The Address Resolution Protocol (ARP) spoofing is a common method used by adversaries to attack the security of Internet of Things (IoT) networks through Man-in-the-Middle (MITM) attacks. Lightweight, resource-constrained IoT devices are often vulnerable to these attacks; thus, traditional detection mechanisms are often insufficient to identify and counteract them in real time. In this study, we proposed a machine learning-based model to detect ARP spoofing MITM attacks using the IoTID20 dataset. The detection model is systematic and includes dataset extraction, preprocessing, train-test splitting, classifier training, and performance evaluation. We used accuracy, precision, recall, and F1-score to evaluate eleven machine learning classifiers, including tree-based ensembles, linear models, kernel-based methods, and optimization-driven algorithms. Results show that ensemble methods performed the best, with LightGBM achieving the highest score of 99.7% across all four metrics, followed by XGBoost and Random Forest. Simpler algorithms like logistic regression and ridge performed less well but still delivered competitive results, indicating their potential for deployment on resource-limited IoT devices. These findings demonstrate that machine learning can effectively detect ARP spoofing attacks with high accuracy and efficiency, offering a promising approach to securing IoT environments against MITM threats.
Almomani et al. (Thu,) studied this question.