Detection of ARP Spoofing Attack Using ICMP Protocol?

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address (IP address) to a physical machine address (MAC) that is recognized in the local network. ARP spoofing is the act of vindictively changing the IP-MAC associations stored in ARP cache of any network host. This paper discusses ARP spoofing attack and some related works about it first. On these bases, the paper proposed an efficient algorithm based on ICMP protocol to detect malicious hosts that are performing ARP spoofing attack. The technique includes collecting and analysing the ARP packets, and then injecting ICMP echo request packets to probe for malicious host according to its response packets.