Abstract In the recent years, many network intrusion attacks were performed to steal the confidential information of customers or enterprises. Information stealing has become one of the most serious security threats of networks. Obtaining personal information may bring benefits for attackers. Therefore, a lot of new malware is developed. As vulnerability reports or system patches are announced, hackers may develop corresponding virus/worms and issue zero-day attacks. Therefore, how to effectively protect the security of networks has become the most important issue for network managers. In the recent years, based on the vulnerability of the Address Resolution Protocol (ARP), ARP spoofing attacks are developed to steal passwords or confidential information of users. In this thesis, from the perspective of network managers, we shall propose an SNMP-based scheme for detecting ARP attacks. The proposed scheme correlates the address configuration information in routers, switches, and the DHCP server to detect ARP attacks, including man-in-the-middle and denial of service attacks, to identify the location of the attacker, and to isolate the attack. Experiments show that ARP attacks can be effectively detected by the proposed scheme.