Abstract
Network security, amongst other security issues, essentially requires implementing Internet Protocol version 6 (IPv6). Cybercriminals always hunted for methods and means to unfairly benefit from this new technology. IPv6 is an improved protocol because it has built-in security mechanisms compared to Internet Protocol version 4 (IPv4). However, IPv6 has similar susceptibilities, which are inherited from several features of IPv4. Another issue involves that the new functionalities and procedures, which are found in IPv6, depend on Internet Control Message Protocol version 6 (ICMPv6). A common vulnerability is the Denial of Service (DoS) attack. A combination of zombie hosts can form a Distributed Denial of Service (DDoS). The DoS and DDoS attacks often represent substantial hazards in today’s Internet as they can cause serious damages to organizations and disrupts Internet services. This research aims to provide a brief review of the latest studies and investigates on the detection in IPv6 networks using ICMPv6 messages and DoS, as well as DDoS attacks. Moreover, this work aims to introduce the proposed techniques, which utilized the Intrusion Detection System (IDS) in an effort to combat cyber-attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agarwal, P., Yadav, P., Sharma, N., Uniyal, R., & Sharma, S. (2012). Network security is a key for internet users: A perspective. Indian Journal of Engineering, 1(1), 92-95.
Tahir, M., Li, M., Ayoub, N., Shehzaib, U., & Wagan, A. (2018). A Novel DDoS Floods Detection and Testing Approaches for Network Traffic based on Linux Techniques. Int. J. Adv. Comput. Sci. Appl, 9, 341-357.
Al-Ani, A. K., Anbar, M., Manickam, S., & Al-Ani, A. (2019). DAD-match; Security technique to prevent denial of service attack on duplicate address detection process in IPv6 link-local network. PloS one, 14(4), e0214518.
Elejla, O. E., Belaton, B., Anbar, M., & Smadi, I. M. (2017, May). A New Set of Features for Detecting Router Advertisement Flooding Attacks. In 2017 Palestinian International Conference on Information and Communication Technology (PICICT) (pp. 1-5). IEEE.C.E.
Al-Ani, A. K., Anbar, M., Manickam, S., Al-Ani, A., & Leau, Y. B. (2019). Preventing Denial of Service Attacks on Address Resolution in IPv6 Link-local Network: AR-match Security Technique. In Computational Science and Technology (pp. 305-314). Springer, Singapore.
Deering, S., Fenner, B., & Haberman, B. Multicast listener discovery (MLD) for IPv6, October 1999. IETF request for comments RFC2710, 2(22), 101.IPv6-Google, IPv6 _ Google. 2017.
IPv6-Google, IPv6_Google. 2017.
Narten, T., Nordmark, E., Simpson, W., & Soliman, H. (2007). Neighbor discovery for IP version 6 (IPv6) (No. RFC 4861).
Conta, A., Deering, S., & Gupta, M. (2006). Internet control message protocol (icmpv6) for the internet protocol version 6 (ipv6) specification (No. RFC 4443). J. Ard, “Internet Protocol Version Six (IPv6) at UC Davis: Traffic Analysis with a Security Perspective,” 2012.
Mirkovic, J., & Reiher, P. (2004). A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Computer Communication Review, 34(2), 39-53.
Elejla, O. E., Belaton, B., Anbar, M., Alabsi, B., & Al-Ani, A. K. (2019). Comparison of Classification Algorithms on ICMPv6-Based DDoS Attacks Detection. In Computational Science and Technology (pp. 347-357). Springer, Singapore.
Rezvani, M. (2018). Assessment Methodology for Anomaly-Based Intrusion Detection in Cloud Computing. Journal of AI and Data Mining, 6(2), 387-397.
Xue, L., Ma, X., Luo, X., Chan, E. W., Miu, T. T., & Gu, G. (2018). LinkScope: toward detecting target link flooding attacks. IEEE Transactions on Information Forensics and Security, 13(10), 2423-2438.
Crainicu, B. Inside the IPsec Headers: AH (Authentication Header) and ESP (Encapsulating Security Payload). In the Proceedings of the “European Integration-Between Tradition and Modernity” Congress.
Crainicu, B. Inside the IPsec Headers: AH (Authentication Header) and ESP (Encapsulating Security Payload). In The Proceedings of the “European Integration-Between Tradition and Modernity” Congress.
Supriyanto, Hasbullah, I. H., Murugesan, R. K., & Ramadass, S. (2013). Survey of internet protocol version 6 link-local communication security vulnerability and mitigation methods. IETE Technical Review, 30(1), 64-71.
Elejla, O. E., Anbar, M., & Belaton, B. (2017). ICMPv6-based DoS and DDoS attacks and defense mechanisms. IETE Technical Review, 34(4), 390-407.
Joseph Klein; Sr.moderator, “‘Securing IPv6 Networks’, panelists Ron Broersma, Bob Scott, and Dave Rubal, panel discussion,” 2008.
