Machine Learning-Based Detection of ARP and DHCP Protocol Attacks
摘要
In modern network environments, Address Resolution Protocol (ARP) and Dynamic Host Configuration Protocol (DHCP) spoofing attacks remain among the most dangerous threats due to their stealth and potential for traffic manipulation. This study presents a machine learning-based approach for the real-time detection of ARP and DHCP spoofing attacks. The proposed system utilizes traffic captured in PCAP format, which is then transformed into structured CSV datasets suitable for feature extraction and model training. Key indicators such as source MAC/IP mismatches, abnormal request/offer behavior, and traffic anomalies are used to train classification models including decision trees, support vector machines, and LogisticRegression. The models were evaluated on labeled datasets containing both normal and attack traffic and achieved high accuracy, with performance metrics such as Precision, Recall, and F1-score reaching 1.0. The system is lightweight, adaptable, and designed for practical deployment without requiring SDN controllers or specialized hardware. This research demonstrates the effectiveness of ML-based detection in improving cybersecurity for open and virtualized network environments and highlights the potential for future integration into intrusion detection systems.