Table 8 Techniques and approaches for protecting against “man-in-the-middle” attacks (synthesized from existing literature).
From: A hybrid AI-Blockchain security framework for smart grids
Ref. | Methods | Description |
|---|---|---|
ML-based anomaly detection | ML models such as Support Vector Machines (SVM), K-Nearest Neighbors (KNN), and Autoencoders analyze network traffic patterns to identify anomalies indicative of MITM attacks. These models monitor packet sequencing, request-response time deviations, and protocol inconsistencies to detect unauthorized retransmissions and malicious packet injections. The use of flow-based features, entropy calculations, and statistical distributions ensures effective anomaly detection. | |
Physical unclonable function (PUF) authentication | PUF authentication mechanisms generate unique, device-specific cryptographic keys, ensuring that each smart meter or grid device has a distinct, unclonable identity. By leveraging challenge-response authentication, PUF-based security systems prevent MITM attackers from successfully impersonating legitimate devices, making unauthorized access nearly impossible. This technique enhances authentication security while maintaining low computational overhead for real-time smart grid environments. | |
Intrusion detection systems (IDS) with network traffic monitoring | IDS solutions employ signature-based and behavior-based detection methods to analyze network traffic logs and identify anomalies associated with MITM attacks. IDS systems monitor packet retransmission rates, round-trip time (RTT) variations, and encryption discrepancies to detect unauthorized packet interception. By comparing real-time traffic to established behavioral baselines, IDS effectively identifies suspicious activities indicative of MITM attacks. |