Convery, S., & Miller, D. (2004). Ipv6 and ipv4 threat comparison and best-practice evaluation (v1. 0). Presentation at the 17th NANOG, 24, 16.
Lancaster, T. (2006). IPv6 & IPv4 Threat Review with Dual-Stack Considerations. COMP6009: Individual Research Project, University of Southampton, Department of Electronics and Computer Science, UK.
Choudhary, A. R. (2009, November). In-depth analysis of IPv6 security posture. In 2009 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing (pp. 1-7). IEEE.
Durdağı, E., & Buldu, A. (2010). IPV4/IPV6 security and threat comparisons. Procedia-Social and Behavioral Sciences, 2(2), 5285-5291.
Chown, T. (2008). IPv6 implications for network scanning (No. RFC 5157).
Shah, J. L., & Parvez, J. (2015). Security Issues in Next Generation IP and Migration Networks. IOSR Journal of Computer Engineering (IOSR-JCE), 17, 13-18.
Gont, F., Liu, W., & Anderson, T. (2017). Generation of IPv6 Atomic Fragments Considered Harmful (No. RFC 8021).
Hoque, N., Bhuyan, M. H., Baishya, R. C., Bhattacharyya, D. K., & Kalita, J. K. (2014). Network attacks: Taxonomy, tools, and systems. Journal of Network and Computer Applications, 40, 307-324.
J. Postel, “Internet protocol”, Internet Eng. Task Force (IETF), Request for Comments (RFC) 791, 1981.
Anbar, M., Abdullah, R., Saad, R. M., Alomari, E., & Alsaleem, S. (2016). Review of security vulnerabilities in the IPv6 neighbor discovery protocol. In Information Science and Applications (ICISA) 2016 (pp. 603-612). Springer, Singapore.
Anbar, M., Abdullah, R., Al-Tamimi, B. N., & Hussain, A. (2018). A machine learning approach to detect router advertisement flooding attacks in next-generation IPv6 networks. Cognitive Computation, 10(2), 201-214.
Anbar, M., Abdullah, R., Saad, R., & Hasbullah, I. H. (2017). Review of preventive security mechanisms for neighbour discovery protocol. Advanced Science Letters, 23(11), 11306-11310.
Kumar, M. A., Hemalatha, M., Nagaraj, P., & Karthikeyan, S. (2010, July). A new way towards security in TCP/IP protocol suite. In Proceedings of the 14th WSEAS international conference on Computers: part of the 14th WSEAS CSCC multiconference (Vol. 1).
Choudhary, A. R., & Sekelsky, A. (2010, November). Securing IPv6 network infrastructure: A new security model. In 2010 IEEE International Conference on Technologies for Home-land Security (HST) (pp. 500-506). IEEE.
Ahmed, A. S., Hassan, R., & Othman, N. E. (2015, August). Improving security for IPv6 neighbor discovery. In 2015 International Conference on Electrical Engineering and Informatics (ICEEI) (pp. 271-274). IEEE.
R. M. A. Saad; and S. R. Manickam: A Survey: Network Intrusion Detection System based on Data Mining Techniques, vol. 2, no. January 2013, pp. 145–153, 2013.
Al-Ani, A. K., Anbar, M., Manickam, S., Wey, C. Y., Leau, Y. B., & Al-Ani, A. (2018). Detection and Defense Mechanisms on Duplicate Address Detection Process in IPv6 Link-Local Network: A Survey on Limitations and Requirements. Arabian Journal for Science and Engineering, 1-19.
Shah, S. B. I., Anbar, M., Al-Ani, A., & Al-Ani, A. K. (2019). Hybridizing Entropy Based Mechanism with Adaptive Threshold Algorithm to Detect RA Flooding Attack in IPv6 Networks. In Computational Science and Technology (pp. 315-323). Springer, Singapore.
Douligeris, C., & Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms: classification and state-of-the-art. Computer Networks, 44(5), 643-666.
Gont, F., & Liu, W. (2013). Security Implications of IPv6 options of Type 10xxxxxx. Work in Progress, draft-gont-6man-ipv6-smurf-amplifier-03.
Gao, J., & Chen, Y. (2014). Detecting DOS/DDOS Attacks Under Ipv6. In Proceedings of the 2012 International Conference on Cybernetics and Informatics (pp. 847-855). Springer, New York, NY.
Saad, R. M., Anbar, M., Manickam, S., & Alomari, E. (2016). An intelligent icmpv6 ddos flooding-attack detection framework (v6iids) using back-propagation neural network. IETE Technical Review, 33(3), 244-255.
Balasaraswathi, V. R., Sugumaran, M., & Hamid, Y. (2017). Feature selection techniques for intrusion detection using non-bio-inspired and bio-inspired optimization algorithms. Journal of Communications and Information Networks, 2(4), 107-119.
Roesch, M. (1999, November). Snort: Lightweight intrusion detection for networks. In Lisa (Vol. 99, No. 1, pp. 229-238).
