Machine Learning-Based Detection of ARP Spoofing Attacks Using Behavioral Analysis

Abstract

This research focuses on identifying and reducing ARP (Address Resolution Protocol) spoofing attacks, which pose a significant vulnerability in network security. These attacks allow attackers to manipulate data flows by linking their MAC address with a legitimate IP address. The study aims to develop a robust framework for detecting ARP spoofing behaviors and mitigating potential network attacks. The research first involved performing a behavioral analysis on ARP traffic to extract relevant features, such as ARP request frequency, IP-MAC mapping inconsistencies, time between requests, and other typical network behaviors that indicate spoofing. Various machine learning techniques were then employed, including models like Linear SVC, Logistic Regression, K-Nearest Neighbors (KNN), and Gaussian Naïve Bayes. Among these models, KNN achieved the highest accuracy of 0.94, demonstrating its effectiveness in identifying spoofing behaviors. The overall performance of the framework highlights the potential of combining behavioral analysis with machine learning to enhance network security by detecting and mitigating ARP spoofing attacks in real-time.