Detection of MITM attack in LAN environment using payload matching

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the payload of frames exchanged in the network. The proposed scheme is independent of the mechanism used to launch the MITM attack. Experimental result shows that the proposed scheme can achieve excellent detection performance with proper choice of the scheme's tuning parameters.

Original languageEnglish
Title of host publicationProceedings of the IEEE International Conference on Industrial Technology
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1857-1862
Number of pages6
Volume2015-June
EditionJune
DOIs
Publication statusPublished - Jun 16 2015
Event2015 IEEE International Conference on Industrial Technology, ICIT 2015 - Seville, Spain
Duration: Mar 17 2015Mar 19 2015

Other

Other2015 IEEE International Conference on Industrial Technology, ICIT 2015
CountrySpain
CitySeville
Period3/17/153/19/15

Fingerprint

Local area networks
Tuning
Communication

Keywords

  • ARP poisoning
  • attack
  • detection
  • MITM
  • security
  • traffic analysis

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Science Applications

Cite this

Al Abri, D. (2015). Detection of MITM attack in LAN environment using payload matching. In Proceedings of the IEEE International Conference on Industrial Technology (June ed., Vol. 2015-June, pp. 1857-1862). [7125367] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICIT.2015.7125367

Detection of MITM attack in LAN environment using payload matching. / Al Abri, Dawood.

Proceedings of the IEEE International Conference on Industrial Technology. Vol. 2015-June June. ed. Institute of Electrical and Electronics Engineers Inc., 2015. p. 1857-1862 7125367.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Al Abri, D 2015, Detection of MITM attack in LAN environment using payload matching. in Proceedings of the IEEE International Conference on Industrial Technology. June edn, vol. 2015-June, 7125367, Institute of Electrical and Electronics Engineers Inc., pp. 1857-1862, 2015 IEEE International Conference on Industrial Technology, ICIT 2015, Seville, Spain, 3/17/15. https://doi.org/10.1109/ICIT.2015.7125367
Al Abri D. Detection of MITM attack in LAN environment using payload matching. In Proceedings of the IEEE International Conference on Industrial Technology. June ed. Vol. 2015-June. Institute of Electrical and Electronics Engineers Inc. 2015. p. 1857-1862. 7125367 https://doi.org/10.1109/ICIT.2015.7125367
Al Abri, Dawood. / Detection of MITM attack in LAN environment using payload matching. Proceedings of the IEEE International Conference on Industrial Technology. Vol. 2015-June June. ed. Institute of Electrical and Electronics Engineers Inc., 2015. pp. 1857-1862
@inproceedings{bc7894b516f24d02af7253ff2f76f901,
title = "Detection of MITM attack in LAN environment using payload matching",
abstract = "Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the payload of frames exchanged in the network. The proposed scheme is independent of the mechanism used to launch the MITM attack. Experimental result shows that the proposed scheme can achieve excellent detection performance with proper choice of the scheme's tuning parameters.",
keywords = "ARP poisoning, attack, detection, MITM, security, traffic analysis",
author = "{Al Abri}, Dawood",
year = "2015",
month = "6",
day = "16",
doi = "10.1109/ICIT.2015.7125367",
language = "English",
volume = "2015-June",
pages = "1857--1862",
booktitle = "Proceedings of the IEEE International Conference on Industrial Technology",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
edition = "June",

}

TY - GEN

T1 - Detection of MITM attack in LAN environment using payload matching

AU - Al Abri, Dawood

PY - 2015/6/16

Y1 - 2015/6/16

N2 - Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the payload of frames exchanged in the network. The proposed scheme is independent of the mechanism used to launch the MITM attack. Experimental result shows that the proposed scheme can achieve excellent detection performance with proper choice of the scheme's tuning parameters.

AB - Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the payload of frames exchanged in the network. The proposed scheme is independent of the mechanism used to launch the MITM attack. Experimental result shows that the proposed scheme can achieve excellent detection performance with proper choice of the scheme's tuning parameters.

KW - ARP poisoning

KW - attack

KW - detection

KW - MITM

KW - security

KW - traffic analysis

UR - http://www.scopus.com/inward/record.url?scp=84937710935&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84937710935&partnerID=8YFLogxK

U2 - 10.1109/ICIT.2015.7125367

DO - 10.1109/ICIT.2015.7125367

M3 - Conference contribution

VL - 2015-June

SP - 1857

EP - 1862

BT - Proceedings of the IEEE International Conference on Industrial Technology

PB - Institute of Electrical and Electronics Engineers Inc.

ER -