Liu Bin,Li Zhitang,Li Zhanchun

DOI: https://doi.org/10.1007/bf02831860

2006-01-01

Wuhan University Journal of Natural Sciences

Abstract:The next generation protocol IPv6 brings the new challenges to the information security. This paper presents the design and implementation of a network-based intrusion detection system that support both IPv6 protocol and IPv6 protocol. This system's architecture is focused on performance, simplicity, and scalability. There are four primary subsystems that make it up: the packet capture, the packet decoder, the detection engine, and the logging and alerting subsystem. This paper further describes a new approach to packet capture whose goal is to improve the performance of the capture process at high speeds. The evaluation shows that the system has a good performance to detect IPv6 attacks and IPv4 attacks, and achieves 61% correct detection rate with 20% false detection rate at the speed of 100 Mb·s−1.

Jie Zhong,Xiangning Chen

DOI: https://doi.org/10.1145/3424978.3425020

2020-01-01

Abstract:With the gradual replacement of IPv4 by IPv6, Distributed Denial-of-Service (DDoS) attacks that have plagued IPv4 appear in IPv6 more or less, and affect the normal operation of IPv6. However, the current research on how to construct a secure DDoS attack defense system under ipv6 is far away from satisfactory. This paper makes a detailed analysis of DDoS attacks from the aspect of causes, specific performance, architecture, classifies DDoS attacks according to the exploited vulnerabilities and analyzes the typical attack methods respectively. At the same time, the improvements and defects of IPv6 are further studied, along with the way to defend, summarizes how to defend against DDoS attacks in IPv6 from two aspects, and analyze the advantages and disadvantages of each scheme. Finally, how to build a more secure network security defense system in IPv6 is prospected.

Bin Liu,Zhitang Li,Yao Li,Zhanchun Li

DOI: https://doi.org/10.1117/12.657361

2005-01-01

Abstract:Network intrusion detection systems (NIDS) are important parts of network security architecture. Although many NIDS have been proposed, there is little effort to expand the current set of NIDS to support IPv6 protocol. This paper presents the design and implementation of a Network-based Intrusion Detection System that supports both IPv6 protocol and IPv4 protocol. It characters rules based logging to perform content pattern matching and detect a variety of attacks and probes from IPv4 and IPv6. There are four primary subsystems to make it up: packet capture, packet decoder, detection engine, and logging and alerting subsystem. A new approach to packet capture that combined NAPI with MMAP is proposed in this paper. The test results show that the efficiency of packet capture can be improved significantly by this method. Several new attack tools for IPv6 have been developed for intrusion detection evaluation. Test shows that more than 20 kinds of IPv6 attacks can be detected by this system and it also has a good performance under heavy traffic load.

Xinyu Yang,Ting Ma,Yi Shi

DOI: https://doi.org/10.1109/iccgi.2007.61

2007-01-01

Abstract:The DoS/DDoS attacks are always the leading threats to the Internet. With the development of Internet, IPv6 is inevitably taking the place of IPv4 as the main protocol of Internet. So the security issues of IPv6 become the focus of the present research. In this paper we mainly focus on the typical DoS/DDoS attacks under IPv6, which including the DoS attacks pertinent to IPv6 Neighbor Discovery protocol and DDoS attacks based on the four representative attack modes, they are respectively TCP-Flood, UDP-Flood, ICMP-Flood and Smurf. We do these attack experiments under IPv6 with and without IPSec configuration respectively. The experiments without IPSec validate the effectiveness of the typical DoS/DDoS attacks under IPv6, and those with IPSec show the effectiveness of IPSec against these attacks whose source addresses are spoofed.

Liu Wu,Ren Ping,Zhao Yawei,Sun Donghong,Liu Ke

DOI: https://doi.org/10.1109/icdsp.2015.7251328

2015-01-01

Abstract:Although widely deployed in recent years, the IPv6 protocols still have many security problems, especially the Man-In-The-Middle (MITM) Attack in IPv6 Local Area Network. This paper presents an IPv6 MITM Attack test system to help users aware the security risks, and then design a defending tool using DNSSEC to avoid session hijack attack in IPv6 Networks.

