{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T06:52:42Z","timestamp":1772347962342,"version":"3.50.1"},"reference-count":18,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2011,8,4]],"date-time":"2011-08-04T00:00:00Z","timestamp":1312416000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["SIGSOFT Softw. Eng. Notes"],"published-print":{"date-parts":[[2011,8,4]]},"abstract":"<jats:p>Address Resolution Protocol (ARP) is used to map the network address (IP address) to a physical address (MAC address). Being a stateless protocol and lacking proper authentication mechanism in the ARP messages, ARP is vulnerable for cache poisoning attack. Attacker can perform Man-In-The-Middle (MITM) attack or Denial of Service (DoS) attack and can access sensitive information, modify the contents, or deny the host from getting services. Different techniques for the detection and prevention of ARP cache poisoning attack have been proposed. Detection techniques (such as ARPWatch and Intrusion Detection techniques) generate false positives. Some prevention technique makes change in the switch itself and some uses cryptographic techniques. Secure-ARP and Ticket based ARP (TARP) are cryptographic techniques but suffer from single point failure and ticket flooding attacks respectively. ARP is a stateless protocol and ARP messages lacks the address authentication mechanism. As an ARP reply is unicast, all host systems in the LAN are not aware of the attacker present in the LAN. In this paper, we have proposed a protocol known as \"Genuine Address Resolution Protocol (GARP)\". Two novel concepts, viz., broadcastbased reply, and the Certifier for proof of IP address ownership have been proposed in GARP. As a reply is broadcast, the host, whose IP the attacker is using for attack, is aware of the attacker and subsequently makes other hosts in the LAN also aware of the attacker. Thus, the protocol prevents possible attack from the same attacker in the future. Statefulness is achieved by two tables, viz., the pending table and the blacklist table. The pending table holds the reply till its genuineness is proved and the blacklist table holds the MAC of attacker. Furthermore, the Certificate Authority is responsible for monitoring the ARP activities, which intervenes with appropriate messages at appropriate instances. The Dynamic Host Configuration Protocol (DHCP) server could be loaded with the additional service of monitoring ARP activities. The protocol has been implemented on Linux operating system. GARP was tested for various possible cases of ARP cache poisoning attack. From the results, it could be inferred that the GARP provides security against ARP cache poisoning attacks.<\/jats:p>","DOI":"10.1145\/1988997.1989013","type":"journal-article","created":{"date-parts":[[2011,8,10]],"date-time":"2011-08-10T16:16:22Z","timestamp":1312992982000},"page":"1-10","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Genuine ARP (GARP)"],"prefix":"10.1145","volume":"36","author":[{"given":"Subash","family":"Dangol","sequence":"first","affiliation":[{"name":"National Institute of Technology, Tiruchirappalli - Tamil Nadu, India"}]},{"given":"S.","family":"Selvakumar","sequence":"additional","affiliation":[{"name":"National Institute of Technology, Tiruchirappalli - Tamil Nadu, India"}]},{"given":"M.","family":"Brindha","sequence":"additional","affiliation":[{"name":"National Institute of Technology, Tiruchirappalli - Tamil Nadu, India"}]}],"member":"320","published-online":{"date-parts":[[2011,8,4]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCSW.2007.19"},{"key":"e_1_2_1_2_1","unstructured":"Anticap. Retreived August 1 2010: http:\/\/www.antifork.org\/trac\/browser\/trunk\/anticap  Anticap. Retreived August 1 2010: http:\/\/www.antifork.org\/trac\/browser\/trunk\/anticap"},{"key":"e_1_2_1_3_1","unstructured":"ARP Spoofing. Retreived August 1 2010 from Wikimedia Foundation: http:\/\/en.wikipedia.org\/wiki\/ARP_spoofing  ARP Spoofing. Retreived August 1 2010 from Wikimedia Foundation: http:\/\/en.wikipedia.org\/wiki\/ARP_spoofing"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/956415.956434"},{"key":"e_1_2_1_5_1","first-page":"50","author":"Cisco Systems ARP","year":"2009","unstructured":"Cisco Systems . Configuring Dynamic ARP Inspection , Catalyst 650 0 Series Switch Cisco IOS Software Configuration Guide , Release 12.2 SX . 