Top

Neural Computing and Applications

Published in:

28-12-2016 | Review

Intrusion Detection Systems of ICMPv6-based DDoS attacks

Authors: Omar E. Elejla, Bahari Belaton, Mohammed Anbar, Ahmad Alnajjar

Published in: Neural Computing and Applications | Issue 1/2018

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are thorny and a grave problem of today’s Internet, resulting in economic damages for organizations and individuals. DoS and DDoS attacks that are using Internet Control Message Protocol version six (ICMPv6) messages are the most common attacks against the Internet Protocol version six (IPv6). They are common because of the necessary inclusion of the ICMPv6 protocol in any IPv6 network to work properly. Intrusion Detection Systems (IDSs) of the Internet Protocol version four (IPv4) can run in an IPv6 environment, but they are unable to solve its security problems such as ICMPv6-based DDoS attacks due to the new characteristics of IPv6, such as Neighbour Discovery Protocol and auto-configuration addresses. Therefore, a number of IDSs have been either exclusively proposed to detect IPv6 attacks or extended from existing IPv4 IDSs to support IPv6. This paper reviews and classifies the detection mechanisms of the existing IDSs which are either proposed or extended to tackle ICMPv6-based DDoS attacks. To the best of the authors’ knowledge, it is the first review paper that explains and clarifies the problems of ICMPv6-based DDoS attacks and that classifies and criticizes the existing detection.

previous article When does an easy task become hard? A systematic review of human task-evoked pupillary dynamics versus cognitive efforts

next article A 3D neural network for moving microorganism extraction

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Elejla OE, Anbar M, Belaton B (2016) Icmpv6-based dos and ddos attacks and defense mechanisms: review. IETE Tech Rev 1–18. doi:10.1080/02564602.2016.1192964

Supriyanto, Hasbullah IH, Murugesan RK, Ramadass S (2013) Survey of internet protocol version 6 link local communication security vulnerability and mitigation methods. IETE Tech Rev 30(1):64–71CrossRef

Conta A, Gupta M (2006) Internet control message protocol (icmpv6) for the internet protocol version 6 (ipv6) specification. Request for Comments 4443. https://tools.ietf.org/html/rfc4443.Last. Accessed Aug 2015

Yang X, Ma T, Shi Y (2007) Typical dos/ddos threats under ipv6. In: Presented at the second international multi-conference on computing in the global information technology challanges ICCGI 2007, IEEE, Guadeloupe, French Caribbean, pp 55–55

Carp A, Soare A, Rughiniş R (2010) Practical analysis of ipv6 security auditing methods. In: Presented at the 9th RoEduNet IEEE international conference, IEEE, Lucian Blaga University of Sibiu, Sibiu, Romania, pp 36–41

Lin Z-W, Wang L-H, Ma Y (2006) Possible attacks based on ipv6 features and its detection. In: Asia-Pacific Advanced Network (APAN) 24th Meeting in Xi’An, China

Akamai (2015), State of the internet. www.stateoftheinternet.com. Accessed 2015

Barker K (2013) The security implications of ipv6. Netw Secur 2013:5–9. http://linkinghub.elsevier.com/retrieve/pii/S1353485813700680

Satrya GB, Chandra RL, Yulianto FA (2015) The detection of ddos flooding attack using hybrid analysis in ipv6 networks, In: Presented at the information and communication technology (ICoICT), 2015 3rd international conference on, IEEE, Denpasar, Indonesia, pp 240–244

10.

Evans D (2011) The internet of things: how the next evolution of the internet is changing everything. http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf. Accessed 2015

11.

Dobbins R (2016) Mirai iot botnet description and ddos attack mitigation. https://www.arbornetworks.com/blog/asert/mirai-iot-botnet-description-ddos-attack-mitigation/. Accessed 2016

12.

Security KO (2016) Did the mirai botnet really take liberia offline? https://krebsonsecurity.com/2016/11/did-the-mirai-botnet-really-take-liberia-offline/.Last. Accessed 2016

13.

Security KO (2016) The democratization of censorship. https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/#more-36451.Last. Accessed 2016

14.

Thomson S (1998) Ipv6 stateless address autoconfiguration. https://tools.ietf.org/html/rfc2462. Accessed 2016

15.