Yubing Li,Wei Yang,Zhou,Qingyun Liu,Zhao Li,Shu Li

DOI: https://doi.org/10.1109/icc45855.2022.9839137

2022-01-01

Abstract:Internet Protocol Version 6 (IPv6) is expected for widespread deployment worldwide. Such rapid development of IPv6 may lead to safety problems. The main threats in IPv6 networks are denial of service (DoS) attacks and distributed DoS (DDoS) attacks. In addition to the similar threats in Internet Protocol Version 4 (IPv4), IPv6 has introduced new potential vulnerabilities, which are DoS and DDoS attacks based on Internet Control Message Protocol version 6 (ICMPv6). We divide such new attacks into two categories: pure flooding attacks and source address spoofing attacks. We propose P4-NSAF, a scheme to defend against the above two IPv6 DoS and DDoS attacks in the programmable data plane. P4-NSAF uses Count-Min Sketch to defend against flooding attacks and records information about IPv6 agents into match tables to prevent source address spoofing attacks. We implement a prototype of P4-NSAF with P4 and evaluate it in the programmable data plane. The result suggests that P4-NSAF can effectively protect IPv6 networks from DoS and DDoS attacks based on ICMPv6.

S. Idrus,A. Taib,Wan Nor Ashiqin Wan Ali

DOI: https://doi.org/10.1051/MATECCONF/201815006001

Abstract:Enterprises are required to utilize Internet Control Message Protocol version 6 (ICMPv6) when IPv6 is deployed. In IPv4, Internet Control Message Protocol (ICMP) is aggressively filtered by a network administrator while in IPv6, ICMPv6 messages cannot be aggressively filtered due to the function of ICMPv6 message. ICMPv6 security risks increase when ICMPv6 threats and vulnerabilities are exploited. Thus, it is very crucial for enterprises to address the issues. In practice, network researchers must review several resources to identify ICMPv6 related attacks occurring due to the exploitation of ICMPv6 vulnerabilities. Overlooking any of these issues will jeopardize the security of ICMPv6. While conducting the attack scenarios testing, IPv6-Filtering Prototype System (I6-FPS) was developed to overcome the deficiency and limited filtering tools that supported IPv6 filtering rules (ip6table). I6-FPS is used to automate and simplify the writing of ip6table and it was developed using PHP5 and Shell script languages. This research revealed that I6-FPS is significant in the initial phase of securing IPv6 deployment as well as focusing on the ICMPv6 filtering rules. The I6-FPS has the potential to be enhanced and developed over time by including more functions to that system in generating specific filtering ip6table rules.

Engineering,Computer Science

Keturahlee Coulibaly

DOI: https://doi.org/10.48550/arXiv.2004.08967

2020-04-20

Abstract:Cyber threats are increasing not only in their volume but also in their sophistication and difficulty to detect. Attacks have become a national/global threat as they have targeted private and public, as well as government sectors over the years. This is a growing issue and organisations are taking steps to reduce, detect and prevent threats. To do this they need to use systems that are equipped with the capabilities to do either of those steps and develop them for the type of networks they use, for instance wired or wireless. One of these systems are Intrusion Detection Systems (IDS), which can be used as the first defence mechanism or a secondary defence mechanism of a threat or an attack. There are different types of attacks that can occur in a network, such as Denial of service (DoS)/Distributed Denial of Service (DDoS), port scanning, malware or ransomware and so forth that IDSs have a capability of detecting. Assisting in the mitigation of such attacks, there are also Intrusion Prevention Systems (IPS) whose role has a different purpose than that of IDSs. Unlike IDSs they not only detect threats but prevent them from disrupting the network, IPSs can be used in conjunction with IDSs to double the defences. This paper provides an overview of IDS and their classifications and IPS. It will detail typical benefits and limitations to using IDSs, IPSs and the hybrids (such as Intrusions Detection Prevention Systems (IDPSs and more)) which will be discussed further. It will also outline developments in the making using ML and how it is used to improve these systems and the dilemmas they produce and possible ways to counter act them.

