中文摘要：

对地址解析协议（ARP）的安全性问题进行了研究，指出协议易受攻击的主要原因是协议假定网络上的节点都是可靠的（实际上欺骗节点是存在的），而且将要解析的地址在网络中广播，也没有对应答报文采取验证措施，从而使欺骗节点可以轻易地发起攻击。针对这种情况，提出了一种加入盲确认（BA）机制的地址解析协议（简称ARPBA），该协议针对ARP应答采用二次盲确认，在确认包隐藏了目标IP地址，使欺骗节点无法根据目标IP进行欺骗，可有效地过滤掉欺骗主机的应答。通过OPNET仿真实验表明，ARPBA有效降低了局域网丢包率和ARP缓存表污染率，具有更强的安全性。

英文摘要：

The security issues of address resolution protocol （ARP）were studied, and the conclusions were drawn that ARP networks are more easily attacked by deceive nodes because the ARP assumes that all network nodes are relia- ble（ actually not）and it broadcasts the addresses which need resolving in the networks. In order to overcome the above disadvantages, a novel improved ARP with a Blind-Acknowledgement mechanism （ARPBA）was proposed. The protocol uses reverse blind acknowledgement to check ARP replies. Since a destination IP address is hidden in the acknowledgement packet, malicious nodes cannot deceive according to the destination IP. Moreover it can effectively filter out the spoofing replies. The OPNET simulation experiments showed that ARPBA had the stronger security by effectively reducing the LAN packets loss rate and the ARP cache table contamination rate.