Fortifying Network Security: A Machine Learning-Based Approach to Improving DHCP Snooping

Year 2026, Volume: 10 Issue: 1, 24 - 38

Bashar Alhajahmad

https://doi.org/10.31127/tuje.1702914

Abstract

Dynamic Host Configuration Protocol (DHCP) spoofing remains a critical security threat in modern networks, particularly when attackers exploit the assumption that traffic from trusted ports is always legitimate. Conventional DHCP Snooping mechanisms are unable to detect rogue servers connected to trusted interfaces, leaving networks vulnerable to man-in-the-middle and denial-of-service attacks. To address this overlooked weakness, we propose a machine learning–based enhancement to DHCP Snooping. A custom dataset was generated from simulated DHCP traffic, capturing relevant protocol-level features while excluding trivial identifiers such as MAC addresses to ensure fair evaluation. Multiple classifiers—including Logistic Regression, Naive Bayes, Decision Tree, K-Nearest Neighbors, Support Vector Machine, Random Forest, and Gradient Boosting Trees—were implemented and evaluated using k-fold cross-validation. The results demonstrate that ensemble models achieved superior performance, with Random Forest and Gradient Boosting Trees reaching up to 100.0% accuracy on the full dataset and maintaining above 96.0% accuracy, precision, recall, and F1-score even when MAC-based features were excluded. Confusion matrix analysis further confirmed their robustness in distinguishing spoofed from legitimate traffic. In addition, we compared our models against a rule-based baseline resembling conventional DHCP Snooping, which achieved only ~70–75% detection accuracy. Finally, deployment considerations such as latency, model size, and fail-safe behavior are discussed, and the dataset and workflow are made available to support reproducibility. These contributions establish a practical and adaptive framework for strengthening DHCP Snooping against spoofing attacks in real-world networks.

Keywords

DHCP snooping , DHCP spoofing , Machine Learning , KNIME , Random Forest

Supporting Institution

N/A

Project Number

N/A

Thanks

Thanks for efforts.

