Experimental Study on the Detectability of Man-in-the-Middle Attacks for Cloud Applications

Man-in-the-Middle (MITM) attacks can significantly compromise the security of the Internet and cloud computing applications, where an attacker intercepts the packets transmitted between the clients and servers over the network to steal confidential information and/or change the packets. It is essential and challenging to detect MITM attacks. In this paper, we build a virtual network testbed to emulate a real-world cloud environment and study the detection of MITM attacks. We consider an MITM detection approach that utilizes network packet analysis and machine learning techniques to measure the changes in the packet Round-Trip Time (RTT) between a client and a server. Specifically, we use the machine learning algorithms in TensorFlow to analyze the RTT data collected on the testbed to determine the detectability of MITM attacks. If the attacker's link speed is much higher than the client's link speed in an access network, e.g. an attacker connecting the network through a wired Ethernet and a normal client connecting the network through a wireless link, it would be difficult to discern the RTT difference with and without the MITM attacks. We are able to deduce a threshold below which the MITM attacks can be detected based on the RTT difference with a certain accuracy. Our experiments show the detectability accuracy becomes lower.