To address the challenges of low detection accuracy,high false positive rates,and poor generalization in detecting man-in-the-middle attacks based on the ARP protocol within a local area network,a combined model was proposed.An integration of an extreme random forest classifier(ETC)and an improved attention mechanism(IAM)with a bidirectional long short-term memory network(BiLSTM)were combined.ETC was utilized to extract data features.The time-series information of man-in-the-middle attack traffic was processed through the improved attention mechanism module.The combined features were input into BiLSTM to achieve the effective detection of man-in-the-middle attacks.Experimental results demonstrate that on the Kit-sune dataset,the model achieves the detection accuracy of 99.98%,and on a custom Ooter dataset,it reaches 99.94%.In com-parison to mainstream man-in-the-middle attack detection algorithms,this approach exhibits higher accuracy,lower false positive rates,and superior generalization.
关键词
中间人攻击/地址解析协议/深度学习/双向长短时记忆网络/注意力机制/极端随机树分类器/模型融合
Key words
man-in-the-middle attack/address resolution protocol/deep learning/bidirectional long short-term memory/atten-tion mechanism/extra trees classifier/model fusion
维普
万方数据