Effective Selection of Packet Header Fields For Detection of Man In The Middle Attacks in LAN Environments  
Author Maryam M. Najafabadi


Co-Author(s) Taghi M. Khoshgoftaar; Chad Calvert; Clifford Kemp


Abstract The Man In The Middle (MITM) attack is an old, yet still prevalent attack in computer networks. In a MITM attack, the attacker inserts him/herself into communication between two computers and spies on their traffic. The attacker’s behavior in forwarding receiving packets from one side of the communication to the other side can be exploited to detect MITM traffic in a LAN environment. In this paper, we compare packet header fields between network packets to detect semi-duplicated packets generated by the attacker’s forwarding behavior. In order to effectively select a set of packet header fields to be compared among different packets, we use the Forward Greedy Stepwise feature selection algorithm. We define the performance measure for different subsets by using the scalarization method from multi-objective criteria decision making. Our results show that using this subset selection method not only increases the detection rate, but also results in a very small number of packet header fields needed for the detection of MITM packets. This makes the process of detecting these attacks faster and more efficient.


Keywords MITM, Feature Subset Selection, Packet Header, Attack Detection
    Article #:  23-143
Proceedings of the 23rd ISSAT International Conference on Reliability and Quality in Design
August 3-5, 2017 - Chicago, Illinois, U.S.A.