Detection of MITM attack in LAN environment using payload matching

Dawood Al Abri

doi:10.1109/ICIT.2015.7125367

Detection of MITM attack in LAN environment using payload matching

Dawood Al Abri^*

^*Corresponding author for this work

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Citations (Scopus)

Abstract

Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the payload of frames exchanged in the network. The proposed scheme is independent of the mechanism used to launch the MITM attack. Experimental result shows that the proposed scheme can achieve excellent detection performance with proper choice of the scheme's tuning parameters.

Original language	English
Title of host publication	2015 IEEE International Conference on Industrial Technology, ICIT 2015
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1857-1862
Number of pages	6
Edition	June
ISBN (Electronic)	9781479978007
DOIs	https://doi.org/10.1109/ICIT.2015.7125367
Publication status	Published - Jun 16 2015
Event	2015 IEEE International Conference on Industrial Technology, ICIT 2015 - Seville, Spain Duration: Mar 17 2015 → Mar 19 2015

Publication series

Name	Proceedings of the IEEE International Conference on Industrial Technology
Number	June
Volume	2015-June

Other

Other	2015 IEEE International Conference on Industrial Technology, ICIT 2015
Country/Territory	Spain
City	Seville
Period	3/17/15 → 3/19/15

Keywords

ARP poisoning
MITM
attack
detection
security
traffic analysis

ASJC Scopus subject areas

Computer Science Applications
Electrical and Electronic Engineering

Access to Document

10.1109/ICIT.2015.7125367

Cite this

Al Abri, D. (2015). Detection of MITM attack in LAN environment using payload matching. In 2015 IEEE International Conference on Industrial Technology, ICIT 2015 (June ed., pp. 1857-1862). Article 7125367 (Proceedings of the IEEE International Conference on Industrial Technology; Vol. 2015-June, No. June). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICIT.2015.7125367

Detection of MITM attack in LAN environment using payload matching. / Al Abri, Dawood.
2015 IEEE International Conference on Industrial Technology, ICIT 2015. June. ed. Institute of Electrical and Electronics Engineers Inc., 2015. p. 1857-1862 7125367 (Proceedings of the IEEE International Conference on Industrial Technology; Vol. 2015-June, No. June).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Al Abri, D 2015, Detection of MITM attack in LAN environment using payload matching. in 2015 IEEE International Conference on Industrial Technology, ICIT 2015. June edn, 7125367, Proceedings of the IEEE International Conference on Industrial Technology, no. June, vol. 2015-June, Institute of Electrical and Electronics Engineers Inc., pp. 1857-1862, 2015 IEEE International Conference on Industrial Technology, ICIT 2015, Seville, Spain, 3/17/15. https://doi.org/10.1109/ICIT.2015.7125367

@inproceedings{bc7894b516f24d02af7253ff2f76f901,

title = "Detection of MITM attack in LAN environment using payload matching",

abstract = "Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the payload of frames exchanged in the network. The proposed scheme is independent of the mechanism used to launch the MITM attack. Experimental result shows that the proposed scheme can achieve excellent detection performance with proper choice of the scheme's tuning parameters.",

keywords = "ARP poisoning, MITM, attack, detection, security, traffic analysis",

author = "{Al Abri}, Dawood",

note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 2015 IEEE International Conference on Industrial Technology, ICIT 2015 ; Conference date: 17-03-2015 Through 19-03-2015",

year = "2015",

month = jun,

day = "16",

doi = "10.1109/ICIT.2015.7125367",

language = "English",

series = "Proceedings of the IEEE International Conference on Industrial Technology",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "June",

pages = "1857--1862",

booktitle = "2015 IEEE International Conference on Industrial Technology, ICIT 2015",

edition = "June",

}

TY - GEN

T1 - Detection of MITM attack in LAN environment using payload matching

AU - Al Abri, Dawood

PY - 2015/6/16

Y1 - 2015/6/16

N2 - Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the payload of frames exchanged in the network. The proposed scheme is independent of the mechanism used to launch the MITM attack. Experimental result shows that the proposed scheme can achieve excellent detection performance with proper choice of the scheme's tuning parameters.

AB - Man-in-the-Middle (MITM) attack enables an attacker to monitor the communication exchange between two parties by directing the traffic between them to pass through the attacker's machine. Most existing schemes for discovering MITM attack focus on detecting the mechanism used to direct the traffic through the attacker machine. This paper presents a new detection scheme that is based on matching the payload of frames exchanged in the network. The proposed scheme is independent of the mechanism used to launch the MITM attack. Experimental result shows that the proposed scheme can achieve excellent detection performance with proper choice of the scheme's tuning parameters.

KW - ARP poisoning

KW - MITM

KW - attack

KW - detection

KW - security

KW - traffic analysis

UR - http://www.scopus.com/inward/record.url?scp=84937710935&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84937710935&partnerID=8YFLogxK

U2 - 10.1109/ICIT.2015.7125367

DO - 10.1109/ICIT.2015.7125367

M3 - Conference contribution

AN - SCOPUS:84937710935

T3 - Proceedings of the IEEE International Conference on Industrial Technology

SP - 1857

EP - 1862

BT - 2015 IEEE International Conference on Industrial Technology, ICIT 2015

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2015 IEEE International Conference on Industrial Technology, ICIT 2015

Y2 - 17 March 2015 through 19 March 2015

ER -

Detection of MITM attack in LAN environment using payload matching

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this