An interactive visualization tool for teaching ARP spoofing attack

Abstract

Local area network (LAN) access is the top vector for insider threats and misuses according to the Verizon's Data Breach Investigations Report. Address Resolution Protocol (ARP) is often exploited by the attackers who have gained access to the LAN. It is critical for students to learn how attacks on ARP work and know the countermeasures. In an earlier work, authors developed a hands-on lab to help students learn how an ARP spoofing attack works by asking them to create and send attack packets. To enhance learning further, we present an interactive visualization tool that intuitively shows the effects of the ARP spoofing attack in real-time. The Hacker Graphical User Interface (HGUI) is an interactive visualization tool developed to assist students in learning how ARP Spoofing works. By modeling a controlled ARP Spoofing attack using virtual machines, we give students the ability to alter elements of the attack by interacting with the visualization. This tool was developed using Processing, an open source programming language used in many visual art communities. It runs on virtual machines installed with Kali Linux. This tool animates attack packets, normal packets, and the status of ARP cache in real-time. If students have successfully carried out the ARP spoofing attack, they can see the normal packets being routed to the attacker machine and the victim's ARP cache being poisoned. In this paper, we present the design, implementation, and evaluation of the lab. Tests were conducted to measure the performance of students before and after using this tool. We also gave students surveys after they completed the hands-on lab. The result shows that this tool can significantly enhance students' understanding of the concept of ARP spoofing attacks and motivate them in learning more about cyber security.