2019
DOI: 10.1109/tifs.2018.2883177
|View full text |Cite
|
Sign up to set email alerts
|

Vesper: Using Echo Analysis to Detect Man-in-the-Middle Attacks in LANs

Abstract: The Man-in-the-Middle (MitM) attack is a cyberattack in which an attacker intercepts traffic, thus harming the confidentiality, integrity, and availability of the network. It remains a popular attack vector due to its simplicity. However, existing solutions are either not portable, suffer from a high false positive rate, or are simply not generic.In this paper, we propose Vesper: a novel plug-and-play MitM detector for local area networks. Vesper uses a technique inspired from impulse response analysis used in… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
14
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 28 publications
(21 citation statements)
references
References 21 publications
1
14
0
Order By: Relevance
“…Researchers can study the following literature for their research interest of MITM attack [71][72][73].…”
Section: Key Pointsmentioning
confidence: 99%
“…Researchers can study the following literature for their research interest of MITM attack [71][72][73].…”
Section: Key Pointsmentioning
confidence: 99%
“…We analyze information loss in the feature extraction of traditional flow-level methods. We consider three types of widely used statistical features in the traditional flow-level methods [5,25,38,44,74]: (i) min-max features, the feature extraction function f outputs the maximum or minimum value of ì 𝑠 to extract flow-level features of traffic and produces the output for machine learning algorithms. (ii) average features, f calculates the average number of ì 𝑠 to obtain the flow-level features.…”
Section: Information Loss In Whispermentioning
confidence: 99%
“…As far as we know, there is no flow-level malicious traffic detection method that achieves task agnostic detection. Thus, we establish 22 flow-level statistics according to the existing studies [4,5,32,38,44,74] including the maximum, minimum, variance, mean, range of the three per-packet features in Whisper, flow duration, and flow byte count. We perform normalization for the flow-level statistics.…”
Section: 2 Experiments Setupmentioning
confidence: 99%
See 1 more Smart Citation
“…Man-in-the-middle attacks are impossible to protect against with firewalls and intrusion detection systems. Mirsky et al [7] designed a man-in-the-middle attack detection algorithm named Vesper, which can identify man-inthe-middle attacks in LAN networks by measuring the RTT of echo packets. However, this method cannot detect attacks against specific application protocols and is difficult to apply to the WAN environment.…”
Section: Introductionmentioning
confidence: 99%