Do you have more detailed logs and how it translates to English?
A lot of "sleep proxy" setups do look like ARP spoofing. For example, in Apple's ecosystem, your phone can go to sleep and hand off its identity to a nearby Apple TV to respond to pings and respond to mDNS queries on your phone's behalf. Only when a service tries to connect to a known active port on your device does that wake up your actual device.
A lot of network security products find this suspicious and label it as ARP spoofing or a MITM attack. I wasn't aware of Android doing anything similar, but perhaps it's a form of MAC randomization that's freaking out ESET?