Cryptography and Security

Wu Liu,Donghong Sun,Ping Ren,Zailiang Tang

DOI: https://doi.org/10.1109/icecc.2012.174

2012-01-01

Abstract:Although widely deployed in recent years, the IPv6 protocols still have many security problems, especially the Man-In-The-Middle Attack in Local Area Network. This paper presents an IPv6 Man-In-The-Middle Attack test system to help user aware the security risks, and design a defending tool using DNSSEC to avoid Man-In-The-Middle attack in IPv6 Networks.

Ansam Khraisat,Iqbal Gondal,Peter Vamplew,Joarder Kamruzzaman

DOI: https://doi.org/10.1186/s42400-019-0038-7

2019-07-17

Abstract:Cyber-attacks are becoming more sophisticated and thereby presenting increasing challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade the credibility of security services, e.g. data confidentiality, integrity, and availability. Numerous intrusion detection methods have been proposed in the literature to tackle computer security threats, which can be broadly classified into Signature-based Intrusion Detection Systems (SIDS) and Anomaly-based Intrusion Detection Systems (AIDS). This survey paper presents a taxonomy of contemporary IDS, a comprehensive review of notable recent works, and an overview of the datasets commonly used for evaluation purposes. It also presents evasion techniques used by attackers to avoid detection and discusses future research challenges to counter such techniques so as to make computer systems more secure.

computer science, information systems, interdisciplinary applications, software engineering

Ahmed K. Al-Ani,Mohammed Anbar,Selvakumar Manickam,Chong Yung Wey,Yu-Beng Leau,Ayman Al-Ani

DOI: https://doi.org/10.1007/s13369-018-3643-y

IF: 2.807

2018-12-07

Arabian Journal for Science and Engineering

Abstract:The deployment of Internet Protocol Version 6 (IPv6) has progressed at a rapid pace. IPv6 has introduced new features and capabilities that is not available in IPv4. However, new security risks and challenges emerge with any new technology. Similarly, Duplicate Address Detection (DAD), part of Neighbor Discovery Protocol in IPv6 protocol, is subject to security threats such as denial-of-service attacks. This paper presents a comprehensive review on detection and defense mechanisms for DAD on fixed network. The strengths and weaknesses of each mechanism to Secure-DAD process are discussed from the perspective of implementation and processing time. Finally, challenges and future directions are presented along with feature requirements for the new security mechanism to secure DAD procedure in an IPv6 link-local network.

multidisciplinary sciences

. C. Ioannou,V. Vassiliou,S. M. Kasongo,Y. Sun,Y. Xiao,C. Xing,T. Zhang,Aman deep Kaur,Prakash Rao Ragiri,H. Alipour,Y. B. Al-Nashif,P. Satam

2020-01-01

Abstract:The threat of cyber intrusion is progressively high and harmful. Intrusion Detection Systems (IDS) provides the ability to identify security breaches in a system. A security breach will be taking any action based on the owner of the system believes unauthorized. Attacks in Wireless Networks (WNs) aim in limiting or even eliminating the ability of the network to perform its expected function. WNs are networks with limited resources and often deployed in uncontrollable environments that an intruder can easily access. WN attacks target specific network layer’s vulnerabilities but normally affect other layers as well. Network layer should be monitored and evaluated in order to detect possible malicious intervention. In this research, a general methodology of an anomaly-based Intrusion Detection System is proposed and evaluated the proposed system using routing layer attacks in Ad-hoc Distance Vector Routing (AODV) protocol and IDS is able to detect malicious activity and our solution delivered the packets to the receiver in a new route without discarding.

L Yao,ZT Li,T Hao

DOI: https://doi.org/10.1117/12.602039

2005-01-01

Abstract:We have set up a project aimed at developing a dynamical immune intrusion detection system for IPv6 and protecting the next generation Internet from intrusion. We focus on investigating immunelogical principles in designing a dynamic multi-agent system for intrusion detection in IPv6 environment, instead of attempting to describe all that is intrusion in the network try and describe what is normal use and define "non-self" as intrusion. The proposed intrusion detection system is designed as flexible, extendible, and adaptable in order to meet the needs and preferences of network administrators for IPv6 environment.

