Abstract
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are thorny and a grave problem of today’s Internet, resulting in economic damages for organizations and individuals. DoS and DDoS attacks that are using Internet Control Message Protocol version six (ICMPv6) messages are the most common attacks against the Internet Protocol version six (IPv6). They are common because of the necessary inclusion of the ICMPv6 protocol in any IPv6 network to work properly. Intrusion Detection Systems (IDSs) of the Internet Protocol version four (IPv4) can run in an IPv6 environment, but they are unable to solve its security problems such as ICMPv6-based DDoS attacks due to the new characteristics of IPv6, such as Neighbour Discovery Protocol and auto-configuration addresses. Therefore, a number of IDSs have been either exclusively proposed to detect IPv6 attacks or extended from existing IPv4 IDSs to support IPv6. This paper reviews and classifies the detection mechanisms of the existing IDSs which are either proposed or extended to tackle ICMPv6-based DDoS attacks. To the best of the authors’ knowledge, it is the first review paper that explains and clarifies the problems of ICMPv6-based DDoS attacks and that classifies and criticizes the existing detection.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Elejla OE, Anbar M, Belaton B (2016) Icmpv6-based dos and ddos attacks and defense mechanisms: review. IETE Tech Rev 1–18. doi:10.1080/02564602.2016.1192964
Supriyanto, Hasbullah IH, Murugesan RK, Ramadass S (2013) Survey of internet protocol version 6 link local communication security vulnerability and mitigation methods. IETE Tech Rev 30(1):64–71
Conta A, Gupta M (2006) Internet control message protocol (icmpv6) for the internet protocol version 6 (ipv6) specification. Request for Comments 4443. https://tools.ietf.org/html/rfc4443.Last. Accessed Aug 2015
Yang X, Ma T, Shi Y (2007) Typical dos/ddos threats under ipv6. In: Presented at the second international multi-conference on computing in the global information technology challanges ICCGI 2007, IEEE, Guadeloupe, French Caribbean, pp 55–55
Carp A, Soare A, Rughiniş R (2010) Practical analysis of ipv6 security auditing methods. In: Presented at the 9th RoEduNet IEEE international conference, IEEE, Lucian Blaga University of Sibiu, Sibiu, Romania, pp 36–41
Lin Z-W, Wang L-H, Ma Y (2006) Possible attacks based on ipv6 features and its detection. In: Asia-Pacific Advanced Network (APAN) 24th Meeting in Xi’An, China
Akamai (2015), State of the internet. www.stateoftheinternet.com. Accessed 2015
Barker K (2013) The security implications of ipv6. Netw Secur 2013:5–9. http://linkinghub.elsevier.com/retrieve/pii/S1353485813700680
Satrya GB, Chandra RL, Yulianto FA (2015) The detection of ddos flooding attack using hybrid analysis in ipv6 networks, In: Presented at the information and communication technology (ICoICT), 2015 3rd international conference on, IEEE, Denpasar, Indonesia, pp 240–244
Evans D (2011) The internet of things: how the next evolution of the internet is changing everything. http://www.cisco.com/c/dam/en_us/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf. Accessed 2015
Dobbins R (2016) Mirai iot botnet description and ddos attack mitigation. https://www.arbornetworks.com/blog/asert/mirai-iot-botnet-description-ddos-attack-mitigation/. Accessed 2016
Security KO (2016) Did the mirai botnet really take liberia offline? https://krebsonsecurity.com/2016/11/did-the-mirai-botnet-really-take-liberia-offline/.Last. Accessed 2016
Security KO (2016) The democratization of censorship. https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/#more-36451.Last. Accessed 2016
Thomson S (1998) Ipv6 stateless address autoconfiguration. https://tools.ietf.org/html/rfc2462. Accessed 2016
