Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Intrusion Detection Systems of ICMPv6-based DDoS attacks

  • Review
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are thorny and a grave problem of today’s Internet, resulting in economic damages for organizations and individuals. DoS and DDoS attacks that are using Internet Control Message Protocol version six (ICMPv6) messages are the most common attacks against the Internet Protocol version six (IPv6). They are common because of the necessary inclusion of the ICMPv6 protocol in any IPv6 network to work properly. Intrusion Detection Systems (IDSs) of the Internet Protocol version four (IPv4) can run in an IPv6 environment, but they are unable to solve its security problems such as ICMPv6-based DDoS attacks due to the new characteristics of IPv6, such as Neighbour Discovery Protocol and auto-configuration addresses. Therefore, a number of IDSs have been either exclusively proposed to detect IPv6 attacks or extended from existing IPv4 IDSs to support IPv6. This paper reviews and classifies the detection mechanisms of the existing IDSs which are either proposed or extended to tackle ICMPv6-based DDoS attacks. To the best of the authors’ knowledge, it is the first review paper that explains and clarifies the problems of ICMPv6-based DDoS attacks and that classifies and criticizes the existing detection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

  1. Elejla OE, Anbar M, Belaton B (2016) Icmpv6-based dos and ddos attacks and defense mechanisms: review. IETE Tech Rev 1–18. doi:10.1080/02564602.2016.1192964

  2. Supriyanto, Hasbullah IH, Murugesan RK, Ramadass S (2013) Survey of internet protocol version 6 link local communication security vulnerability and mitigation methods. IETE Tech Rev 30(1):64–71

    Article  Google Scholar 

  3. Conta A, Gupta M (2006) Internet control message protocol (icmpv6) for the internet protocol version 6 (ipv6) specification. Request for Comments 4443. https://tools.ietf.org/html/rfc4443.Last. Accessed Aug 2015

  4. Yang X, Ma T, Shi Y (2007) Typical dos/ddos threats under ipv6. In: Presented at the second international multi-conference on computing in the global information technology challanges ICCGI 2007, IEEE, Guadeloupe, French Caribbean, pp 55–55

  5. Carp A, Soare A, Rughiniş R (2010) Practical analysis of ipv6 security auditing methods. In: Presented at the 9th RoEduNet IEEE international conference, IEEE, Lucian Blaga University of Sibiu, Sibiu, Romania, pp 36–41

  6. Lin Z-W, Wang L-H, Ma Y (2006) Possible attacks based on ipv6 features and its detection. In: Asia-Pacific Advanced Network (APAN) 24th Meeting in Xi’An, China

  7. Akamai (2015), State of the internet. www.stateoftheinternet.com. Accessed 2015

  8. Barker K (2013) The security implications of ipv6. Netw Secur 2013:5–9. http://linkinghub.elsevier.com/retrieve/pii/S1353485813700680

  9. Satrya GB, Chandra RL, Yulianto FA (2015) The detection of ddos flooding attack using hybrid analysis in ipv6 networks, In: Presented at the information and communication technology (ICoICT), 2015 3rd international conference on, IEEE, Denpasar, Indonesia, pp 240–244

  10. Evans D (2011) The internet of things: how the next evolution of the internet is changing everything. http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf. Accessed 2015

  11. Dobbins R (2016) Mirai iot botnet description and ddos attack mitigation. https://www.arbornetworks.com/blog/asert/mirai-iot-botnet-description-ddos-attack-mitigation/. Accessed 2016

  12. Security KO (2016) Did the mirai botnet really take liberia offline? https://krebsonsecurity.com/2016/11/did-the-mirai-botnet-really-take-liberia-offline/.Last. Accessed 2016

  13. Security KO (2016) The democratization of censorship. https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/#more-36451.Last. Accessed 2016

  14. Thomson S (1998) Ipv6 stateless address autoconfiguration. https://tools.ietf.org/html/rfc2462. Accessed 2016

  15. Narten T, Simpson WA, Nordmark E, Soliman H (2007) Neighbor discovery for ip version 6 (ipv6). Request for Comments 4861. https://tools.ietf.org/html/rfc4861.Last. Accessed Dec 2015

  16. Weber J, Wegener C, Schwenk J (2013) Ipv6 security test laboratory. Master dissertation, Department of Network and Data Security, Ruhr-University Bochum, Germany