Lee, H.C.J.,Miao Ma,Thing, V.L.L.,Yi Xu

DOI: https://doi.org/10.1109/ISCC.2003.1214181

2003-01-01

Abstract:As the Internet becomes pervasive, the vulnerability of some fundamental design aspects of the Internet has also become significant. Among which, denial-of-service (DoS) and distributed DoS (DDoS) pose significant problems, as they are disruptive to the useful traffics and are hard to prevent. One solution consists in instituting accountability, which hold the attackers accountable for the attack. The key issue is to identify the real sources of the attacks and attackers use spoofed IP address to hide their actual network location. However, the Internet architecture does not provide intrinsic support for identifying the real sources of IP packets. Numerous mechanisms have been proposed to traceback the real sources. Most of such networks have been addressing the IP version 4. In this paper, we address the issues of IP traceback in the context of IPv6 and mobile IPv6. This paper provides a detailed analysis of these issues and problems. The main problem lies with the transformations that are introduced by IPv6 and mobile IPv6 protocols, namely tunneling and addresses manipulation. We then propose a solution, including new ICMPv6 messages for traceback co-ordination, to facilitate the traceback mechanism.

Maruthi Rohit Ayyagari,Nishtha Kesswani,Munish Kumar,Krishan Kumar

DOI: https://doi.org/10.1007/s11276-020-02529-3

IF: 2.701

2021-01-02

Wireless Networks

Abstract:The entire world relates to some network capabilities in some way or the other. The data transmission on the network is getting more straightforward and quicker. An intrusion detection system helps distinguish unauthorized activities or intrusions that may settle the confidentiality, integrity, or availability of a resource. Nowadays, almost all institutions are using network-related facilities like schools, banks, offices, etc. Social media has become so popular that nearly every individual belongs to a new nation called 'Netizen.' Several approaches have been implemented to incorporate security features in network-related issues. However, vulnerable attacks are continuous, so intrusion detection systems have been proposed to secure computer systems and networks. Network security is a piece of the most fundamental issues in Computer Network Management. Moreover, an intrusion is considered to be the most revealed dangers to security. With the evolution of the networks, intrusion detection has emerged as a crucial field in networks' security. The main aim of this article is to deliver a systematic review of intrusion detection approaches and systems that are used in various network environments.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yan Chen

2014-01-01

Abstract:Traffic anomalies and attacks are commonplace in today’s networks, and identifying them rapidly and accurately is critical for large network operators. It was estimated that malicious code (viruses, worms and Trojan horses) caused over $28 billion in economic losses in 2003, and will grow to over $75 billion in economic losses by 2007 [11]. Meanwhile, the broadband wireless networks, represented by the emerged IEEE 802.16 standards, is gaining its popularity and will be seamlessly integrated into the current Internet. Such high-speed wireless network may even be connected to the regional backbone directly to construct the wireless metropolitan-area network (MAN). Thus such wireless network will be exposed to all the attacks, viruses and worms in the current Internet. Like the 802.11 wireless LAN, 802.16 network is facing scrutiny on its security mechanisms. Driven by customers’ security awareness and demand, intrusion detection and security management tools become essential part of current 802.11 product offering suite. Although there are a lot of existing 802.11 intrusion detection products, they mostly target to detect denial-of-service attacks caused by the WEP authentication vulnerability, e.g., Airespace [6]. Existing IDSs for wired network have various shortcomings when they are applied to broadband wireless MAN as discussed below [5, 10, 13–15, 17, 20]. Furthermore, there is little intrusion detection research done tailored to 802.16 and beyond 3G. First, they are mostly host-based and not scalable to high-speed networks. However, nowadays rapid propagation of viruses/worms can infect most vulnerable machines in the Internet in only ten minutes [12], and even 30 seconds with advanced techniques [18]. Thus it is crucial to identify such outbreaks in their early phases, which can only be possibly achieve d by detection at the base stations or routers provided by the network infrastructures instead of at end hosts [23]. In fact, it is very hard to implement certain detection techniques, such as those for port scanning, at end hosts. The end hosts, especially for wireless devices, may have various weak computational/power limits to do advanced detection. Thus to augment the wireless MAN infrastructure with accurate intrusion detection and mitigation system can significantly attract the subscribers. However, the existing schemes are not scalable to the link speeds and number of flows for high-speed 802.16 wireless MAN as illustrated below. Second, they are mostly signature-based and unable to adaptively recognize flow-level unknown attacks. Most of them can only detect known attacks with signatures, but not unknown new attacks. Also, attackers can easily evade such IDSs by garbling signatures. Statistical IDSs are therefore proposed to detect anomalous behaviors [2, 7, 8, 21, 22]. To enable accurate detection and attack mitigation, the detection needs to be executed at flow level. Given a spoofed TCP SYN flooding attack sending 40-byte packet streams to a 802.16 network which can provide up to 134Mbps bandwidth, each packet may be considered as a flow, and even to record 10-minute traffic in memory for analysis will take more than 4GB. Thus existing flow-level schemes themselves are vulnerable to attacks [7, 13, 14]. In addition, the statistical parameters are often manually set, and hard to adapt to the traffic pattern changes. However, wireless networks often have transient connections which makes it a big challenge to differentiate collisions, interference, and real attacks. Third, they cannot differentiate malicious events from the unintentional anomalies. Such unintentional anomalies may be caused by network element (e.g.base stations, routers or links) faults. The statistical IDS cannot tell it from malicious attacks, and thus have high false positive rates.

