in 2018 International Conference on Sustainable Information Engineering and Technology (SIET), Nov. 2018, pp. 206–210. https://doi.org/10.1109/SIET.2018.8693155.
M. Zengliang, L. Guodong, W. Hongyan, and W. Yong, “Dynamic Trust Model of ARP Real-Time Intrusion Detection Based on Extended Subjective Logic,” in 2020 IEEE International Conference on Power, Intelligent Computing and Systems (ICPICS), Jul. 2020, pp. 615–618. https://doi.org/10.1109/ICPICS50287.2020.9201994.
M.S. Song, J.D. Lee, Y.S. Jeong, H.Y. Jeong, and J.H. Park, “DS-ARP: A New Detection Scheme for ARP Spoofing Attacks Based on Routing Trace for Ubiquitous Environments,” The Scientific World Journal, vol. 2014, pp. 1–7, 2014, https://doi.org/10.1155/2014/264654.
V. Rohatgi and S. Goyal, “A Detailed Survey for Detection and Mitigation Techniques against ARP Spoofing,” in 2020 Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Oct. 2020, pp. 352–356. https://doi.org/10.1109/I-SMAC49090.2020.9243604.
V.R. Kebande, R.A. Ikuesan, N.M. Karie, S. Alawadi, K.K.R. Choo, and A. Al-Dhaqm, “Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments,” Forensic Science International: Reports, vol. 2, p. 100122, Dec. 2020, https://doi.org/10.1016/j.fsir.2020.100122.
Sunardi, I. Riadi, and A. Sugandi, “Forensic Analysis of Docker Swarm Cluster using Grr Rapid Response Framework,” International Journal of Advanced Computer Science and Applications, vol. 10, no. 2, 2019, https://doi.org/10.14569/IJACSA.2019.0100260.
R. Umar, I. Riadi, and B.F. Muthohirin, “Live forensics of tools on android devices for email forensics,” TELKOMNIKA (Telecommunication Computing Electronics and Control), vol. 17, no. 4, p. 1803, Aug. 2019, https://doi.org/10.12928/telkomnika.v17i4.11748.
Nickson. M. Karie, V.R. Kebande, H.S. Venter, and K.K.R. Choo, “On the importance of standardising the process of generating digital forensic reports,” Forensic Science International: Reports, vol. 1, p. 100008, Nov. 2019, https://doi.org/10.1016/j.fsir.2019.100008.
J. Hou, Y. Li, J. Yu, and W. Shi, “A Survey on Digital Forensics in Internet of Things,” IEEE Internet Things J, vol. 7, no. 1, pp. 1–15, Jan. 2020, https://doi.org/10.1109/JIOT.2019.2940713.
A. Yudhana, I. Riadi, and B. Putra, “Digital Forensic on Secure Digital High Capacity using DFRWS Method,” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 6, no. 6, pp. 1021–1027, Dec. 2022, https://doi.org/10.29207/resti.v6i6.4615.
D. Faroek, R. Umar, and I. Riadi, “Classification Based on Machine Learning Methods for Identification of Image Matching Achievements,” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 6, no. 2, pp. 198–206, Apr. 2022, https://doi.org/10.29207/resti.v6i2.3826.
R. Umar, I. Riadi, and G.M. Zamroni, “Mobile Forensic Tools Evaluation for Digital Crime Investigation,” Int J Adv Sci Eng Inf Technol, vol. 8, no. 3, p. 949, Jun. 2018, https://doi.org/10.18517/ijaseit.8.3.3591.
Copyright (c) 2023 Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright in each article belongs to the author
- The author acknowledges that the RESTI Journal (System Engineering and Information Technology) is the first publisher to publish with a license Creative Commons Attribution 4.0 International License.
- Authors can enter writing separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal into other versions (eg sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time in the RESTI (Rekayasa Sistem dan Teknologi Informasi) journal ;