Unlock instant, AI-driven research and patent intelligence for your innovation.

Method, apparatus and electronic device for detecting man-in-the-middle attack

A man-in-the-middle, preset time technology, applied in electrical components, transmission systems, etc., can solve problems such as difficult and effective detection of man-in-the-middle attacks

Active Publication Date: 2018-12-18
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] In view of this, the object of the present invention is to provide a method, device and electronic equipment for detecting man-in-the-middle attacks, so as to solve the problem in the prior art that it is difficult to effectively detect the occurrence of man-in-the-middle attacks during network communication. question

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, apparatus and electronic device for detecting man-in-the-middle attack
  • Method, apparatus and electronic device for detecting man-in-the-middle attack
  • Method, apparatus and electronic device for detecting man-in-the-middle attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] A method for detecting a man-in-the-middle attack provided by an embodiment of the present invention is applied to a network monitor, such as figure 1 Shown, including:

[0048] S11: Calculate the mapping relationship between the IP address and the MAC address in the network communication within the preset time to obtain the first mapping relationship, and count the handle data of the network communication under the first mapping relationship to obtain the first handle data.

[0049] Under normal circumstances, collect and count the mapping relationship data between independent IP addresses and independent MAC addresses within a period of time through network probes, and collect and record the session handle identifier data generated when the IP address and MAC address match, Obtain a series of baselines when the IP address matches the MAC address, and the data baseline of the session handle identifier generated when the IP address matches the MAC address. The statistical dat...

Embodiment 2

[0061] A method for detecting a man-in-the-middle attack provided by an embodiment of the present invention is applied to a network monitor, such as figure 2 Shown, including:

[0062] S21: Calculate the mapping relationship between the IP address and the MAC address in the network communication within the preset time to obtain the first mapping relationship, and count the handle data of the network communication under the first mapping relationship to obtain the first handle data.

[0063] As a preferred implementation of this embodiment, the first mapping relationship is a one-to-one correspondence between each independent IP address and one MAC address.

[0064] Further, the data collection module can collect and count the mapping relationship between the IP address and the MAC address in the network communication within the preset time through the network probe. The preset time period can be one week or one month. Just make sure that this period of time is the period when networ...

Embodiment 3

[0087] An apparatus for detecting a man-in-the-middle attack provided by an embodiment of the present invention is applied to a network monitor, such as Figure 4 As shown, the device 3 for detecting a man-in-the-middle attack includes: a statistics module 31, an acquisition module 32, a comparison module 33, and a determination module 34.

[0088] Among them, the statistics module is used to count the mapping relationship between the IP address and the MAC address in the network communication within the preset time to obtain the first mapping relationship, and to count the handle data of the network communication under the first mapping relationship to obtain the first handle data.

[0089] As a preferred implementation of this embodiment, the collection module is used to collect the mapping relationship between the IP address and the MAC address in the current network communication to obtain the second mapping relationship.

[0090] Specifically, the comparison module is used to co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method, apparatus and electronic device for detecting a man-in-the-middle attack, and relates to the technical field of network detection, the method comprising the followingsteps: a first mapping relation is obtained by counting the mapping relation between IP address and MAC address in network communication in a preset time; first handle data under the first mapping relation is obtained by counting handle data under the network communication; a second mapping relation is obtained by counting the mapping relation between IP address and MAC address; the first mappingrelation is compared with the second mapping relation, if the second mapping relation does not match with the first mapping relation, the second handle data is obtained by collecting handle data of the current network communication under the second mapping relation; the first handle data is Compared with the second handle data, if the second handle data and the first handle data do not match, itis determined that there is man-in-the-middle attack in the current network communication, which solves the technical problem that the occurrence of man-in-the-middle attack is difficult to detect effectively.

Description

Technical field [0001] The present invention relates to the field of network detection technology, in particular to a method, device and electronic equipment for detecting a man-in-the-middle attack. Background technique [0002] Man-in-the-Middle Attack (MITM) is a long-standing network intrusion method, and it still has a wide range of development space today, such as Server Message Block (SMB) session hijacking, domain name system (Domain Attacks such as Name System (DNS) spoofing are typical MITM attacks. [0003] With the continuous development of computer communication network technology, MITM attacks are becoming more and more diverse. Initially, the attacker can realize the attack by setting the network card in the promiscuous mode and pretending to be a proxy server to monitor specific traffic. This is because many communication protocols are transmitted in plain text, such as Hyper Text Transfer Protocol (Hyper Text Transfer Protocol). , Referred to as HTTP), file trans...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 叶鹏范渊张振雄
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD