Skip to main content
Erschienen in: Neural Computing and Applications 1/2018

28.12.2016 | Review

Intrusion Detection Systems of ICMPv6-based DDoS attacks

verfasst von: Omar E. Elejla, Bahari Belaton, Mohammed Anbar, Ahmad Alnajjar

Erschienen in: Neural Computing and Applications | Ausgabe 1/2018

Einloggen

Aktivieren Sie unsere intelligente Suche um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are thorny and a grave problem of today’s Internet, resulting in economic damages for organizations and individuals. DoS and DDoS attacks that are using Internet Control Message Protocol version six (ICMPv6) messages are the most common attacks against the Internet Protocol version six (IPv6). They are common because of the necessary inclusion of the ICMPv6 protocol in any IPv6 network to work properly. Intrusion Detection Systems (IDSs) of the Internet Protocol version four (IPv4) can run in an IPv6 environment, but they are unable to solve its security problems such as ICMPv6-based DDoS attacks due to the new characteristics of IPv6, such as Neighbour Discovery Protocol and auto-configuration addresses. Therefore, a number of IDSs have been either exclusively proposed to detect IPv6 attacks or extended from existing IPv4 IDSs to support IPv6. This paper reviews and classifies the detection mechanisms of the existing IDSs which are either proposed or extended to tackle ICMPv6-based DDoS attacks. To the best of the authors’ knowledge, it is the first review paper that explains and clarifies the problems of ICMPv6-based DDoS attacks and that classifies and criticizes the existing detection.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Literatur
2.
Zurück zum Zitat Supriyanto, Hasbullah IH, Murugesan RK, Ramadass S (2013) Survey of internet protocol version 6 link local communication security vulnerability and mitigation methods. IETE Tech Rev 30(1):64–71CrossRef Supriyanto, Hasbullah IH, Murugesan RK, Ramadass S (2013) Survey of internet protocol version 6 link local communication security vulnerability and mitigation methods. IETE Tech Rev 30(1):64–71CrossRef
4.
Zurück zum Zitat Yang X, Ma T, Shi Y (2007) Typical dos/ddos threats under ipv6. In: Presented at the second international multi-conference on computing in the global information technology challanges ICCGI 2007, IEEE, Guadeloupe, French Caribbean, pp 55–55 Yang X, Ma T, Shi Y (2007) Typical dos/ddos threats under ipv6. In: Presented at the second international multi-conference on computing in the global information technology challanges ICCGI 2007, IEEE, Guadeloupe, French Caribbean, pp 55–55
5.
Zurück zum Zitat Carp A, Soare A, Rughiniş R (2010) Practical analysis of ipv6 security auditing methods. In: Presented at the 9th RoEduNet IEEE international conference, IEEE, Lucian Blaga University of Sibiu, Sibiu, Romania, pp 36–41 Carp A, Soare A, Rughiniş R (2010) Practical analysis of ipv6 security auditing methods. In: Presented at the 9th RoEduNet IEEE international conference, IEEE, Lucian Blaga University of Sibiu, Sibiu, Romania, pp 36–41
6.
Zurück zum Zitat Lin Z-W, Wang L-H, Ma Y (2006) Possible attacks based on ipv6 features and its detection. In: Asia-Pacific Advanced Network (APAN) 24th Meeting in Xi’An, China Lin Z-W, Wang L-H, Ma Y (2006) Possible attacks based on ipv6 features and its detection. In: Asia-Pacific Advanced Network (APAN) 24th Meeting in Xi’An, China
9.
Zurück zum Zitat Satrya GB, Chandra RL, Yulianto FA (2015) The detection of ddos flooding attack using hybrid analysis in ipv6 networks, In: Presented at the information and communication technology (ICoICT), 2015 3rd international conference on, IEEE, Denpasar, Indonesia, pp 240–244 Satrya GB, Chandra RL, Yulianto FA (2015) The detection of ddos flooding attack using hybrid analysis in ipv6 networks, In: Presented at the information and communication technology (ICoICT), 2015 3rd international conference on, IEEE, Denpasar, Indonesia, pp 240–244
16.
Zurück zum Zitat Weber J, Wegener C, Schwenk J (2013) Ipv6 security test laboratory. Master dissertation, Department of Network and Data Security, Ruhr-University Bochum, Germany Weber J, Wegener C, Schwenk J (2013) Ipv6 security test laboratory. Master dissertation, Department of Network and Data Security, Ruhr-University Bochum, Germany
17.
