Detection periodically keeps the updated state of the ARP cache table under surveillance.
The detection module periodically keeps the ARP cache table under surveillance and checks changed items.
The protection module converts the (IP, MAC) pair information, which is changed, by the ARP spoofing attack in the ARP cache table list, to the previous state.
The changed information in the ARP cache table is transmitted to PSM using ACTMM.
ACTM applies the normal (IP, MAC) pair to the ARP cache table.
As shown in Figure 5, if there is a change in the ARP cache table and the gateway of Host As network information does not move to the primary path through network routing tracing, it can be deemed that an ARP spoofing attack has taken place in the network.