A novel man-in-the-middle intrusion detection scheme for switched LANs

    Research output: Contribution to journalArticlepeer-review

    14 Citations (Scopus)


    The Man-in-the-Middle (MiM) attack is used by attackers to perform sniffing activities in switched LAN networks. The potential damage to a network from sniffing activities can be very significant. This paper proposes a mechanism for detecting malicious hosts performing MiM attack in switched LAN networks. The proposed mechanism consists of sending trap and spoofed packets to the network's hosts, after which, malicious sniffing hosts can be identified efficiently and accurately by collecting and analyzing the response packets. The effect of the proposed mechanism on the performance of the network is discussed and shown to be minimal. The limits of current security solutions regarding their ability to detect and prevent the MiM attack in switched LAN networks, are also discussed.

    Original languageEnglish
    Pages (from-to)234-243
    Number of pages10
    JournalInternational Journal of Computers and Applications
    Issue number3
    Publication statusPublished - Jan 1 2008


    • Address resolution protocol
    • Address resolution protocol cache poisoning attack
    • Intrusions detection systems
    • Man-in-the-middle attack

    ASJC Scopus subject areas

    • Software
    • Hardware and Architecture
    • Computer Science Applications
    • Computer Graphics and Computer-Aided Design


    Dive into the research topics of 'A novel man-in-the-middle intrusion detection scheme for switched LANs'. Together they form a unique fingerprint.

    Cite this