A Survey of Man in the Middle Attacks

Mauro Conti, Nicola Dragoni, Viktor Lesyk

Research output: Contribution to journalJournal articleResearchpeer-review


The Man-In-The-Middle (MITM) attack is one of the most well known attacks in computer security, representing one of the biggest concerns for security professionals. MITM targets the actual data that flows between endpoints, and the confidentiality and integrity of the data itself. In this paper, we extensively review the literature on MITM to analyse and categorize the scope of MITM attacks, considering both a reference model, such as the open systems interconnection (OSI) model, as well as two specific widely used network technologies, i.e., GSM and UMTS. In particular, we classify MITM attacks based on several parameters, like location of an attacker in the network, nature of a communication channel, and impersonation techniques. Based on an impersonation techniques classification, we then provide execution steps for each MITM class. We survey existing countermeasures and discuss the comparison among them. Finally, based on our analysis, we propose a categorisation of MITM prevention mechanisms, and we identify some possible directions for future research.
Original languageEnglish
JournalI E E E Communications Surveys and Tutorials
Issue number3
Pages (from-to)2027-2051
Publication statusPublished - 2016


  • Man-In-The-Middle (MITM) attack
  • MITM classification
  • MITM defence techniques
  • Security


Dive into the research topics of 'A Survey of Man in the Middle Attacks'. Together they form a unique fingerprint.

Cite this