ARP-PROBE: An ARP spoofing detector for Internet of Things networks using explainable deep learning

The proliferation of the Internet of Things (IoT) devices and application domains has made IoT security an unavoidable challenge. Spoofing the address resolution protocol (ARP) can be exploited by botnets and other malicious programs to propagate and cause damage. Conventional ARP spoofing detection and prevention methods are, in most cases, inefficient for the IoT. This paper presents an ARP spoofing detection system using explainable deep learning, namely ARP-PROBE, for IoT networks. The proposed system relies on features extracted from network packets to detect ARP spoofing quickly and effectively using a feature selection and extraction module that identifies and selects the highly influential features. In a performance evaluation, the proposed system achieved an accuracy of 99.98% and an F₁ score of 0.999. ARP-PROBE had a false positive rate of 0.026% and a false negative rate of 0.001%. To ensure that the model generalizes beyond the training data, a second dataset was used to evaluate it, and the results obtained were consistent with those of the first dataset. To provide a better understanding of the impact of each feature on the performance of the proposed deep learning model, which is the core of ARP-PROBE, a model explanation using SHAP explainability was provided.