IEEE Access (Jan 2020)

Sniffing Detection Based on Network Traffic Probing and Machine Learning

  • Marcin Gregorczyk,
  • Piotr Zorawski,
  • Piotr Nowakowski,
  • Krzysztof Cabaj,
  • Wojciech Mazurczyk

DOI
https://doi.org/10.1109/ACCESS.2020.3016076
Journal volume & issue
Vol. 8
pp. 149255 – 149269

Abstract

Read online

Cyber attacks are on the rise and each day cyber criminals are developing more and more sophisticated methods to compromise the security of their targets. Sniffing is one of the most important techniques that enables the attacker to collect information on the vulnerabilities of the devices, protocols and applications that can be exploited within the targeted network. It relies mainly on passively analyzing the traffic exchanged within the network, and due to its nature, such an activity is difficult to discover. That is why, in this article, we first revisit existing techniques and tools that can be used to perform sniffing as well as the corresponding mitigation methods. Based on this background, we propose a novel measurement-based detection method that infers whether the sniffing software is active on the suspected machine by network traffic probing and machine learning techniques. The presented experimental results prove that the proposed solution is effective.

Keywords