ARP spoofing detection using machine learning classifiers: an experimental study

ARP spoofing detection using machine learning classifiers: an experimental study

연구 분야: Safety

학회: Knowledge and Information Systems

Recent university data breaches highlight the need to protect sensitive information and enhance centralized security systems like Software-Defined Networking and Intrusion Detection Systems by providing timely data for traffic analysis and attack detection. ARP spoofing, which can facilitate Man-in-the-Middle (MITM) attacks, is a key threat responsible for such breaches. Our work focuses on real-time anomaly detection within host-based systems to improve protection against ARP spoofing-based MITM attacks. The existing intrusion detection methods generally exhibit a gap where ML-based methods often overlook network metrics crucial for assessing real-world impact and system performance, while non-ML approaches struggle with adapting to new attack patterns. Our study introduces a dynamic ARP spoofing detection approach that addresses vulnerabilities in victim ARP caches by continuously updating references and verifying source IP and MAC addresses. The algorithm also cross-verifies gateway values to maintain accurate network integrity. Our research optimizes ML classifiers for ARP spoofing detection in host-based networks by selecting features based on expert insights and literature, utilizing a real-time dataset from our institute’s lab with 12 features, including 6 identified as optimal via PCA, to ensure accuracy and relevance in our specific network conditions. Additionally, we evaluated our models across various machine learning classifiers-including K-Nearest Neighbors, Decision Tree, Random Forest, Artificial Neural Network, Deep Neural Network, Convolutional Neural Network, and hybrid classifiers from continual learning approaches-achieving remarkable performance with 99% F1-Score and accuracy during training, and increased 99.26% F1-Score for real-time attack detection using CNN.