Napiah, M. N., Idris, M. Y. I. B., Ramli, R., & Ahmedy, I. (2018). Compression header analyzer intrusion detection system (CHA-IDS) for 6LoWPAN communication protocol. IEEE Access, 6, 16623-16638.
Sheikhan, M., & Bostani, H. (2016, September). A hybrid intrusion detection architecture for the Internet of things. In 2016 8th International Symposium on Telecommunications (IST) (pp. 601-606). IEEE.
Schütte, M. (2011). Design and implementation of an ipv6 plugin for the snort intrusion detection system. Potsdam University Institute for Computer Science September, 1.
Atlasis, A., & Rey, E. (2014). Evasion of high-end IPS devices in the age of IPv6. BlackHat EU, 2015.
Gehrke, K. A. (2012). The unexplored impact of ipv6 on intrusion detection systems. NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE.
Roesch, “INTRUSION DETECTION SYSTEMS WITH THE SNORT 10,” 2014. [Online]. Available: https://www.coursehero.com/file/p76fva1/INTRUSION-DETECTION-SYSTEMS-WITH-THE-SNORT-10-Roesch-2014-While-there-are/.
Paxson, V. (1999). Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24), 2435-2463.
Moya, M. A. C. (2008). Analysis and evaluation of the snort and bro network intrusion detection systems. Intrusion Detection System, Universidad Pontificia Comillas, 80, 80.
Jyothsna, V. V. R. P. V., Prasad, V. R., & Prasad, K. M. (2011). A review of anomaly-based intrusion detection systems. International Journal of Computer Applications, 28(7), 26-35.
Amaral, J. P., Oliveira, L. M., Rodrigues, J. J., Han, G., & Shu, L. (2014, June). Policy and network-based intrusion detection system for IPv6-enabled wireless sensor networks. In 2014 IEEE International Conference on Communications (ICC) (pp. 1796-1801). IEEE.
Manninen, M. (2002). Using artificial intelligence in intrusion detection systems. Helsinki University of Technology.
Fragkiadakis, A. G., Tragos, E. Z., Tryfonas, T., & Askoxylakis, I. G. (2012). Design and performance evaluation of a lightweight wireless early warning intrusion detection prototype. EURASIP Journal on Wireless Communications and Networking, 2012(1), 73.
Sharma, S., & Gupta, R. K. (2015). Intrusion detection system: A review. International Journal of Security and Its Applications, 9(5), 69-76.
Barati, M., Abdullah, A., Udzir, N. I., Mahmod, R., & Mustapha, N. (2014, August). Distributed Denial of Service detection using a hybrid machine learning technique. In 2014 International Symposium on Biometrics and Security Technologies (ISBAST) (pp. 268-273). IEEE.
Yu, S., Tian, Y., Guo, S., & Wu, D. O. (2014). Can we beat DDoS attacks in clouds? IEEE Transactions on Parallel and Distributed Systems, 25(9), 2245-2254.
Thapngam, T., Yu, S., Zhou, W., & Beliakov, G. (2011, April). Discriminating DDoS attack traffic from flash crowd through packet arrival patterns. In 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS) (pp. 952-957). IEEE.
Alsadhan, A., & Khan, N. (2013). A proposed optimized and efficient intrusion detection system for wireless sensor network. International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering, 7(12), 1621-1624.
Aydın, M. A., Zaim, A. H., & Ceylan, K. G. (2009). A hybrid intrusion detection system design for computer network security. Computers and Electrical Engineering, 35(3), 517-526.
Lo, C. H., & Ansari, N. (2013). CONSUMER: A novel hybrid intrusion detection system for distribution networks in smart grid. IEEE Transactions on Emerging Topics in Computing, 1(1), 33-44.
Cepheli, Ö., Büyükçorak, S., & Karabulut Kurt, G. (2016). Hybrid intrusion detection system for ddos attacks. Journal of Electrical and Computer Engineering, 2016.
Al-Ani, A. K., Anbar, M., Manickam, S., Wey, C. Y., Leau, Y. B., & Al-Ani, A. (2018). Detection and Defense Mechanisms on Duplicate Address Detection Process in IPv6 Link-Local Network: A Survey on Limitations and Requirements. Arabian Journal for Science and Engineering, 1-19.
Acknowledgments
The authors would like to acknowledge the National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia (USM) for providing necessary facilities and support. The funding for this research was provided by Universiti Sains Malaysia (USM) and Iraq Airways Company (IA).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Bdair, A.H., Abdullah, R., Manickam, S., Al-Ani, A.K. (2020). Brief of Intrusion Detection Systems in Detecting ICMPv6 Attacks. In: Alfred, R., Lim, Y., Haviluddin, H., On, C. (eds) Computational Science and Technology. Lecture Notes in Electrical Engineering, vol 603. Springer, Singapore. https://doi.org/10.1007/978-981-15-0058-9_20
Download citation
DOI: https://doi.org/10.1007/978-981-15-0058-9_20
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0057-2
Online ISBN: 978-981-15-0058-9
eBook Packages: EngineeringEngineering (R0)