  17. Elejla OE, Belaton B, Anbar M, Alnajjar A (2016) A reference dataset for icmpv6 flooding attacks. J Eng Appl Sci 11(3):476–481

    Google Scholar 

  18. Raghavan S, Dawson E (2011) An investigation into the detection and mitigation of denial of service (dos) attacks: critical information infrastructure protection. Springer, New York

    Book  Google Scholar 

  19. Hogg S, Vyncke E (2008) Ipv6 security: Protection measures for the next internet protocol. Pearson Education, London

    Google Scholar 

  20. Kim J-W, Cho H-H, Mun G-J, Seo J-H, Noh B-N, Kim Y-M (2007) Experiments and countermeasures of security vulnerabilities on next generation network. In: Presented at the future generation communication and networking (FGCN 2007), IEEE, Jeju-Island, Korea, pp 559–564

  21. Ard JB (2012) Internet protocol version six (ipv6) at uc davis: traffic analysis with a security perspective. University of California, Davis

    Google Scholar 

  22. Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya D, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl 40:307–324

    Article  Google Scholar 

  23. Saad RM, Anbar M, Manickam S, Alomari E (2016) An intelligent icmpv6 ddos flooding-attack detection framework (v6iids) using back-propagation neural network. IETE Tech Rev 33(3):1–12

    Google Scholar 

  24. Saad R, Manickam S, Alomari E, Anbar M, Singh P (2014) Design & deployment of testbed based on icmpv6 flooding attack. J Theor Appl Inf Technol 64(3):795–801

    Google Scholar 

  25. Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (idps). NIST Spec Publ 800(2007):94

    Google Scholar 

  26. Elejla OE, Jantan AB, Ahmed AA (2014) Three layers approach for network scanning detection. J Theor Appl Inf Technol 70(2):251–264

    Google Scholar 

  27. Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16–24

    Article  Google Scholar 

  28. Roesch M (1999) Snort: Lightweight intrusion detection for networks. In: Presented at the 13th USENIX conference on system administration, Seattle, Washington, pp 229–238

  29. Schütte M (2011) Design and implementation of an ipv6 plugin for the snort intrusion detection system. https://mschuette.name/files/uni/110922-Diplomvortrag-SnortIPv6.pdf. Accessed 2016

  30. Schütte M (2014) The ipv6 snort plugin. https://www.snort.org/.Last. Accessed March 2015

  31. Atlasis A, Rey E (2015) Evasion of high-end ips devices in the age of ipv6. In: Presented at the BlackHat EU, Amsterdam

  32. Gehrke KA (2012) The unexplored impact of ipv6 on intrusion detection systems. Master dissertation, Department of Computer Science Monterey, California, Naval Postgraduate School

  33. Paxson V (1999) Bro: a system for detecting network intruders in real-time. Comput Netw 31(23):2435–2463

    Article  Google Scholar 

  34. Moya MAC (2008) Analysis and evaluation of the snort and bro network intrusion detection systems. Master Universidad Pontificia Comillas, Madrid

  35. Sommer R, Paxson V (2003) Enhancing byte-level network intrusion detection signatures with context. In: Presented at the proceedings of the 10th ACM conference on Computer and communications security, ACM, Washington, DC, USA, pp 262–271

  36. Rietz R, Vogel M, Schuster F, König H (2014) Parallelization of network intrusion detection systems under attack conditions. In: Detection of intrusions and malware, and vulnerability assessment, Springer, pp 172–191

  37. Pihelgas M (2012)A comparative analysis of opensource intrusion detection systems. Master dissertation, Department of Computer Science TALLINN UNIVERSITY OF TECHNOLOGY

  38. Manninen M (2002) Using artificial intelligence in intrusion detection systems. Helsinki University of Technology, Espoo, p 13

    Google Scholar 

  39. Beck F, Cholez T, Festor O, Chrisment I (2007) Monitoring the neighbor discovery protocol. In: Presented at the second international workshop on IPv6 today-technology and deployment-IPv6TD 2007

  40. Lecigne C (2006) Ndpwatch—ethernet/ipv6 address pairings monitor. http://ndpwatch.sourceforge.net/. Accessed 2016

  41. Morse J (2016) Router advert monitoring daemon. http://ramond.sourceforge.net. Accessed 2016

  42. K. Project (2007) Rafixd. http://www.kame.net/. Accessed 2016

  43. Gont F (2014) Implementation advice for ipv6 router advertisement guard (ra-guard). https://tools.ietf.org/html/rfc7113. Accessed 2016