Narten T, Simpson WA, Nordmark E, Soliman H (2007) Neighbor discovery for ip version 6 (ipv6). Request for Comments 4861. https://tools.ietf.org/html/rfc4861.Last. Accessed Dec 2015

16.

Weber J, Wegener C, Schwenk J (2013) Ipv6 security test laboratory. Master dissertation, Department of Network and Data Security, Ruhr-University Bochum, Germany

17.

Elejla OE, Belaton B, Anbar M, Alnajjar A (2016) A reference dataset for icmpv6 flooding attacks. J Eng Appl Sci 11(3):476–481

18.

Raghavan S, Dawson E (2011) An investigation into the detection and mitigation of denial of service (dos) attacks: critical information infrastructure protection. Springer, New YorkCrossRef

19.

Hogg S, Vyncke E (2008) Ipv6 security: Protection measures for the next internet protocol. Pearson Education, London

20.

Kim J-W, Cho H-H, Mun G-J, Seo J-H, Noh B-N, Kim Y-M (2007) Experiments and countermeasures of security vulnerabilities on next generation network. In: Presented at the future generation communication and networking (FGCN 2007), IEEE, Jeju-Island, Korea, pp 559–564

21.

Ard JB (2012) Internet protocol version six (ipv6) at uc davis: traffic analysis with a security perspective. University of California, Davis

22.

Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya D, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl 40:307–324CrossRef

23.

Saad RM, Anbar M, Manickam S, Alomari E (2016) An intelligent icmpv6 ddos flooding-attack detection framework (v6iids) using back-propagation neural network. IETE Tech Rev 33(3):1–12

24.

Saad R, Manickam S, Alomari E, Anbar M, Singh P (2014) Design & deployment of testbed based on icmpv6 flooding attack. J Theor Appl Inf Technol 64(3):795–801

25.

Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (idps). NIST Spec Publ 800(2007):94

26.

Elejla OE, Jantan AB, Ahmed AA (2014) Three layers approach for network scanning detection. J Theor Appl Inf Technol 70(2):251–264

27.

Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16–24CrossRef

28.

Roesch M (1999) Snort: Lightweight intrusion detection for networks. In: Presented at the 13th USENIX conference on system administration, Seattle, Washington, pp 229–238

29.

Schütte M (2011) Design and implementation of an ipv6 plugin for the snort intrusion detection system. https://mschuette.name/files/uni/110922-Diplomvortrag-SnortIPv6.pdf. Accessed 2016

30.

Schütte M (2014) The ipv6 snort plugin. https://www.snort.org/.Last. Accessed March 2015

31.

Atlasis A, Rey E (2015) Evasion of high-end ips devices in the age of ipv6. In: Presented at the BlackHat EU, Amsterdam

32.

Gehrke KA (2012) The unexplored impact of ipv6 on intrusion detection systems. Master dissertation, Department of Computer Science Monterey, California, Naval Postgraduate School

33.

Paxson V (1999) Bro: a system for detecting network intruders in real-time. Comput Netw 31(23):2435–2463CrossRef

34.

Moya MAC (2008) Analysis and evaluation of the snort and bro network intrusion detection systems. Master Universidad Pontificia Comillas, Madrid

35.

Sommer R, Paxson V (2003) Enhancing byte-level network intrusion detection signatures with context. In: Presented at the proceedings of the 10th ACM conference on Computer and communications security, ACM, Washington, DC, USA, pp 262–271

36.

Rietz R, Vogel M, Schuster F, König H (2014) Parallelization of network intrusion detection systems under attack conditions. In: Detection of intrusions and malware, and vulnerability assessment, Springer, pp 172–191

37.

Pihelgas M (2012)A comparative analysis of opensource intrusion detection systems. Master dissertation, Department of Computer Science TALLINN UNIVERSITY OF TECHNOLOGY

38.

Manninen M (2002) Using artificial intelligence in intrusion detection systems. Helsinki University of Technology, Espoo, p 13

39.

Beck F, Cholez T, Festor O, Chrisment I (2007) Monitoring the neighbor discovery protocol. In: Presented at the second international workshop on IPv6 today-technology and deployment-IPv6TD 2007

40.

Lecigne C (2006) Ndpwatch—ethernet/ipv6 address pairings monitor. http://ndpwatch.sourceforge.net/. Accessed 2016

41.

Morse J (2016) Router advert monitoring daemon. http://ramond.sourceforge.net. Accessed 2016

42.