Narten T, Simpson WA, Nordmark E, Soliman H (2007) Neighbor discovery for ip version 6 (ipv6). Request for Comments 4861. https://tools.ietf.org/html/rfc4861.Last. Accessed Dec 2015
Weber J, Wegener C, Schwenk J (2013) Ipv6 security test laboratory. Master dissertation, Department of Network and Data Security, Ruhr-University Bochum, Germany
Elejla OE, Belaton B, Anbar M, Alnajjar A (2016) A reference dataset for icmpv6 flooding attacks. J Eng Appl Sci 11(3):476–481
Raghavan S, Dawson E (2011) An investigation into the detection and mitigation of denial of service (dos) attacks: critical information infrastructure protection. Springer, New York
Hogg S, Vyncke E (2008) Ipv6 security: Protection measures for the next internet protocol. Pearson Education, London
Kim J-W, Cho H-H, Mun G-J, Seo J-H, Noh B-N, Kim Y-M (2007) Experiments and countermeasures of security vulnerabilities on next generation network. In: Presented at the future generation communication and networking (FGCN 2007), IEEE, Jeju-Island, Korea, pp 559–564
Ard JB (2012) Internet protocol version six (ipv6) at uc davis: traffic analysis with a security perspective. University of California, Davis
Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya D, Kalita JK (2014) Network attacks: taxonomy, tools and systems. J Netw Comput Appl 40:307–324
Saad RM, Anbar M, Manickam S, Alomari E (2016) An intelligent icmpv6 ddos flooding-attack detection framework (v6iids) using back-propagation neural network. IETE Tech Rev 33(3):1–12
Saad R, Manickam S, Alomari E, Anbar M, Singh P (2014) Design & deployment of testbed based on icmpv6 flooding attack. J Theor Appl Inf Technol 64(3):795–801
Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (idps). NIST Spec Publ 800(2007):94
Elejla OE, Jantan AB, Ahmed AA (2014) Three layers approach for network scanning detection. J Theor Appl Inf Technol 70(2):251–264
Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36(1):16–24
Roesch M (1999) Snort: Lightweight intrusion detection for networks. In: Presented at the 13th USENIX conference on system administration, Seattle, Washington, pp 229–238
Schütte M (2011) Design and implementation of an ipv6 plugin for the snort intrusion detection system. https://mschuette.name/files/uni/110922-Diplomvortrag-SnortIPv6.pdf. Accessed 2016
Schütte M (2014) The ipv6 snort plugin. https://www.snort.org/.Last. Accessed March 2015
Atlasis A, Rey E (2015) Evasion of high-end ips devices in the age of ipv6. In: Presented at the BlackHat EU, Amsterdam
Gehrke KA (2012) The unexplored impact of ipv6 on intrusion detection systems. Master dissertation, Department of Computer Science Monterey, California, Naval Postgraduate School
Paxson V (1999) Bro: a system for detecting network intruders in real-time. Comput Netw 31(23):2435–2463
Moya MAC (2008) Analysis and evaluation of the snort and bro network intrusion detection systems. Master Universidad Pontificia Comillas, Madrid
Sommer R, Paxson V (2003) Enhancing byte-level network intrusion detection signatures with context. In: Presented at the proceedings of the 10th ACM conference on Computer and communications security, ACM, Washington, DC, USA, pp 262–271
Rietz R, Vogel M, Schuster F, König H (2014) Parallelization of network intrusion detection systems under attack conditions. In: Detection of intrusions and malware, and vulnerability assessment, Springer, pp 172–191
Pihelgas M (2012)A comparative analysis of opensource intrusion detection systems. Master dissertation, Department of Computer Science TALLINN UNIVERSITY OF TECHNOLOGY
Manninen M (2002) Using artificial intelligence in intrusion detection systems. Helsinki University of Technology, Espoo, p 13
Beck F, Cholez T, Festor O, Chrisment I (2007) Monitoring the neighbor discovery protocol. In: Presented at the second international workshop on IPv6 today-technology and deployment-IPv6TD 2007
Lecigne C (2006) Ndpwatch—ethernet/ipv6 address pairings monitor. http://ndpwatch.sourceforge.net/. Accessed 2016