2009 , 50 .1--50.22. Cisco Systems. Configuring Dynamic ARP Inspection, Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide, Release 12.2SX. 2009, 50.1--50.22.","journal-title":"SX"},{"key":"e_1_2_1_6_1","unstructured":"Denial of service attacks. Retreived August 1 2010 from Wikimedia Foundation: http:\/\/en.wikipedia.org\/wiki\/Man-in-themiddle_attack  Denial of service attacks. Retreived August 1 2010 from Wikimedia Foundation: http:\/\/en.wikipedia.org\/wiki\/Man-in-themiddle_attack"},{"key":"e_1_2_1_7_1","volume-title":"Dynamic Host Configuration Protocol. Retreived","author":"Droms R.","year":"2010","unstructured":"Droms , R. Dynamic Host Configuration Protocol. Retreived August 2, 2010 , from Internet Society : http:\/\/www.ietf.org\/rfc\/rfc2131.txt Droms, R. Dynamic Host Configuration Protocol. Retreived August 2, 2010, from Internet Society: http:\/\/www.ietf.org\/rfc\/rfc2131.txt"},{"key":"e_1_2_1_8_1","first-page":"618","volume":"611","author":"Forouzan B. A.","year":"2007","unstructured":"Forouzan , B. A. Data Communications and Networking. 4th edition , Mc Graw Hill , 2007 , 611 -- 618 . Forouzan, B. A. Data Communications and Networking. 4th edition, Mc Graw Hill, 2007, 611--618.","journal-title":"Mc Graw Hill"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/11506157_4"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/1875558.1875570"},{"key":"e_1_2_1_11_1","unstructured":"L. N. R. Group. ARPWatch. Retreived August 10 2010: ftp:\/\/ftp.ee.lbl.gov\/arpwatch.tar.gz.  L. N. R. Group. ARPWatch. Retreived August 10 2010: ftp:\/\/ftp.ee.lbl.gov\/arpwatch.tar.gz."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2007.05.007"},{"key":"e_1_2_1_13_1","unstructured":"Man-In-The-Middle attack. Retreived August 1 2010 from Wikimedia Foundation: http:\/\/en.wikipedia.org\/wiki\/Man_in_the_middle_attack  Man-In-The-Middle attack. Retreived August 1 2010 from Wikimedia Foundation: http:\/\/en.wikipedia.org\/wiki\/Man_in_the_middle_attack"},{"key":"e_1_2_1_14_1","volume-title":"Address Resolution Protocol. Retreived","author":"Plummer D. C.","year":"2010","unstructured":"Plummer , D. C. Address Resolution Protocol. Retreived July 23, 2010 : http:\/\/www.ietf.org\/rfc\/rfc0826.txt Plummer, D. C. Address Resolution Protocol. Retreived July 23, 2010: http:\/\/www.ietf.org\/rfc\/rfc0826.txt"},{"key":"e_1_2_1_15_1","volume-title":"Snort: The open source network intrusion detection system, (2006). Retreived","author":"Snort Project","year":"2010","unstructured":"Snort Project , The . Snort: The open source network intrusion detection system, (2006). Retreived August 1, 2010 : http:\/\/www.snort.org Snort Project, The. Snort: The open source network intrusion detection system, (2006). Retreived August 1, 2010: http:\/\/www.snort.org"},{"key":"e_1_2_1_16_1","unstructured":"Teterin I. Antidote. Retreived August 1 2010: http:\/\/online.securityfocus.com\/archive\/1\/299929  Teterin I. Antidote. Retreived August 1 2010: http:\/\/online.securityfocus.com\/archive\/1\/299929"},{"key":"e_1_2_1_17_1","unstructured":"The OpenSSL library. http:\/\/www.openssl.org.  The OpenSSL library. http:\/\/www.openssl.org."},{"key":"e_1_2_1_18_1","unstructured":"The Packet capture library. http:\/\/www.tcpdump.org.  The Packet capture library. http:\/\/www.tcpdump.org."}],"container-title":["ACM SIGSOFT Software Engineering Notes"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1988997.1989013","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1988997.1989013","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T11:06:00Z","timestamp":1750244760000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1988997.1989013"}},"subtitle":["a broadcast based stateful authentication protocol"],"short-title":[],"issued":{"date-parts":[[2011,8,4]]},"references-count":18,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2011,8,4]]}},"alternative-id":["10.1145\/1988997.1989013"],"URL":"https:\/\/doi.org\/10.1145\/1988997.1989013","relation":{},"ISSN":["0163-5948"],"issn-type":[{"value":"0163-5948","type":"print"}],"subject":[],"published":{"date-parts":[[2011,8,4]]},"assertion":[{"value":"2011-08-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}