No matter how secure and encrypted a network communication is, if incoming and outgoing traffic is redirected through the intruder’s land, there is no guarantee that those communications cannot be decrypted or manipulated. The highly sophisticated tools and techniques used by cybercriminals may enable them to interpret or manipulate highly secured https traffic or break TLS (Transport Layer Security) security. Safeguarding all the network traffics from intruders’ reach is one of the best preventive measures. Through ARP (Address Resolution Protocol) spoofing, an intruder launches Man-in-the-middle (MitM) attack and gets access to all the incoming and outgoing network traffic from the victim device. This article proposes a dual technique based on machine learning and device profiling to detect ARP spoofing-based MitM attacks. The ML-based approach analyzes the network for any abnormality and finds the MitM attacks. When deployed live, the device profile generated from the device profiling module improves the detection accuracy. The device profiling-based technique proposes a client application that keeps track of the ARP cache table and can identify if the ARP cache is compromised. Once identified, it notifies to profiler running on a dedicated system. The profiler identifies the intruder and blocks the intruder device from further network access. It maintains a DEV-PROFILE that helps ML to detect MitM attacks with improved accuracy.