Zurück zum Zitat Elejla OE, Belaton B, Anbar M, Alnajjar A (2016) A reference dataset for icmpv6 flooding attacks. J Eng Appl Sci 11(3):476–481 Elejla OE, Belaton B, Anbar M, Alnajjar A (2016) A reference dataset for icmpv6 flooding attacks. J Eng Appl Sci 11(3):476–481
18.
Zurück zum Zitat Raghavan S, Dawson E (2011) An investigation into the detection and mitigation of denial of service (dos) attacks: critical information infrastructure protection. Springer, New YorkCrossRef Raghavan S, Dawson E (2011) An investigation into the detection and mitigation of denial of service (dos) attacks: critical information infrastructure protection. Springer, New YorkCrossRef
19.
Zurück zum Zitat Hogg S, Vyncke E (2008) Ipv6 security: Protection measures for the next internet protocol. Pearson Education, London Hogg S, Vyncke E (2008) Ipv6 security: Protection measures for the next internet protocol. Pearson Education, London
20.
Zurück zum Zitat Kim J-W, Cho H-H, Mun G-J, Seo J-H, Noh B-N, Kim Y-M (2007) Experiments and countermeasures of security vulnerabilities on next generation network. In: Presented at the future generation communication and networking (FGCN 2007), IEEE, Jeju-Island, Korea, pp 559–564 Kim J-W, Cho H-H, Mun G-J, Seo J-H, Noh B-N, Kim Y-M (2007) Experiments and countermeasures of security vulnerabilities on next generation network. In: Presented at the future generation communication and networking (FGCN 2007), IEEE, Jeju-Island, Korea, pp 559–564
21.
Zurück zum Zitat Ard JB (2012) Internet protocol version six (ipv6) at uc davis: traffic analysis with a security perspective. University of California, Davis Ard JB (2012) Internet protocol version six (ipv6) at uc davis: traffic analysis with a security perspective. University of California, Davis
22.
Zurück zum Zitat Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya D, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl 40:307–324CrossRef Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya D, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl 40:307–324CrossRef
23.
Zurück zum Zitat Saad RM, Anbar M, Manickam S, Alomari E (2016) An intelligent icmpv6 ddos flooding-attack detection framework (v6iids) using back-propagation neural network. IETE Tech Rev 33(3):1–12 Saad RM, Anbar M, Manickam S, Alomari E (2016) An intelligent icmpv6 ddos flooding-attack detection framework (v6iids) using back-propagation neural network. IETE Tech Rev 33(3):1–12
24.
Zurück zum Zitat Saad R, Manickam S, Alomari E, Anbar M, Singh P (2014) Design & deployment of testbed based on icmpv6 flooding attack. J Theor Appl Inf Technol 64(3):795–801 Saad R, Manickam S, Alomari E, Anbar M, Singh P (2014) Design & deployment of testbed based on icmpv6 flooding attack. J Theor Appl Inf Technol 64(3):795–801
25.
Zurück zum Zitat Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (idps). NIST Spec Publ 800(2007):94 Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (idps). NIST Spec Publ 800(2007):94
26.
Zurück zum Zitat Elejla OE, Jantan AB, Ahmed AA (2014) Three layers approach for network scanning detection. J Theor Appl Inf Technol 70(2):251–264 Elejla OE, Jantan AB, Ahmed AA (2014) Three layers approach for network scanning detection. J Theor Appl Inf Technol 70(2):251–264
27.
Zurück zum Zitat Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16–24CrossRef Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16–24CrossRef
28.
Zurück zum Zitat Roesch M (1999) Snort: Lightweight intrusion detection for networks. In: Presented at the 13th USENIX conference on system administration, Seattle, Washington, pp 229–238 Roesch M (1999) Snort: Lightweight intrusion detection for networks. In: Presented at the 13th USENIX conference on system administration, Seattle, Washington, pp 229–238
31.
Zurück zum Zitat Atlasis A, Rey E (2015) Evasion of high-end ips devices in the age of ipv6. In: Presented at the BlackHat EU, Amsterdam Atlasis A, Rey E (2015) Evasion of high-end ips devices in the age of ipv6. In: Presented at the BlackHat EU, Amsterdam
32.
Zurück zum Zitat Gehrke KA (2012) The unexplored impact of ipv6 on intrusion detection systems. Master dissertation, Department of Computer Science Monterey, California, Naval Postgraduate School Gehrke KA (2012) The unexplored impact of ipv6 on intrusion detection systems. Master dissertation, Department of Computer Science Monterey, California, Naval Postgraduate School
33.
