摘要： 针对ARP网络流量具有自相似性，ARP欺骗会导致ARP网络流量局部突发的特征，在进行理论分析的基础上，提出一种ARP欺骗入侵检测方法。采用适合描述自相似性的FARIMA准确预测ARP网络流量，在线实时计算每个周期实测值和预测值的差值，比较差值变化率快速准确实现ARP欺骗入侵检测。运行结果证明FARIMA具有先进性，该方法可有效提高ARP欺骗实时入侵检测的检测率，实现追踪ARP欺骗攻击源主机。

关键词: ARP欺骗, 分形自回归滑动平均混合模型, 入侵检测, 网络安全, 自相似

Abstract: Aiming at the character that ARP network traffic has self-similar behavior, ARP spoofing leads ARP network traffic local burst, an ARP spoofing intrusion detection method is proposed after the theory is analyzed. The method uses Fractional Autoregressive Moving Average model(FARIMA) to forecast ARP network traffic, real-time calculates error value in every circle online between the real value and forecast value, detects the ARP spoofing by the error value. FARIMA can represent well self-similar behavior. Running results show FARIMA is advanced, and the method can effectively increase detected percentage of ARP spoofing real-time intrusion detection and can track the source host of ARP spoofing

Key words: ARP spoofing, Fractional Autoregressive Moving Average model(FARIMA), intrusion detection, net security, self-similar

中图分类号: 

• TP393.08