Abstract
In this paper we propose a method for detecting
man-in-themiddle attacks using the timestamps of TCP
packet headers. From these timestamps, the delays can be
calculated and by comparing the mean of the delays in the
current connection to data gathered from previous
sessions it is possible to detect if the packets have
unusually long delays. We show that in our small case
study we can find and set a threshold parameter that
accurately detects man-in-the-middle attacks with a low
probability of false positives. Thus, it may be used as a
simple precautionary measure against malicious attacks.
The method in its current form is limited to nonmobile
systems, where the variations in the delay are fairly low
and uniform
Original language | English |
---|---|
Title of host publication | Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014 |
Publisher | Association for Computing Machinery ACM |
Pages | 131-134 |
ISBN (Print) | 978-1-4503-2278-2 |
DOIs | |
Publication status | Published - 2014 |
MoE publication type | A4 Article in a conference publication |
Event | 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States Duration: 3 Mar 2014 → 5 Mar 2014 |
Conference
Conference | 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 |
---|---|
Abbreviated title | CODASPY 2014 |
Country/Territory | United States |
City | San Antonio, TX |
Period | 3/03/14 → 5/03/14 |
Keywords
- Man-in-the-middle attack
- network monitoring