ARP Spoofing-Based MITM Attack in Data Link Layer Using the Hybrid Method- CONVLSTM-ECC

Main Article Content

JapneetKaur, PreetiSondhi


The ARP protocol is used to determine the MAC Address of a device whose IP address is known. When a device wants to interact with another device on the network, it uses ARP to determine the MAC Address of the device with which it wishes to communicate. The ARP poisoning or ARP spoofing technique is used in the MITM attack. This is accomplished by taking advantage of two security flaws. The first is that each ARP request or response is regarded as legitimate. Simply inform any device on your network that you are the router, and the device will trust you. The simulated data is displayed as a trace graph, which contains the communication records. The trace graph's standard trace format contains 54 features that display all of the packet communication's details. The ConvLSTM model can utilize the data once it has been pre-processed since it removes the unneeded data. The Convolutional LSTM (ConvLSTM) model is an extended form of the LSTM (Long Short-Term Memory) model, which is itself an enhanced version of RNN (Recurrent Neural Network). The proposed the Hybrid ConvLSTM-ECC method, which uses convolutional layers for feature extraction from raw data to detect the Data Link layer's ARP Spoofing-based MITM attack nodes in a wired and wireless context. The output is given into the LSTM model, which predicts detection accuracy and mitigates ARP Spoofing-based MITM attacks by producing signatures for node authentication using the data.

Article Details