Detecting man-in-the-middle attacks on non-mobile systems

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    20 Citations (Scopus)


    In this paper we propose a method for detecting man-in-themiddle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to nonmobile systems, where the variations in the delay are fairly low and uniform
    Original languageEnglish
    Title of host publicationProceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014
    PublisherAssociation for Computing Machinery ACM
    ISBN (Print)978-1-4503-2278-2
    Publication statusPublished - 2014
    MoE publication typeA4 Article in a conference publication
    Event4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States
    Duration: 3 Mar 20145 Mar 2014


    Conference4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014
    Abbreviated titleCODASPY 2014
    Country/TerritoryUnited States
    CitySan Antonio, TX


    • Man-in-the-middle attack
    • network monitoring


    Dive into the research topics of 'Detecting man-in-the-middle attacks on non-mobile systems'. Together they form a unique fingerprint.

    Cite this