Zurück zum Zitat Paxson V (1999) Bro: a system for detecting network intruders in real-time. Comput Netw 31(23):2435–2463CrossRef Paxson V (1999) Bro: a system for detecting network intruders in real-time. Comput Netw 31(23):2435–2463CrossRef
34.
Zurück zum Zitat Moya MAC (2008) Analysis and evaluation of the snort and bro network intrusion detection systems. Master Universidad Pontificia Comillas, Madrid Moya MAC (2008) Analysis and evaluation of the snort and bro network intrusion detection systems. Master Universidad Pontificia Comillas, Madrid
35.
Zurück zum Zitat Sommer R, Paxson V (2003) Enhancing byte-level network intrusion detection signatures with context. In: Presented at the proceedings of the 10th ACM conference on Computer and communications security, ACM, Washington, DC, USA, pp 262–271 Sommer R, Paxson V (2003) Enhancing byte-level network intrusion detection signatures with context. In: Presented at the proceedings of the 10th ACM conference on Computer and communications security, ACM, Washington, DC, USA, pp 262–271
36.
Zurück zum Zitat Rietz R, Vogel M, Schuster F, König H (2014) Parallelization of network intrusion detection systems under attack conditions. In: Detection of intrusions and malware, and vulnerability assessment, Springer, pp 172–191 Rietz R, Vogel M, Schuster F, König H (2014) Parallelization of network intrusion detection systems under attack conditions. In: Detection of intrusions and malware, and vulnerability assessment, Springer, pp 172–191
37.
Zurück zum Zitat Pihelgas M (2012)A comparative analysis of opensource intrusion detection systems. Master dissertation, Department of Computer Science TALLINN UNIVERSITY OF TECHNOLOGY Pihelgas M (2012)A comparative analysis of opensource intrusion detection systems. Master dissertation, Department of Computer Science TALLINN UNIVERSITY OF TECHNOLOGY
38.
Zurück zum Zitat Manninen M (2002) Using artificial intelligence in intrusion detection systems. Helsinki University of Technology, Espoo, p 13 Manninen M (2002) Using artificial intelligence in intrusion detection systems. Helsinki University of Technology, Espoo, p 13
39.
Zurück zum Zitat Beck F, Cholez T, Festor O, Chrisment I (2007) Monitoring the neighbor discovery protocol. In: Presented at the second international workshop on IPv6 today-technology and deployment-IPv6TD 2007 Beck F, Cholez T, Festor O, Chrisment I (2007) Monitoring the neighbor discovery protocol. In: Presented at the second international workshop on IPv6 today-technology and deployment-IPv6TD 2007
44.
Zurück zum Zitat Barbhuiya FA, Biswas S, Nandi S (2011) Detection of neighbor solicitation and advertisement spoofing in ipv6 neighbor discovery protocol. In: Presented at the Proceedings of the 4th international conference on security of information and networks, ACM, Macquarie University, Sydney, Australia, pp 111–118 Barbhuiya FA, Biswas S, Nandi S (2011) Detection of neighbor solicitation and advertisement spoofing in ipv6 neighbor discovery protocol. In: Presented at the Proceedings of the 4th international conference on security of information and networks, ACM, Macquarie University, Sydney, Australia, pp 111–118
45.
Zurück zum Zitat Praptodiyono S, Hasbullah IH, Anbar M, Murugesan RK, Osman A (2015) Improvement of address resolution security in ipv6 local network using trust-nd. TELKOMNIKA Indones J Electr Eng 13(1):195–202 Praptodiyono S, Hasbullah IH, Anbar M, Murugesan RK, Osman A (2015) Improvement of address resolution security in ipv6 local network using trust-nd. TELKOMNIKA Indones J Electr Eng 13(1):195–202
46.
Zurück zum Zitat Bansal G, Kumar N, Nandi S, Biswas S (2012) Detection of ndp based attacks using mld. In: Presented at the proceedings of the fifth international conference on security of information and networks, ACM, Malaviya National Institute of Technology, Jaipur, India, pp 163–167 Bansal G, Kumar N, Nandi S, Biswas S (2012) Detection of ndp based attacks using mld. In: Presented at the proceedings of the fifth international conference on security of information and networks, ACM, Malaviya National Institute of Technology, Jaipur, India, pp 163–167
48.
Zurück zum Zitat Aleesa AM, Hassan R, Kamal SUM (2016) A rule-based technique to detect router advertisement flooding attack against biobizz web application. Adv Sci Lett 22(8):1887–1891CrossRef Aleesa AM, Hassan R, Kamal SUM (2016) A rule-based technique to detect router advertisement flooding attack against biobizz web application. Adv Sci Lett 22(8):1887–1891CrossRef
