An Approach for Detecting Man-In-The-Middle Attack Using DPI and DFI

Abstract

Recently, many new cyber-attacks like Phishing, Spear Phishing, Cross-Site Scripting (XSS), Denial of Service (DoS), SQL injection including, Man-In-The-Middle (MITM) attack, etc are originated in the transmission of data over a network. Among all those attacks, a man-in-the-middle attack is dangerous as well as well known for its behaviour to steal the privacy and the data of a user. The term man-in-the-middle defines that between the user and web-server presence of hacker or third-party for stealing the data as well as the privacy of the user. In terms of performing ways, man-in-the-middle attack can classify by six key techniques and those are Spoofing based MITM attack (like ARP spoofing, ICMP spoofing, DNS spoofing and, DHCP spoofing), TSL/SSL (Secure Socket Layer) MITM attack, BGP (Border Gateway Protocol) based MITM attack, Cookie Hijacking, Man-In-The-Browser and, Wireless MITM. In this research paper, discuss all of those man-in-the-middle attacks with example and case study. Deep Packet Inspection is a technique for monitoring and analysing the network’s traffic as well as DPI used for managing the network’s bandwidth also. DPI is useful for monitoring the high-speed network. However, in recent time, many countries like Egypt, China, etc. implemented DPI for network monitoring. Deep Flow Inspection (DFI) is a packet filtering technique like DPI, but it has some advantages over DPI. The DFI can filter the encrypted network traffic as well as DFI can perform the task like finding the packet length, size of the packet, etc. This paper proposes a technique for detecting man-in-the-middle attack using Deep Packet Inspection and Deep Flow Inspection based on DPI Feature Library and DPI Method Library as well as DFI Feature Library and DFI Method Library for network traffic identification and packet filtering of incoming network traffic.