Detection of ARP Spoofing, SYN and PING flood attacks using Machine Learning models

Abstract

Device security in Internet of Things (IoT) and Bring Your Own Device (BYOD) environments is becoming an increasing challenge as wireless networks proliferate. This paper presents a comprehensive study that uses machine learning models to detect three common cyber attacks in wireless networks: ARP Spoofing, SYN and PING Flood. Network traffic data was collected using the Wireshark tool, and various machine learning models were evaluated, including CatBoost, LightGBM, Random Forest, Gradient Boosting, XGBoost, Naive Bayes, K-Nearest Neighbors (KNN), and Logistic Regression. Among them, CatBoost performed superiorly in detecting SYN Flood attacks, achieving an accuracy of 96.53% and a ROC-AUC value of 0.9961. For the detection of ARP Spoofing attacks, Random Forest excelled with an accuracy of 97.00% and a ROC-AUC of 0.9945. Compared to others, Naive Bayes outperformed the other models in PING Flood attack detection with an accuracy of 97.83% and a ROC-AUC of 0.9977. These results indicate the great potential of machine learning models, especially CatBoost and Naive Bayes, in significantly improving the detection of various cyber threats in real time. These models represent key tools for securing IoT and BYOD ecosystems in practical, real-world applications.