Detecting man-in-the-middle attacks on non-mobile systems

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    15 Citations (Scopus)

    Abstract

    In this paper we propose a method for detecting man-in-themiddle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to nonmobile systems, where the variations in the delay are fairly low and uniform
    Original languageEnglish
    Title of host publicationProceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014
    PublisherAssociation for Computing Machinery ACM
    Pages131-134
    ISBN (Print)978-1-4503-2278-2
    DOIs
    Publication statusPublished - 2014
    MoE publication typeA4 Article in a conference publication
    Event4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States
    Duration: 3 Mar 20145 Mar 2014

    Conference

    Conference4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014
    Abbreviated titleCODASPY 2014
    CountryUnited States
    CitySan Antonio, TX
    Period3/03/145/03/14

    Keywords

    • Man-in-the-middle attack
    • network monitoring

    Cite this

    Vallivaara, V., Sailio, M., & Halunen, K. (2014). Detecting man-in-the-middle attacks on non-mobile systems. In Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014 (pp. 131-134). Association for Computing Machinery ACM. https://doi.org/10.1145/2557547.2557579
    Vallivaara, Visa ; Sailio, Mirko ; Halunen, Kimmo. / Detecting man-in-the-middle attacks on non-mobile systems. Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014. Association for Computing Machinery ACM, 2014. pp. 131-134
    @inproceedings{8379abcda4a045dd952dfcd0a122699b,
    title = "Detecting man-in-the-middle attacks on non-mobile systems",
    abstract = "In this paper we propose a method for detecting man-in-themiddle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to nonmobile systems, where the variations in the delay are fairly low and uniform",
    keywords = "Man-in-the-middle attack, network monitoring",
    author = "Visa Vallivaara and Mirko Sailio and Kimmo Halunen",
    year = "2014",
    doi = "10.1145/2557547.2557579",
    language = "English",
    isbn = "978-1-4503-2278-2",
    pages = "131--134",
    booktitle = "Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014",
    publisher = "Association for Computing Machinery ACM",
    address = "United States",

    }

    Vallivaara, V, Sailio, M & Halunen, K 2014, Detecting man-in-the-middle attacks on non-mobile systems. in Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014. Association for Computing Machinery ACM, pp. 131-134, 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, San Antonio, TX, United States, 3/03/14. https://doi.org/10.1145/2557547.2557579

    Detecting man-in-the-middle attacks on non-mobile systems. / Vallivaara, Visa; Sailio, Mirko; Halunen, Kimmo.

    Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014. Association for Computing Machinery ACM, 2014. p. 131-134.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Detecting man-in-the-middle attacks on non-mobile systems

    AU - Vallivaara, Visa

    AU - Sailio, Mirko

    AU - Halunen, Kimmo

    PY - 2014

    Y1 - 2014

    N2 - In this paper we propose a method for detecting man-in-themiddle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to nonmobile systems, where the variations in the delay are fairly low and uniform

    AB - In this paper we propose a method for detecting man-in-themiddle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to nonmobile systems, where the variations in the delay are fairly low and uniform

    KW - Man-in-the-middle attack

    KW - network monitoring

    U2 - 10.1145/2557547.2557579

    DO - 10.1145/2557547.2557579

    M3 - Conference article in proceedings

    SN - 978-1-4503-2278-2

    SP - 131

    EP - 134

    BT - Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014

    PB - Association for Computing Machinery ACM

    ER -

    Vallivaara V, Sailio M, Halunen K. Detecting man-in-the-middle attacks on non-mobile systems. In Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014. Association for Computing Machinery ACM. 2014. p. 131-134 https://doi.org/10.1145/2557547.2557579