A novel man-in-the-middle intrusion detection scheme for switched LANs

Research output: Contribution to journalArticlepeer-review

14 Citations (Scopus)


The Man-in-the-Middle (MiM) attack is used by attackers to perform sniffing activities in switched LAN networks. The potential damage to a network from sniffing activities can be very significant. This paper proposes a mechanism for detecting malicious hosts performing MiM attack in switched LAN networks. The proposed mechanism consists of sending trap and spoofed packets to the network's hosts, after which, malicious sniffing hosts can be identified efficiently and accurately by collecting and analyzing the response packets. The effect of the proposed mechanism on the performance of the network is discussed and shown to be minimal. The limits of current security solutions regarding their ability to detect and prevent the MiM attack in switched LAN networks, are also discussed.

Original languageEnglish
Pages (from-to)234-243
Number of pages10
JournalInternational Journal of Computers and Applications
Issue number3
Publication statusPublished - 2008


  • Address resolution protocol
  • Address resolution protocol cache poisoning attack
  • Intrusions detection systems
  • Man-in-the-middle attack

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Science Applications
  • Computer Graphics and Computer-Aided Design


Dive into the research topics of 'A novel man-in-the-middle intrusion detection scheme for switched LANs'. Together they form a unique fingerprint.

Cite this