  44. Barbhuiya FA, Biswas S, Nandi S (2011) Detection of neighbor solicitation and advertisement spoofing in ipv6 neighbor discovery protocol. In: Presented at the Proceedings of the 4th international conference on security of information and networks, ACM, Macquarie University, Sydney, Australia, pp 111–118

  45. Praptodiyono S, Hasbullah IH, Anbar M, Murugesan RK, Osman A (2015) Improvement of address resolution security in ipv6 local network using trust-nd. TELKOMNIKA Indones J Electr Eng 13(1):195–202

    Google Scholar 

  46. Bansal G, Kumar N, Nandi S, Biswas S (2012) Detection of ndp based attacks using mld. In: Presented at the proceedings of the fifth international conference on security of information and networks, ACM, Malaviya National Institute of Technology, Jaipur, India, pp 163–167

  47. Deering S, Fenner W, Haberman B (1999) Multicast listener discovery (mld) for ipv6. Request for Comments 2710. https://tools.ietf.org/html/rfc2710.Last. Accessed 2016

  48. Aleesa AM, Hassan R, Kamal SUM (2016) A rule-based technique to detect router advertisement flooding attack against biobizz web application. Adv Sci Lett 22(8):1887–1891

    Article  Google Scholar 

  49. Patcha A, Park J-M (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470

    Article  Google Scholar 

  50. Yao L, Zhitang L, Shuyu L (2006) A fuzzy anomaly detection algorithm for ipv6. In: Presented at the semantics, knowledge and grid, 2006. Second International Conference on SKG’06. IEEE, United States, p 67

  51. Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. Adv Inf Secur Assur 5576:608–618

    Article  Google Scholar 

  52. Saad RM, Almomani A, Altaher A, Gupta B, Manickam S (2014) Icmpv6 flood attack detection using denfis algorithms. Indian J Sci Technol 7(2):168–173

    Google Scholar 

  53. Zulkiflee MA, Ahmad MS, Sahib S, Ghani MA (2015) A framework of features selection for ipv6 network attacks detection. WSEAS Trans Commun 14(46):399–408

    Google Scholar 

  54. Salih A, Ma X, Peytchev E (2015) Detection and classification of covert channels in ipv6 using enhanced machine learning. In: Presented at the international conference on computer technology and information systems. ICCTIS DUBAI, UAE

  55. Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. In: Presented at the advances in information security and assurance, Seoul, Korea, Springer, 2009, Seoul, Korea, pp 608–618

  56. Zulkiflee M, Haniza N, Shahrin S, Ghani M (2014) A framework of ipv6 network attack dataset construction by using testbed environment. Int Rev Comput Softw (IRECOS) 9(8):1434–1441

    Article  Google Scholar 

  57. O. I. S. Foundation (2010) Suricata intrusion detection system. http://suricata-ids.org/. Accessed 2015

  58. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821

    Article  Google Scholar 

  59. Hu W, Liao Y, Vemuri VR (2003) Robust anomaly detection using support vector machines. In: Presented at the international conference on machine learning. Washington, DC, USA, pp 282–289

  60. Sung AH, Mukkamala S (2003) Identifying important features for intrusion detection using support vector machines and neural networks. In: Presented at the applications and the internet, 2003. Proceedings. 2003 Symposium on, IEEE, pp 209–216

Download references

Acknowledgements

This research was supported by the Short Term Research Grant, Universiti Sains Malaysia (USM) No: 304/PNAV/6313272.

Author information

Authors and Affiliations

  1. School of Computer Science, Universiti Sains Malaysia, Gelugor, Penang, Malaysia

    Omar E. Elejla & Bahari Belaton

  2. National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Gelugor, Penang, Malaysia

    Mohammed Anbar & Ahmad Alnajjar

Authors
  1. Omar E. Elejla
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bahari Belaton
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammed Anbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ahmad Alnajjar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Omar E. Elejla.

Ethics declarations

Conflict of interest

The authors declare that there is no conflict of interest regarding the publication of this paper.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Elejla, O.E., Belaton, B., Anbar, M. et al. Intrusion Detection Systems of ICMPv6-based DDoS attacks. Neural Comput & Applic 30, 45–56 (2018). https://doi.org/10.1007/s00521-016-2812-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-016-2812-8

Keywords

Search

Navigation