K. Project (2007) Rafixd. http://www.kame.net/. Accessed 2016

43.

Gont F (2014) Implementation advice for ipv6 router advertisement guard (ra-guard). https://tools.ietf.org/html/rfc7113. Accessed 2016

44.

Barbhuiya FA, Biswas S, Nandi S (2011) Detection of neighbor solicitation and advertisement spoofing in ipv6 neighbor discovery protocol. In: Presented at the Proceedings of the 4th international conference on security of information and networks, ACM, Macquarie University, Sydney, Australia, pp 111–118

45.

Praptodiyono S, Hasbullah IH, Anbar M, Murugesan RK, Osman A (2015) Improvement of address resolution security in ipv6 local network using trust-nd. TELKOMNIKA Indones J Electr Eng 13(1):195–202

46.

Bansal G, Kumar N, Nandi S, Biswas S (2012) Detection of ndp based attacks using mld. In: Presented at the proceedings of the fifth international conference on security of information and networks, ACM, Malaviya National Institute of Technology, Jaipur, India, pp 163–167

47.

Deering S, Fenner W, Haberman B (1999) Multicast listener discovery (mld) for ipv6. Request for Comments 2710. https://tools.ietf.org/html/rfc2710.Last. Accessed 2016

48.

Aleesa AM, Hassan R, Kamal SUM (2016) A rule-based technique to detect router advertisement flooding attack against biobizz web application. Adv Sci Lett 22(8):1887–1891CrossRef

49.

Patcha A, Park J-M (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470CrossRef

50.

Yao L, Zhitang L, Shuyu L (2006) A fuzzy anomaly detection algorithm for ipv6. In: Presented at the semantics, knowledge and grid, 2006. Second International Conference on SKG’06. IEEE, United States, p 67

51.

Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. Adv Inf Secur Assur 5576:608–618CrossRef

52.

Saad RM, Almomani A, Altaher A, Gupta B, Manickam S (2014) Icmpv6 flood attack detection using denfis algorithms. Indian J Sci Technol 7(2):168–173

53.

Zulkiflee MA, Ahmad MS, Sahib S, Ghani MA (2015) A framework of features selection for ipv6 network attacks detection. WSEAS Trans Commun 14(46):399–408

54.

Salih A, Ma X, Peytchev E (2015) Detection and classification of covert channels in ipv6 using enhanced machine learning. In: Presented at the international conference on computer technology and information systems. ICCTIS DUBAI, UAE

55.

Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. In: Presented at the advances in information security and assurance, Seoul, Korea, Springer, 2009, Seoul, Korea, pp 608–618

56.

Zulkiflee M, Haniza N, Shahrin S, Ghani M (2014) A framework of ipv6 network attack dataset construction by using testbed environment. Int Rev Comput Softw (IRECOS) 9(8):1434–1441CrossRef

57.

O. I. S. Foundation (2010) Suricata intrusion detection system. http://suricata-ids.org/. Accessed 2015

58.

Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821CrossRef

59.

Hu W, Liao Y, Vemuri VR (2003) Robust anomaly detection using support vector machines. In: Presented at the international conference on machine learning. Washington, DC, USA, pp 282–289

60.

Sung AH, Mukkamala S (2003) Identifying important features for intrusion detection using support vector machines and neural networks. In: Presented at the applications and the internet, 2003. Proceedings. 2003 Symposium on, IEEE, pp 209–216

Title: Intrusion Detection Systems of ICMPv6-based DDoS attacks
Authors: Omar E. Elejla
Bahari Belaton
Mohammed Anbar
Ahmad Alnajjar
Publication date: 28-12-2016
Publisher: Springer London
Published in: Neural Computing and Applications / Issue 1/2018
Print ISSN: 0941-0643
Electronic ISSN: 1433-3058
DOI: https://doi.org/10.1007/s00521-016-2812-8

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Other articles of this Issue 1/2018

A hybrid differential evolution algorithm with estimation of distribution algorithm for reentrant hybrid flow shop scheduling problem

A skin membrane-driven membrane algorithm for many-objective optimization

Hybridizing artificial bee colony with monarch butterfly optimization for numerical optimization problems

Extracting online information from dual and multiple data streams

Social group optimization for global optimization of multimodal functions and data clustering problems

Cluster merging based on a decision threshold

Premium Partner