MitM Attack Detection in BLE Networks using Reconstruction and Classification Machine Learning Techniques


Internet of Things (IoT) devices, including smartphones and tablets, are widely deployed in various application domains ranging from smart homes to industrial environments. Many of these devices rely on Bluetooth Low Energy (BLE) as a communication protocol for their control or the transfer of data. Trivial attacks can easily target these devices to compromise them due to their low security features and inherent vulnerabilities in their software and communication components. In this paper , we firstly demonstrate a Man-in-the-Middle (MitM) attack against BLE devices while collecting datasets of network traffic data exchange with and without the attack. Secondly, we study the use of machine learning to detect this attack by combining unsupervised and supervised techniques. We applied and compared two unsupervised techniques to reconstruct the model of BLE communications and detect suspicious data batches. We then applied a classification method based on Text-CNN technique to classify packets as normal or attack inside each suspicious batch. Our model reconstruction results show that we are able to discriminate normal and attack models with high precision and our classification method achieves high accuracy (≈ 0.99) and low false positive rate (≈ 0.03).

2nd Workshop on Machine Learning for Cybersecurity