ARP SPOOFING-BASED MITM ATTACK IN DATA LINK LAYER USING THE HYBRID METHOD- CONVLSTM-ECC

The ARP protocol is used to determine the MAC Address of a device whose IP address is
known. When a device wants to interact with another device on the network, it uses ARP to
determine the MAC Address of the device with which it wishes to communicate. The ARP
poisoning or ARP spoofing technique is used in the MITM attack. This is accomplished by
taking advantage of two security flaws. The first is that each ARP request or response is
regarded as legitimate. Simply inform any device on your network that you are the router,
and the device will trust you. The simulated data is displayed as a trace graph, which
contains the communication records. The trace graph's standard trace format contains 54
features that display all of the packet communication's details. The ConvLSTM model can
utilize the data once it has been pre-processed since it removes the unneeded data. The
Convolutional LSTM (ConvLSTM) model is an extended form of the LSTM (Long Short-Term
Memory) model, which is itself an enhanced version of RNN (Recurrent Neural Network).
The proposed the Hybrid ConvLSTM-ECC method, which uses convolutional layers for
feature extraction from raw data to detect the Data Link layer's ARP Spoofing-based MITM
attack nodes in a wired and wireless context. The output is given into the LSTM model, which
predicts detection accuracy and mitigates ARP Spoofing-based MITM attacks by producing
signatures for node authentication using the data.