Wu Liu,Duan Hai-xin,Tao Lin,Li Xing,Wu Jian-ping

DOI: https://doi.org/10.1109/UIC-ATC.2009.78

2009-01-01

Abstract:Although IPv6 protocol has considered and implemented more security mechanisms compared with IPv4, there are still many security threatens in IPv6 Networks. Being one of the key protocols in IPv6, the Internet Control Message Protocol (ICMPv6) suffers from severe security risks. In this paper we construct an IPv6 attacking test system H6Proxy exploiting the ICMPv6 Unreachable Message, which shows that the security of IPv6 protocol is still very weak. © 2009 IEEE.

Xiang Li,Baojun Liu,Xiaofeng Zheng,Haixin Duan,Qi Li,Youjun Huang

DOI: https://doi.org/10.1109/DSN48987.2021.00025

2021-01-01

Abstract:Numerous measurement researches have been performed to discover the IPv4 network security issues by leveraging the fast Internet-wide scanning techniques. However, IPv6 brings the 128-bit address space and renders brute-force network scanning impractical. Although significant efforts have been dedicated to enumerating active IPv6 hosts, limited by technique efficiency and probing accuracy, large-scale empirical measurement studies under the increasing IPv6 networks are infeasible now. To fill this research gap, by leveraging the extensively adopted IPv6 address allocation strategy, we propose a novel IPv6 network periphery discovery approach. Specifically, XMap, a fast network scanner, is developed to find the periphery, such as a home router. We evaluate it on twelve prominent Internet service providers and harvest 52M active peripheries. Grounded on these found devices, we explore IPv6 network risks of the unintended exposed security services and the flawed traffic routing strategies. First, we demonstrate the unintended exposed security services in IPv6 networks, such as DNS, and HTTP, have become emerging security risks by analyzing 4.7M peripheries. Second, by inspecting the periphery's packet routing strategies, we present the flawed implementations of IPv6 routing protocol affecting 5.8M router devices. Attackers can exploit this common vulnerability to conduct effective routing loop attacks, inducing DoS to the ISP's and home routers with an amplification factor of \gt 200. We responsibly disclose those issues to all involved vendors and ASes and discuss mitigation solutions. Our research results indicate that the security community should revisit IPv6 network strategies immediately.

Saloni Anand,Kshitij Patne

DOI: https://doi.org/10.22214/ijraset.2022.44761

2022-06-30

International Journal for Research in Applied Science and Engineering Technology

Abstract:Abstract: Intrusion Detection systems are now increasingly significant in network security. As the number of people using the internet grows, so does the chance of a cyberattack. People are adopting signature-based intrusion detection systems. Snort is a popular open-source signature-based intrusion detection system. It is widely utilised in the intrusion detection and prevention arena across the world. The aim of this research is to provide knowledge about intrusion detection systems, application vulnerabilities, and their prevention methods and to perform a comparison of the latest tools and mechanisms used to detect these threats and vulnerabilities.

Pedro Manso,Jose Moura,Carlos Serrao

DOI: https://doi.org/10.3390/info10030106

2021-04-15

Abstract:The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the normal operation of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.

Cryptography and Security,Networking and Internet Architecture