An Approach for Detecting Man-In-The-Middle Attack Using DPI and DFI

  • Argha GhoshEmail author
  • A. Senthilrajan
Conference paper
Part of the Lecture Notes on Data Engineering and Communications Technologies book series (LNDECT, volume 49)


Recently, many new cyber-attacks like Phishing, Spear Phishing, Cross-Site Scripting (XSS), Denial of Service (DoS), SQL injection including, Man-In-The-Middle (MITM) attack, etc are originated in the transmission of data over a network. Among all those attacks, a man-in-the-middle attack is dangerous as well as well known for its behaviour to steal the privacy and the data of a user. The term man-in-the-middle defines that between the user and web-server presence of hacker or third-party for stealing the data as well as the privacy of the user. In terms of performing ways, man-in-the-middle attack can classify by six key techniques and those are Spoofing based MITM attack (like ARP spoofing, ICMP spoofing, DNS spoofing and, DHCP spoofing), TSL/SSL (Secure Socket Layer) MITM attack, BGP (Border Gateway Protocol) based MITM attack, Cookie Hijacking, Man-In-The-Browser and, Wireless MITM. In this research paper, discuss all of those man-in-the-middle attacks with example and case study.

Deep Packet Inspection is a technique for monitoring and analysing the network’s traffic as well as DPI used for managing the network’s bandwidth also. DPI is useful for monitoring the high-speed network. However, in recent time, many countries like Egypt, China, etc. implemented DPI for network monitoring. Deep Flow Inspection (DFI) is a packet filtering technique like DPI, but it has some advantages over DPI. The DFI can filter the encrypted network traffic as well as DFI can perform the task like finding the packet length, size of the packet, etc. This paper proposes a technique for detecting man-in-the-middle attack using Deep Packet Inspection and Deep Flow Inspection based on DPI Feature Library and DPI Method Library as well as DFI Feature Library and DFI Method Library for network traffic identification and packet filtering of incoming network traffic.


Man-in-the-middle attack Types of man-in-the-middle attack Deep packet inspection Deep flow inspection Man-in-the-middle attack detection Network traffic identification Packet filtering 



We would like to thank Dr. K. Kuppusamy for improving the content of this paper, as well as acknowledging the effort of Dr. E. Ramaraj for his guidance. This research work has been written with the financial support of Rashtriya Uchchatar Shiksha Abhiyan (RUSA- Phase 2.0) grant sanctioned vide Letter No. F.24-51/2014-U, Policy (TNMulti-Gen), Dept. of Edn. Govt. of India, Dt. 09.10.2018. Express appreciation to all those author’s whose references we used in this research work. Acknowledging Mrs. Anju Ghosh, Mrs. Moumita Ghosh Bairagi, Mr. Bidhan Ghosh and rest of my family members for their support and love. Special Thanks’ to Mr. N. Alagu Ganesan and Mr. G. Veerapandi for their helpful hand and support.


  1. 1.
    Callegati, F., Cerroni, W., Ramilli, M.: Man-in-the-middle attack to the HTTPS protocol. IEEE Secur. Priv. 7(1), 78–81 (2009)CrossRefGoogle Scholar
  2. 2.
    Du, J., Li, X., Huang, H.: A study of man-in-the-middle attack based on SSL certificate interaction. In: 2011 First International Conference on Instrumentation, Measurement, Computer, Communication and Control (2011)Google Scholar
  3. 3.
    Chordiya, A.R., Majumder, S., Javaid, A.Y.: Man-in-the-middle (MITM) attack based hijacking of HTTP traffic open source tools. In: 2018 IEEE International Conference on Electro/Information Technology (EIT) (2018)Google Scholar
  4. 4.
    Bhushan, B., Sahoo, G., Rai, A.K.: Man-in-the-middle attack in wireless and computer networking - a review. In: 2017 3rd International Conference on Advances in Computing, Communication & Automation (ICACCA) (2017)Google Scholar
  5. 5.
    Chen, Z., Guo, S., Duan, R., Wang, S.: Security analysis on mutual authentication against man-in-the-middle attack. In: 2009 First International Conference on Information Science and Engineering (2009)Google Scholar
  6. 6.
    Guo, Y.-T., Gao, Y., Wang, Y., Qin, M.-Y., Pu, Y.-J., Wang, Z., Liu, D.-D., Chen, X.-J., Gao, T.-F., Lv, T.-T., Fu, Z.-C.: DPI & DFI: a malicious behavior detection method combining deep packet inspection and deep flow inspection. Procedia Eng. 174, 1309–1314 (2017). 13th Global Congress on Manufacturing and Management, GCMM 2016CrossRefGoogle Scholar
  7. 7.
  8. 8.
    El-Maghraby, R.T., Elazim, N.M.A., Bahaa-Eldin, A.M.: A survey on deep packet inspection. In: 2017 12th International Conference on Computer Engineering and Systems (ICCES) (2017)Google Scholar
  9. 9.
    Snort v2.9.9 (2016).
  10. 10.
    Bro Intrusion Detection System (2014).
  11. 11.
    Application Layer Packet Classifier for LINUX (2009).
  12. 12.
    Chaudhary, A., Sardana, A.: Software based implementation methodologies for deep packet inspection. In: International Conference on Information Science and Applications (ICISA). IEEE (2011)Google Scholar
  13. 13.
    Alkateb, S.: White paper: 5 things you need to know about deep packet inspection, April 2011.
  14. 14.
    Xu, C., Chen, S., Su, J., Yiu, S.M., Hui, L.C.K.: A survey on regular expression matching for deep packet inspection: application, algorithms and hardware platforms. IEEE Commun. Surv. Tutor. 18(4), 2991–3029 (2016)CrossRefGoogle Scholar
  15. 15.
    Wei, L., Hongyu, L., Xiaoliang, Z.: A network data security analysis method based on DPI technology. In: 7th IEEE International Conference on Software Engineering and Service Science (ICSESS) (2016)Google Scholar
  16. 16.
    Data Plane Development Kit.

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Computational LogisticsAlagappa UniversityKaraikudiIndia

Personalised recommendations