Deep Learning based framework for dynamic Detection and Mitigation of ARP Spoofing attacks

Abstract

Address Resolution Protocol (ARP) is a protocol that links the IP address of a network node to the Media Access Control (MAC) address of another node for communication. An attack known as ARP spoofing affects a network's data-link layer and permits malicious access to network data. The sending device can be tricked, and potentially valuable data can be stolen, by connecting the attacker's MAC address to the IP address of the receiving device. Several approaches exist today to detect ARP attacks accurately and efficiently but have drawbacks in various aspects such as speed of detection, accuracy, dynamicity, and scalability. To overcome these issues, we propose DL-ARP, a novel dynamic framework based on an XGBoost Classifier followed by a CNN-LSTM architecture. This technique can identify and mitigate ARP spoofing assaults in real-time by collecting packets of data as they are received. The model automatically categorizes them and creates entry cache logs in the process. This paper aims to show the effectiveness and the potential of the suggested methodology for real-time ARP spoofing detection and prevention, this study also assess the performance of the proposed methodology in comparison to other existing methods. © 2023 IEEE.