Detection and analysis of routing loops in packet traces
Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment
On the Distribution of Round-Trip Delays in TCP/IP Networks
LCN '99 Proceedings of the 24th Annual IEEE Conference on Local Computer Networks
A low-cost embedded IDS to monitor and prevent Man-in-the-Middle attacks on wired LAN environments
SECUREWARE '07 Proceedings of the The International Conference on Emerging Security Information, Systems, and Technologies
Formal methods for cryptographic protocol analysis: emerging issues and trends
IEEE Journal on Selected Areas in Communications
Measurement and analysis of single-hop delay on an IP backbone network
IEEE Journal on Selected Areas in Communications
Hi-index | 0.00 |
In this paper we propose a method for detecting man-in-the-middle attacks using the timestamps of TCP packet headers. From these timestamps, the delays can be calculated and by comparing the mean of the delays in the current connection to data gathered from previous sessions it is possible to detect if the packets have unusually long delays. We show that in our small case study we can find and set a threshold parameter that accurately detects man-in-the-middle attacks with a low probability of false positives. Thus, it may be used as a simple precautionary measure against malicious attacks. The method in its current form is limited to non-mobile systems, where the variations in the delay are fairly low and uniform.