Morse J (2016) Router advert monitoring daemon. http://ramond.sourceforge.net. Accessed 2016
K. Project (2007) Rafixd. http://www.kame.net/. Accessed 2016
Gont F (2014) Implementation advice for ipv6 router advertisement guard (ra-guard). https://tools.ietf.org/html/rfc7113. Accessed 2016
Barbhuiya FA, Biswas S, Nandi S (2011) Detection of neighbor solicitation and advertisement spoofing in ipv6 neighbor discovery protocol. In: Presented at the Proceedings of the 4th international conference on security of information and networks, ACM, Macquarie University, Sydney, Australia, pp 111–118
Praptodiyono S, Hasbullah IH, Anbar M, Murugesan RK, Osman A (2015) Improvement of address resolution security in ipv6 local network using trust-nd. TELKOMNIKA Indones J Electr Eng 13(1):195–202
Bansal G, Kumar N, Nandi S, Biswas S (2012) Detection of ndp based attacks using mld. In: Presented at the proceedings of the fifth international conference on security of information and networks, ACM, Malaviya National Institute of Technology, Jaipur, India, pp 163–167
Deering S, Fenner W, Haberman B (1999) Multicast listener discovery (mld) for ipv6. Request for Comments 2710. https://tools.ietf.org/html/rfc2710.Last. Accessed 2016
Aleesa AM, Hassan R, Kamal SUM (2016) A rule-based technique to detect router advertisement flooding attack against biobizz web application. Adv Sci Lett 22(8):1887–1891
Patcha A, Park J-M (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470
Yao L, Zhitang L, Shuyu L (2006) A fuzzy anomaly detection algorithm for ipv6. In: Presented at the semantics, knowledge and grid, 2006. Second International Conference on SKG’06. IEEE, United States, p 67
Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. Adv Inf Secur Assur 5576:608–618
Saad RM, Almomani A, Altaher A, Gupta B, Manickam S (2014) Icmpv6 flood attack detection using denfis algorithms. Indian J Sci Technol 7(2):168–173
Zulkiflee MA, Ahmad MS, Sahib S, Ghani MA (2015) A framework of features selection for ipv6 network attacks detection. WSEAS Trans Commun 14(46):399–408
Salih A, Ma X, Peytchev E (2015) Detection and classification of covert channels in ipv6 using enhanced machine learning. In: Presented at the international conference on computer technology and information systems. ICCTIS DUBAI, UAE
Liu Z, Lai Y (2009) A data mining framework for building intrusion detection models based on ipv6. In: Presented at the advances in information security and assurance, Seoul, Korea, Springer, 2009, Seoul, Korea, pp 608–618
Zulkiflee M, Haniza N, Shahrin S, Ghani M (2014) A framework of ipv6 network attack dataset construction by using testbed environment. Int Rev Comput Softw (IRECOS) 9(8):1434–1441
O. I. S. Foundation (2010) Suricata intrusion detection system. http://suricata-ids.org/. Accessed 2015
Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821
Hu W, Liao Y, Vemuri VR (2003) Robust anomaly detection using support vector machines. In: Presented at the international conference on machine learning. Washington, DC, USA, pp 282–289
Sung AH, Mukkamala S (2003) Identifying important features for intrusion detection using support vector machines and neural networks. In: Presented at the applications and the internet, 2003. Proceedings. 2003 Symposium on, IEEE, pp 209–216
Acknowledgements
This research was supported by the Short Term Research Grant, Universiti Sains Malaysia (USM) No: 304/PNAV/6313272.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that there is no conflict of interest regarding the publication of this paper.
Rights and permissions
About this article
Cite this article
Elejla, O.E., Belaton, B., Anbar, M. et al. Intrusion Detection Systems of ICMPv6-based DDoS attacks. Neural Comput & Applic 30, 45–56 (2018). https://doi.org/10.1007/s00521-016-2812-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-016-2812-8