Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning

Md Mizanur Rahman; Faycal Bouhafs; Sayed Amir Hoseini; Frank den Hartog

Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning

Md Mizanur Rahman, Faycal Bouhafs, Sayed Amir Hoseini, Frank den Hartog

Information Systems

Research output: A Conference proceeding or a Chapter in Book › Conference contribution › peer-review

2 Citations (Scopus)

Abstract

The Internet of Things (IoT) has revolutionized smart homes but also makes smart homes vulnerable to cyber attacks. One such attack is the Address Resolution Protocol (ARP) spoofing-based Man-in-the-Middle (MITM) attack. This form of attack puts the integrity of communication at risk in smart home networks. Identifying ARP spoofing in these settings is essential to maintain user security and privacy. Unfortunately, there is a lack of detection methods for ARP spoofing attacks in smart homes. Recent Machine-Learning (ML)-based detection techniques have severe limitations when applied to such environments: they were developed based on a single dataset typically originating from a single lab testbed mimicking a single home, whilst implicitly assuming applicability of the results to smart homes in general. We found that this assumption is incorrect: the performance of ML varies quite significantly from dataset to dataset and between algorithms. From an in-depth analysis of feature importance and impact on the outcomes of the algorithms, we conclude that only a very specific set of features is responsible for the lion share of the algorithms' performance. We, therefore, recommend that future smart home datasets to be used for training artificially intelligent detection techniques for ARP-spoofing in smart homes in general are sourced using a limited but standardized set of features as laid out in this paper, and use XGBoost as the algorithm of choice.

Original language	English
Title of host publication	51st International Conference on Computers & Industrial Engineering (CIE51)
Editors	Ripon K. Chakrabortty, Hasan H. Turan, Kannan Govindan, Yasser Dessouky
Publisher	Curran Associates
Pages	2231-2240
Number of pages	10
ISBN (Print)	9798331316259
Publication status	Published - 9 Dec 2024
Event	51st International Conference on Computers and Industrial Engineering, CIE 2024 - Sydney, Australia Duration: 9 Dec 2024 → 11 Dec 2024

Publication series

Name	Proceedings of International Conference on Computers and Industrial Engineering, CIE
ISSN (Print)	2164-8689

Conference

Conference	51st International Conference on Computers and Industrial Engineering, CIE 2024
Country/Territory	Australia
City	Sydney
Period	9/12/24 → 11/12/24

Cite this

Rahman, M. M., Bouhafs, F., Hoseini, S. A., & den Hartog, F. (2024). Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning. In R. K. Chakrabortty, H. H. Turan, K. Govindan, & Y. Dessouky (Eds.), 51st International Conference on Computers & Industrial Engineering (CIE51) (pp. 2231-2240). (Proceedings of International Conference on Computers and Industrial Engineering, CIE). Curran Associates.

Rahman, Md Mizanur ; Bouhafs, Faycal ; Hoseini, Sayed Amir et al. / Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning. 51st International Conference on Computers & Industrial Engineering (CIE51). editor / Ripon K. Chakrabortty ; Hasan H. Turan ; Kannan Govindan ; Yasser Dessouky. Curran Associates, 2024. pp. 2231-2240 (Proceedings of International Conference on Computers and Industrial Engineering, CIE).

@inproceedings{afcb814deb81486c9e1d5104255e917e,

title = "Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning",

abstract = "The Internet of Things (IoT) has revolutionized smart homes but also makes smart homes vulnerable to cyber attacks. One such attack is the Address Resolution Protocol (ARP) spoofing-based Man-in-the-Middle (MITM) attack. This form of attack puts the integrity of communication at risk in smart home networks. Identifying ARP spoofing in these settings is essential to maintain user security and privacy. Unfortunately, there is a lack of detection methods for ARP spoofing attacks in smart homes. Recent Machine-Learning (ML)-based detection techniques have severe limitations when applied to such environments: they were developed based on a single dataset typically originating from a single lab testbed mimicking a single home, whilst implicitly assuming applicability of the results to smart homes in general. We found that this assumption is incorrect: the performance of ML varies quite significantly from dataset to dataset and between algorithms. From an in-depth analysis of feature importance and impact on the outcomes of the algorithms, we conclude that only a very specific set of features is responsible for the lion share of the algorithms' performance. We, therefore, recommend that future smart home datasets to be used for training artificially intelligent detection techniques for ARP-spoofing in smart homes in general are sourced using a limited but standardized set of features as laid out in this paper, and use XGBoost as the algorithm of choice.",

keywords = "ARP spoofing, Internet of Things (IoT), Machine learning, MITM attack, Smart home",

author = "Rahman, {Md Mizanur} and Faycal Bouhafs and Hoseini, {Sayed Amir} and {den Hartog}, Frank",

note = "Publisher Copyright: {\textcopyright} 2024 Computers and Industrial Engineering. All rights reserved.; 51st International Conference on Computers and Industrial Engineering, CIE 2024 ; Conference date: 09-12-2024 Through 11-12-2024",

year = "2024",

month = dec,

day = "9",

language = "English",

isbn = "9798331316259",

series = "Proceedings of International Conference on Computers and Industrial Engineering, CIE",

publisher = "Curran Associates",

pages = "2231--2240",

editor = "Chakrabortty, {Ripon K.} and {H. Turan}, {Hasan } and Kannan Govindan and Yasser Dessouky",

booktitle = "51st International Conference on Computers & Industrial Engineering (CIE51)",

}

Rahman, MM, Bouhafs, F, Hoseini, SA & den Hartog, F 2024, Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning. in RK Chakrabortty, H H. Turan, K Govindan & Y Dessouky (eds), 51st International Conference on Computers & Industrial Engineering (CIE51). Proceedings of International Conference on Computers and Industrial Engineering, CIE, Curran Associates, pp. 2231-2240, 51st International Conference on Computers and Industrial Engineering, CIE 2024, Sydney, Australia, 9/12/24.

Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning. / Rahman, Md Mizanur; Bouhafs, Faycal; Hoseini, Sayed Amir et al.
51st International Conference on Computers & Industrial Engineering (CIE51). ed. / Ripon K. Chakrabortty; Hasan H. Turan; Kannan Govindan; Yasser Dessouky. Curran Associates, 2024. p. 2231-2240 (Proceedings of International Conference on Computers and Industrial Engineering, CIE).

Research output: A Conference proceeding or a Chapter in Book › Conference contribution › peer-review

TY - GEN

T1 - Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning

AU - Rahman, Md Mizanur

AU - Bouhafs, Faycal

AU - Hoseini, Sayed Amir

AU - den Hartog, Frank

PY - 2024/12/9

Y1 - 2024/12/9

N2 - The Internet of Things (IoT) has revolutionized smart homes but also makes smart homes vulnerable to cyber attacks. One such attack is the Address Resolution Protocol (ARP) spoofing-based Man-in-the-Middle (MITM) attack. This form of attack puts the integrity of communication at risk in smart home networks. Identifying ARP spoofing in these settings is essential to maintain user security and privacy. Unfortunately, there is a lack of detection methods for ARP spoofing attacks in smart homes. Recent Machine-Learning (ML)-based detection techniques have severe limitations when applied to such environments: they were developed based on a single dataset typically originating from a single lab testbed mimicking a single home, whilst implicitly assuming applicability of the results to smart homes in general. We found that this assumption is incorrect: the performance of ML varies quite significantly from dataset to dataset and between algorithms. From an in-depth analysis of feature importance and impact on the outcomes of the algorithms, we conclude that only a very specific set of features is responsible for the lion share of the algorithms' performance. We, therefore, recommend that future smart home datasets to be used for training artificially intelligent detection techniques for ARP-spoofing in smart homes in general are sourced using a limited but standardized set of features as laid out in this paper, and use XGBoost as the algorithm of choice.

AB - The Internet of Things (IoT) has revolutionized smart homes but also makes smart homes vulnerable to cyber attacks. One such attack is the Address Resolution Protocol (ARP) spoofing-based Man-in-the-Middle (MITM) attack. This form of attack puts the integrity of communication at risk in smart home networks. Identifying ARP spoofing in these settings is essential to maintain user security and privacy. Unfortunately, there is a lack of detection methods for ARP spoofing attacks in smart homes. Recent Machine-Learning (ML)-based detection techniques have severe limitations when applied to such environments: they were developed based on a single dataset typically originating from a single lab testbed mimicking a single home, whilst implicitly assuming applicability of the results to smart homes in general. We found that this assumption is incorrect: the performance of ML varies quite significantly from dataset to dataset and between algorithms. From an in-depth analysis of feature importance and impact on the outcomes of the algorithms, we conclude that only a very specific set of features is responsible for the lion share of the algorithms' performance. We, therefore, recommend that future smart home datasets to be used for training artificially intelligent detection techniques for ARP-spoofing in smart homes in general are sourced using a limited but standardized set of features as laid out in this paper, and use XGBoost as the algorithm of choice.

KW - ARP spoofing

KW - Internet of Things (IoT)

KW - Machine learning

KW - MITM attack

KW - Smart home

UR - http://www.scopus.com/inward/record.url?scp=105003212681&partnerID=8YFLogxK

UR - https://conference.unsw.edu.au/en/the-51st-international-conference-on-computers-and-industrial-engineering

M3 - Conference contribution

AN - SCOPUS:105003212681

SN - 9798331316259

T3 - Proceedings of International Conference on Computers and Industrial Engineering, CIE

SP - 2231

EP - 2240

BT - 51st International Conference on Computers & Industrial Engineering (CIE51)

A2 - Chakrabortty, Ripon K.

A2 - H. Turan, Hasan

A2 - Govindan, Kannan

A2 - Dessouky, Yasser

PB - Curran Associates

T2 - 51st International Conference on Computers and Industrial Engineering, CIE 2024

Y2 - 9 December 2024 through 11 December 2024

ER -

Rahman MM, Bouhafs F, Hoseini SA, den Hartog F. Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning. In Chakrabortty RK, H. Turan H, Govindan K, Dessouky Y, editors, 51st International Conference on Computers & Industrial Engineering (CIE51). Curran Associates. 2024. p. 2231-2240. (Proceedings of International Conference on Computers and Industrial Engineering, CIE).

Feature Relevance for Detecting Address Resolution Protocol Spoofing in Smart Homes with Machine Learning

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this