49.
Zurück zum Zitat Patcha A, Park J-M (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470CrossRef Patcha A, Park J-M (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470CrossRef
50.
Zurück zum Zitat Yao L, Zhitang L, Shuyu L (2006) A fuzzy anomaly detection algorithm for ipv6. In: Presented at the semantics, knowledge and grid, 2006. Second International Conference on SKG’06. IEEE, United States, p 67 Yao L, Zhitang L, Shuyu L (2006) A fuzzy anomaly detection algorithm for ipv6. In: Presented at the semantics, knowledge and grid, 2006. Second International Conference on SKG’06. IEEE, United States, p 67
51.
Zurück zum Zitat Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. Adv Inf Secur Assur 5576:608–618CrossRef Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. Adv Inf Secur Assur 5576:608–618CrossRef
52.
Zurück zum Zitat Saad RM, Almomani A, Altaher A, Gupta B, Manickam S (2014) Icmpv6 flood attack detection using denfis algorithms. Indian J Sci Technol 7(2):168–173 Saad RM, Almomani A, Altaher A, Gupta B, Manickam S (2014) Icmpv6 flood attack detection using denfis algorithms. Indian J Sci Technol 7(2):168–173
53.
Zurück zum Zitat Zulkiflee MA, Ahmad MS, Sahib S, Ghani MA (2015) A framework of features selection for ipv6 network attacks detection. WSEAS Trans Commun 14(46):399–408 Zulkiflee MA, Ahmad MS, Sahib S, Ghani MA (2015) A framework of features selection for ipv6 network attacks detection. WSEAS Trans Commun 14(46):399–408
54.
Zurück zum Zitat Salih A, Ma X, Peytchev E (2015) Detection and classification of covert channels in ipv6 using enhanced machine learning. In: Presented at the international conference on computer technology and information systems. ICCTIS DUBAI, UAE Salih A, Ma X, Peytchev E (2015) Detection and classification of covert channels in ipv6 using enhanced machine learning. In: Presented at the international conference on computer technology and information systems. ICCTIS DUBAI, UAE
55.
Zurück zum Zitat Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. In: Presented at the advances in information security and assurance, Seoul, Korea, Springer, 2009, Seoul, Korea, pp 608–618 Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. In: Presented at the advances in information security and assurance, Seoul, Korea, Springer, 2009, Seoul, Korea, pp 608–618
56.
Zurück zum Zitat Zulkiflee M, Haniza N, Shahrin S, Ghani M (2014) A framework of ipv6 network attack dataset construction by using testbed environment. Int Rev Comput Softw (IRECOS) 9(8):1434–1441CrossRef Zulkiflee M, Haniza N, Shahrin S, Ghani M (2014) A framework of ipv6 network attack dataset construction by using testbed environment. Int Rev Comput Softw (IRECOS) 9(8):1434–1441CrossRef
58.
Zurück zum Zitat Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821CrossRef Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821CrossRef
59.
Zurück zum Zitat Hu W, Liao Y, Vemuri VR (2003) Robust anomaly detection using support vector machines. In: Presented at the international conference on machine learning. Washington, DC, USA, pp 282–289 Hu W, Liao Y, Vemuri VR (2003) Robust anomaly detection using support vector machines. In: Presented at the international conference on machine learning. Washington, DC, USA, pp 282–289
60.
Zurück zum Zitat Sung AH, Mukkamala S (2003) Identifying important features for intrusion detection using support vector machines and neural networks. In: Presented at the applications and the internet, 2003. Proceedings. 2003 Symposium on, IEEE, pp 209–216 Sung AH, Mukkamala S (2003) Identifying important features for intrusion detection using support vector machines and neural networks. In: Presented at the applications and the internet, 2003. Proceedings. 2003 Symposium on, IEEE, pp 209–216
Metadaten
Titel
Intrusion Detection Systems of ICMPv6-based DDoS attacks
verfasst von
Omar E. Elejla
Bahari Belaton
Mohammed Anbar
Ahmad Alnajjar
Publikationsdatum
28.12.2016
Verlag
Springer London
Erschienen in
Neural Computing and Applications / Ausgabe 1/2018
Print ISSN: 0941-0643
Elektronische ISSN: 1433-3058
DOI
https://doi.org/10.1007/s00521-016-2812-8

Weitere Artikel der Ausgabe 1/2018

Neural Computing and Applications 1/2018 Zur Ausgabe