Random Forrest Based Man-in-the-Middle Attack Detection in Advanced Metering Infrastructure

Year : 2026 | Volume : 14 | Issue : 01 | Page : 1 8
    By

    Ahan K.S.,

  • Vimlesh Kumar Ray,

  • Priyanka Goyal,

  1. Assistant Professor, Department of Computer Science & Engineering, School of ICT Gautam Buddha University Gautam Buddh Nagar, Uttar Pradesh, India
  2. Assistant Professor, Department of Computer Science & Engineering, School of ICT Gautam Buddha University Gautam Buddh Nagar, Uttar Pradesh, India
  3. Assistant Professor, Department of Electronics and Communication Engineering, School of ICT Gautam Buddha University Gautam Buddh Nagar, Uttar Pradesh, India

Abstract

Advanced metering infrastructure (AMI) plays a central role in the operation of modern smart grid (SG) systems by enabling continuous, two-way communication between utility providers and consumers. Through this communication, AMI supports real-time monitoring, dynamic pricing, and efficient energy management. However, the same connectivity that makes AMI effective also increases its exposure to cyber threats. One of the most critical threats is the man-in-the-middle (MITM) attack, in which an attacker secretly intercepts and manipulates messages exchanged between legitimate entities. Such attacks can compromise data confidentiality, alter meter readings, and disrupt grid reliability. To address this challenge, this paper proposes a machine-learning-based intrusion detection model designed to identify MITM attacks in real time within AMI environments. The proposed approach employs the random forest algorithm due to its robustness, ability to handle high-dimensional data, and strong classification performance. The model analyzes multiple network traffic characteristics, including packet timing patterns, packet sizes, and specific features related to the Message Queuing Telemetry Transport (MQTT) communication protocol, which is widely used in AMI systems. By learning normal communication behavior, the model can effectively distinguish legitimate traffic from malicious activity. Experimental evaluation was conducted using an MQTT network traffic dataset. The results demonstrate that the proposed model achieves a detection accuracy of 98.75%, significantly outperforming the Uniform Random Forest with Harris Hawks Bayesian Optimization (URFHBO)-intrusion detection system (IDS) benchmark model, which achieved an accuracy of 84%. These findings indicate that the proposed solution provides a reliable and efficient mechanism for real-time intrusion detection. Ultimately, this work contributes to enhancing the cybersecurity of AMI systems by reducing the risk and impact of MITM attacks in SG infrastructures.

Keywords: Advanced metering infrastructure (AMI), intrusion detection system (IDS), machine learning (ML), man-in-the-middle (MITM), random forest (RF), smart grid (SG)

[This article belongs to Journal Of Network security ]

How to cite this article:
Ahan K.S., Vimlesh Kumar Ray, Priyanka Goyal. Random Forrest Based Man-in-the-Middle Attack Detection in Advanced Metering Infrastructure. Journal Of Network security. 2026; 14(01):1-8.
How to cite this URL:
Ahan K.S., Vimlesh Kumar Ray, Priyanka Goyal. Random Forrest Based Man-in-the-Middle Attack Detection in Advanced Metering Infrastructure. Journal Of Network security. 2026; 14(01):1-8. Available from: https://journals.stmjournals.com/jons/article=2026/view=237408


References

  1. Raja DJ, Sriranjani R, Arulmozhi P, Hemavathi N. Unified random forest and hybrid bat optimization-based man-in-the-middle attack detection in advanced metering infrastructure. IEEE Trans Instrum Meas. 2024;73:2523812. doi: 10.1109/TIM.2024.3420375.
  2. Thankappan M, Rifà-Pous H, Garrigues C. A signature-based wireless intrusion detection system framework for multi-channel man-in-the-middle attacks against protected Wi-Fi networks. IEEE Access. 2024;12:23096–23121. doi:10.1109/ACCESS.2024.3362803.
  3. Kumar A, Sharma I, Mittal S, Ankita. Enhancing security through a machine learning approach to mitigate man-in-the-middle attacks. 2024 IEEE 9th International Conference for Convergence in Technology (I2CT), Pune, India. 2024. p. 1–6. doi:10.1109/I2CT61223.2024.10544319.
  4. Muzammil MB, Bilal M, Ajmal S, Shongwe SC, Ghadi YY. Unveiling vulnerabilities of web attacks considering man-in-the-middle attack and session hijacking. IEEE Access. 2024;12:6365–6375. doi:10.1109/ACCESS.2024.3350444.
  5. Banik S, Banik T, Hossain SMM, Saha SK. Implementing man-in-the-middle attack to investigate network vulnerabilities in smart grid test-bed. 2023 IEEE World AI IoT Congress (AIIoT), Seattle, WA, USA. 2023. p. 345–351. doi:10.1109/AIIoT58121.2023.10174478.
  6. Feng X, Li Q, Sun K, Yang Y, Xu K. Man-in-the-middle attacks without rogue AP: When WPAs meet ICMP redirects. 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA. 2023. p. 3162–3177. doi:10.1109/SP46215.2023.10179441.
  7. Salem O, Alsubhi K, Shaafi A, Gheryani M, Mehaoua A, Boutaba R. Man-in-the-middle attack mitigation in internet of medical things. IEEE Trans Ind Inform. 2022;18:2053–2062. doi:10.1109/TII.2021.3089462.
  8. Lan H, Zhu X, Sun J, Li S. Traffic data classification to detect man-in-the-middle attacks in industrial control system. 2019 6th International Conference on Dependable Systems and Their Applications (DSA), Harbin, China. 2020. p. 430–434. doi:10.1109/DSA.2019.00067.
  9. Thomas J, Cherian S, Chandran S, Pavithran V. Man in the middle attack mitigation in LoRaWAN. 2020 International Conference on Inventive Computation Technologies (ICICT), Coimbatore, India. 2020. p. 353–358. doi:10.1109/ICICT48043.2020.9112391.
  10. Butun I, Pereira N, Gidlund M. Security risk analysis of LoRaWAN and future directions. Future Internet. 2019;11:3. doi:10.3390/fi11010003.
Regular Issue Subscription Original Research
Volume 14
Issue 01
Received 20/06/2025
Accepted 01/10/2025
Published 20/02/2026
Publication Time 245 Days
61

Login


My IP

PlumX Metrics