Detecting man-in-the-middle attacks on non-mobile systems

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

13 Citations (Scopus)

Abstract

In this paper we propose a method for detecting man-in-themiddle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to nonmobile systems, where the variations in the delay are fairly low and uniform
Original languageEnglish
Title of host publicationProceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014
PublisherAssociation for Computing Machinery ACM
Pages131-134
ISBN (Print)978-1-4503-2278-2
DOIs
Publication statusPublished - 2014
MoE publication typeA4 Article in a conference publication
Event4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014 - San Antonio, TX, United States
Duration: 3 Mar 20145 Mar 2014

Conference

Conference4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014
Abbreviated titleCODASPY 2014
CountryUnited States
CitySan Antonio, TX
Period3/03/145/03/14

Keywords

  • Man-in-the-middle attack
  • network monitoring

Cite this

Vallivaara, V., Sailio, M., & Halunen, K. (2014). Detecting man-in-the-middle attacks on non-mobile systems. In Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014 (pp. 131-134). Association for Computing Machinery ACM. https://doi.org/10.1145/2557547.2557579
Vallivaara, Visa ; Sailio, Mirko ; Halunen, Kimmo. / Detecting man-in-the-middle attacks on non-mobile systems. Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014. Association for Computing Machinery ACM, 2014. pp. 131-134
@inproceedings{8379abcda4a045dd952dfcd0a122699b,
title = "Detecting man-in-the-middle attacks on non-mobile systems",
abstract = "In this paper we propose a method for detecting man-in-themiddle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to nonmobile systems, where the variations in the delay are fairly low and uniform",
keywords = "Man-in-the-middle attack, network monitoring",
author = "Visa Vallivaara and Mirko Sailio and Kimmo Halunen",
year = "2014",
doi = "10.1145/2557547.2557579",
language = "English",
isbn = "978-1-4503-2278-2",
pages = "131--134",
booktitle = "Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014",
publisher = "Association for Computing Machinery ACM",
address = "United States",

}

Vallivaara, V, Sailio, M & Halunen, K 2014, Detecting man-in-the-middle attacks on non-mobile systems. in Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014. Association for Computing Machinery ACM, pp. 131-134, 4th ACM Conference on Data and Application Security and Privacy, CODASPY 2014, San Antonio, TX, United States, 3/03/14. https://doi.org/10.1145/2557547.2557579

Detecting man-in-the-middle attacks on non-mobile systems. / Vallivaara, Visa; Sailio, Mirko; Halunen, Kimmo.

Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014. Association for Computing Machinery ACM, 2014. p. 131-134.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Detecting man-in-the-middle attacks on non-mobile systems

AU - Vallivaara, Visa

AU - Sailio, Mirko

AU - Halunen, Kimmo

PY - 2014

Y1 - 2014

N2 - In this paper we propose a method for detecting man-in-themiddle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to nonmobile systems, where the variations in the delay are fairly low and uniform

AB - In this paper we propose a method for detecting man-in-themiddle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to nonmobile systems, where the variations in the delay are fairly low and uniform

KW - Man-in-the-middle attack

KW - network monitoring

U2 - 10.1145/2557547.2557579

DO - 10.1145/2557547.2557579

M3 - Conference article in proceedings

SN - 978-1-4503-2278-2

SP - 131

EP - 134

BT - Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014

PB - Association for Computing Machinery ACM

ER -

Vallivaara V, Sailio M, Halunen K. Detecting man-in-the-middle attacks on non-mobile systems. In Proceedings of the 4th ACM conference on Data and application security and privacy, CODASPY 2014. Association for Computing Machinery ACM. 2014. p. 131-134 https://doi.org/10.1145/2557547.2557579