Recent advancements in dc microgrids are largely based on distributed control strategies to enhance their reliability. However, due to numerous vulnerabilities in the communication layer, they are susceptible to cyber attacks. Hijacked cyber link(s) could affect the microgrid system reliability and operation in many ways. Therefore, the accuracy in detection of the compromised link(s) becomes very critical due to the dynamic relationship between the cyber-physical entities in dc microgrids. One of the most prominent attacks on cyber layer is referred to as the man-in-the-middle (MITM) attack. This type of attack involves infiltrating the information between two communication nodes by a third party. This article proposes a multilayer resilient controller to detect and mitigate MITM attacks immediately for ensuring the security of dc microgrids. First, the modeling of MITM attacks based on cooperative response, and degree of coordination of attack element(s) is discussed in detail. Furthermore, a diverging factor based detection law is proposed to locate the compromised cyber link(s) and to identify the malicious signals in voltage and current counterparts. A multilayer-based event-driven strategy is then used to remove these signals by introducing multiple mitigation layers. Based on the authentication signal for each neighboring agent True or False , the data flow between the multilayer cyber network takes place to guarantee resilience against MITM attacks. Finally, the proposed resilient mechanism in the presence of MITM attack is theoretically verified and validated using simulations and experiments.