ARP is an important protocol in networking that helps in mapping IP addresses to their corresponding Media Access Control (MAC) addresses. However,because authenticationi ARP is absent, the possibility of spoofing and cache poisoning attacks opens the door to serious security risks: 

Man-in-the-Middle and False Data Injection. The paper proposes the use of a finite state automaton model to improve security in ARP through the monitoring of ARP request-reply sequences in identifying inconsistencies in IP-MAC bindings. Normal states in the model are defined based on normal ARP transactions, while transitions in states are triggered by events involving duplicate IP bindings, conflicting MAC addresses, and unsolicited replies. These transitions eventually lead to anomalous states, flagging potential spoofing attempts in real time. To validate the proposed automaton, it was tested with artificially generated simulated ARP traffic and anomalies that reflected spoofing behavior were accurately detected with very low overhead. This approach provides a lightweight and protocol-independent mechanism that can easily be integrated into network intrusion detection systems for proactive ARP security and anomaly detection in both IT and cyber-physical environments.