Securing software-defined networks: ML-based detection of ARP spoofing attacks

Address Resolution Protocol (ARP) spoofing attacks constitute a critical vulnerability in autonomous cyberphysical systems (CPS), such as unmanned aerial vehicles (UAVs), by subverting network-layer perception integrity through forged MAC-IP address mappings. Traditional rule-based detection methods are limited in handling dynamic attack patterns and lack a quantitative evaluation of perception data trustworthiness. To enhance drone communication security and prevent ARP spoofing attacks, this paper introduces a Software- Defined Networking (SDN)-enabled edge control plane architecture integrating a lightweight ensemble machine learning (ML) framework for real-time malicious ARP traffic mitigation. The proposed paradigm leverages SDN's centralized network orchestration and programmable flow rule instantiation to achieve sub-150ms anomaly detection latency with adaptive countermeasure deployment, effectively neutralizing man-in-the-middle (MITM) attack vectors through dynamic flow table recomposition. The comparative evaluation of various machine learning methods integrated into this framework indicates that the GBDT and KNN algorithms outperform other methods in detecting protocol-level anomalies and time attack patterns, achieving an accuracy rate of 99.6%, making them particularly effective in handling complex network attack scenarios. This paper presents a novel model combining machine learning with SDN architecture to defend against ARP spoofing attacks, enhancing drone communication robustness and providing an innovative security solution for SDN networks. The proposed model has broad application potential, particularly in mission-critical environments requiring high security and real-time response.