Detecting Man In The Middle Traffic using Packet Header Information  
Author Maryam M. Najafabadi

 

Co-Author(s) Taghi M. Khoshgoftaar; Chad Calvert; Clifford Kemp

 

Abstract A Man In The Middle (MITM) attack involves an attacker intercepting existing communication between two computers. The attacker establishes himself/herself as a "man in the middle" who can monitor or selectively modify the network traffic between two communicating computers. The two computers believe they are directly connected to each other; however, there is an attacker machine in between that receives the traffic from one of the computers and forwards it to the other one. This way, the attacker monitors the traffic between two machines and can steal potential important information or spy on their activities. Most of the proposed MITM detection methods in the literature are applicable to a specific type of attack. These methods are based on the attack initiating mechanism. They will not be able to detect the attack, if it is initiated, using a different mechanism than the one the detection method is based on. In this paper, we propose a method, which uses the general behavior of a MITM attacker in order to detect MITM traffic in a LAN environment. Our method is independent to the launching mechanism for the attack. The attacker's behavior, in forwarding packets from one side of the communication to the other side, produces duplicated packets in the communicating traffic. We exploit the attacker's behavior in order to detect MITM traffic. We use packet header features for the detection of duplicated packets in the network traffic. The presence of duplicated packets in the network traffic is used as an indication for MITM attacks. Our experimental results, conducted on traffic collected from a live production campus network, show that our proposed method can successfully detect nearly 95 percent of MITM traffic generated with two different methods.

 

Keywords
   
    Article #:  22197
 
Proceedings of the 22nd ISSAT International Conference on Reliability and Quality in Design
August 4-6, 2016 - Los Angeles, California, U.S.A.