References

• Syafei, W. A., Soetrisno, Y. A. A., & Prasetijo, A. B. (2020, November). Simple smart algorithm for flexibility of dynamic allocation in DHCP server for SOHO wireless router. In 2020 International Conference on Computer Engineering, Network, and Intelligent Multimedia (CENIM) (pp. 321–325). IEEE.
• Ahmad, Z., Shahid Khan, A., Wai Shiang, C., Abdullah, J., & Ahmad, F. (2021). Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies, 32(1), e4150.
• Yan, A., Jing, S., Qi, Q., & Xiao, B. (2016, May). A study on campus network access and export management. In 2nd Workshop on Advanced Research and Technology in Industry Applications (WARTIA-16) (pp. 1812–1816). Atlantis Press.
• Pradana, D. A., & Budiman, A. S. (2021). The DHCP Snooping and DHCP Alert method in securing DHCP server from DHCP rogue attack. IJID (International Journal on Informatics for Development), 10(1), 38–46.
• Miftah, Z. (2018). Simulasi keamanan jaringan dengan metode DHCP Snooping dan VLAN. Fakt. Exacta, 11(2), 167–172.
• Tripathi, N., & Hubballi, N. (2018). Detecting stealth DHCP starvation attack using a machine-learning approach. Journal of Computer Virology and Hacking Techniques, 14, 233–244.
• Jony, A., & Islam, M. N. (2023, September). An effective technique to automatically detect and neutralize rogue DHCP server. In 2023 International Conference on Information and Communication Technology for Sustainable Development (ICICT4SD) (pp. 244–248). IEEE.
• Tok, M. S., & Demirci, M. (2021). Security analysis of SDN controller-based DHCP services and attack mitigation with DHCP guard. Computers & Security, 109, 102394.
• Aldaoud, M., Al-Abri, D., Al Maashri, A., & Kausar, F. (2021). DHCP attacking tools: An analysis. Journal of Computer Virology and Hacking Techniques, 17, 119–129.
• Ahmet, E. F. E., Kalkancı, G., Donk, M., Cihangir, S., & Uysal, Z. (2019). A hidden hazard: Man-in-the-middle attack in networks. Bilgisayar Bilimleri, 4(2), 96–116.
• Bhushan, B., Sahoo, G., & Rai, A. K. (2017, September). Man-in-the-middle attack in wireless and computer networking — A review. In 3rd International Conference on Advances in Computing, Communication & Automation (ICACCA)(Fall) (pp. 1–6). IEEE.
• Sinap, V. (2025). A novel hyperparameter tuning method for enhanced intrusion detection in network security. Turkish Journal of Engineering, 9(3), 519–534.
• Alsaadi, R. R., & Abdul-Zahra, D. S. (2021). Security DHCP server on LAN network. Turkish Journal of Physiotherapy and Rehabilitation, 32(3), 5121–5132.
• Syed, S., Khuhawar, F., Talpur, S., Memon, A. A., Luque-Nieto, M. A., & Narejo, S. (2022, February). Analysis of Dynamic Host Control Protocol implementation to assess DoS attacks. In 2022 Global Conference on Wireless and Optical Technologies (GCWOT) (pp. 1–7). IEEE.
• Banitalebi Dehkordi, A., Soltanaghaei, M., & Boroujeni, F. Z. (2021). The DDoS attacks detection through machine learning and statistical methods in SDN. The Journal of Supercomputing, 77(3), 2383–2415.
• Syed, N. F., Baig, Z., Ibrahim, A., & Valli, C. (2020). Denial of service attack detection through machine learning for the IoT. Journal of Information and Telecommunication, 4(4), 482–503.
• Aytaç, T., Aydın, M., & Zaim, A. (2020). Detection DDoS attacks using machine learning methods. Electrica, 20(2).
• Shrestha, P., & Sherpa, T. D. (2023, January). Dynamic Host Configuration Protocol attacks and its detection using Python scripts. In 2023 International Conference on Artificial Intelligence and Knowledge Discovery in Concurrent Engineering (ICECONF) (pp. 1–5). IEEE.
• Syed, S., Khuhawar, F., & Talpur, S. (2021, October). Machine learning approach for classification of DHCP DoS attacks in NIDS. In IEEE 18th International Conference on Smart Communities: Improving Quality of Life Using ICT, IoT and AI (HONET) (pp. 143–146). IEEE.
• Aldaoud, M., Al-Abri, D., Al Maashri, A., & Kausar, F. (2023). Detecting and mitigating DHCP attacks in OpenFlow-based SDN networks: A comprehensive approach. Journal of Computer Virology and Hacking Techniques, 19(4), 597–614.
• Bakhsh, S. A., Khan, M. A., Ahmed, F., Alshehri, M. S., Ali, H., & Ahmad, J. (2023). Enhancing IoT network security through deep learning-powered intrusion detection system. Internet of Things, 24, 100936.
• Purnomo, A. (2024). Implementation of DHCP Snooping method to improve security on computer networks. bit-Tech, 6(3).
• Roshani, M., & Nobakht, M. (2022, August). HybridDAD: Detecting DDoS flooding attack using machine learning with programmable switches. In Proceedings of the 17th International Conference on Availability, Reliability and Security (ARES) (pp. 1–11). ACM.
• Zhou, Y., et al. (2024). An innovative ensemble deep learning model for network traffic classification. Neural Computing and Applications.
• Alshamrani, A., et al. (2025). Hybrid machine learning model for intrusion detection in IoT environments. IEEE Access.
• Yıldırım, A., et al. (2023). Anomaly detection in Turkish network traffic using gradient boosting methods. Gazi University Journal of Science.
• Doğan, Y. (2024). An innovative approach for Parkinson’s disease diagnosis using CNN, NCA, and SVM. Neural Computing and Applications, 36(32), 20089–20110.
• Doğan, Y. (2025). AutoEffFusionNet: A new approach for cervical cancer diagnosis using ResNet-based autoencoder with attention mechanism and genetic feature selection. IEEE Access.
• Droms, R. (1997). RFC 2131: Dynamic Host Configuration Protocol. IETF. Retrieved from https://www.rfc-editor.org/rfc/rfc2131
• Alexander, S., & Droms, R. (1997). RFC 2132: DHCP options and BOOTP vendor extensions. IETF. Retrieved from https://www.rfc-editor.org/rfc/rfc2132
• Patrick, M. (2001). RFC 3046: DHCP relay agent information option. IETF. Retrieved from https://www.rfc-editor.org/rfc/rfc3046
• Droms, R., & Arbaugh, W. (2001). RFC 3118: Authentication for DHCP messages. IETF. Retrieved from https://www.rfc-editor.org/rfc/rfc3118
• Cisco Systems. (2023). DHCP Snooping configuration guide. Cisco Documentation. Retrieved from https://www.cisco.com
• Madakam, S., Ramaswamy, R., & Tripathi, S. (2015). Internet of Things (IoT): A literature review. Journal of Computer and Communications, 3(5), 164–173.
• Basil, N., Ahammad, S. H., & Elsayed, E. E. (2024). Enhancing wireless subscriber performance through AODV routing protocol in simulated mobile ad-hoc networks. Engineering Applications, 3(1), 16–26.
• Mema, B., & Basholli, F. (2023). Internet of Things in the development of future businesses in Albania. Advanced Engineering Science, 3, 196–205.
• Adesemowo, A. K., & Gerber, M. (2014). E-skilling on fundamental ICT networking concepts: Overcoming resource constraints at a South African university. In Proceedings of the e-Skills for Knowledge Production and Innovation Conference (pp. 1–16).
• Rangra, K., & Bansal, K. L. (2014). Comparative study of data mining tools. International Journal of Advanced Research in Computer Science and Software Engineering, 4(6), 216–223.
• Sinap, V. (2024). Comparative analysis of machine learning techniques for credit card fraud detection: Dealing with imbalanced datasets. Turkish Journal of Engineering, 8(2), 196–208.
• Ünel, F. B., Kuşak, L., Çelik, M., Alptekin, A., & Yakar, M. (2020). Kıyı çizgisinin belirlenerek mülkiyet durumunun incelenmesi. Türkiye Arazi Yönetimi Dergisi, 2(1), 33-40.
• Feizizadeh, B., Yariyan, P., Yakar, M., Blaschke, T., & Almuraqab, N. A. S. (2025). An integrated hybrid deep learning data driven approaches for spatiotemporal mapping of land susceptibility to salt/dust emissions. Advances in Space Research.
• Nwafor, E. O., & Akintayo, F. O. (2024). Predicting trip purposes of households in Makurdi using machine learning: A comparative analysis of decision tree, CatBoost, and XGBoost algorithms. Engineering Applications, 3(3), 260–274.