To address the challenges of low detection accuracy,high false positive rates,and poor generalization in detecting man-in-the-middle attacks based on the ARP protocol within a local area network,a combined model was proposed.An integration of an extreme random forest classifier(ETC)and an improved attention mechanism(IAM)with a bidirectional long short-term memory network(BiLSTM)were combined.ETC was utilized to extract data features.The time-series information of man-in-the-middle attack traffic was processed through the improved attention mechanism module.The combined features were input into BiLSTM to achieve the effective detection of man-in-the-middle attacks.Experimental results demonstrate that on the Kit-sune dataset,the model achieves the detection accuracy of 99.98%,and on a custom Ooter dataset,it reaches 99.94%.In com-parison to mainstream man-in-the-middle attack detection algorithms,this approach exhibits higher accuracy,lower false positive rates,and superior generalization.
man-in-the-middle attackaddress resolution protocoldeep learningbidirectional long short-term memoryatten-tion mechanismextra trees classifiermodel fusion
维普
万方数据
