Abstract
The rapid growth of the Internet in the past few years has revealed the limitation of address space in the current Internet Protocol (IP), namely IPv4. Essentially, the increasing demand and consumption of IP addresses have led to the anticipated exhaustion of IPv4 addresses. In order to address this concern, the Internet Protocol version 6 (IPv6) has been developed to provide a sufficient address space. IPv6 is shipped with a new protocol, namely, the neighbour discovery protocol (NDP) which has vulnerabilities that can be used by attackers to launch attacks on IPv6 networks. Such vulnerabilities include the lack of exchange message authentication of NDP. Attacks targeting ICMPv6 protocol display ICMPv6 anomalies. As such, this paper proposes a rule-based technique for detecting ICMPv6 anomalous behaviours that negatively affect the network performance. The effectiveness of this technique is demonstrated by using substantial datasets obtained from the National Advance IPv6 Centre of Excellence (NAv6) laboratory. The experimental results have proved that the proposed technique is capable of detecting ICMPv6 anomalous behaviour s with a detection accuracy rate of 92%.
Similar content being viewed by others
References
El-Bakry HM, Mastorakis N (2008) A real-time intrusion detection algorithm for network security. WSEAS Transactions on Communications 7:1222–1228
Zeng Z (2010) Intrusion detection system of ipv6 based on protocol analysis. In Multimedia Technology (ICMT), 2010 International Conference on 1–4
Saad RM, Ramadass S, Manickam S (2013) A study on detecting ICMPv6 flooding attack based on IDS. Aust J Basic Appl Sci 7:175–181
S TechCenter (2013, 20 Sep.). Microsoft Security Bulletin Summary for August 2013. Available: https://technet.microsoft.com/en-us/library/security/ms13-aug.aspx
Frankel S and S Krishnan IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071 February 2011
Black D and Koning P Securing Block Storage Protocols over IP: RFC 3723 Requirements Update for IPsec v3. RFC 7146 April2014
Jara AJ, Fernandez D, Lopez P, Zamora MA, Skarmeta AF (2014) Lightweight MIPv6 with IPSec support. Mob Inf Syst 10:37–77
Rantos K, Papanikolaou A and Manifavas C (2013) IPsec over IEEE 802.15. 4 for low power and lossy networks. In Proceedings of the 11th ACM international symposium on Mobility management and wireless access 59–64
AlSa'deh A, Meinel C (2012) Secure neighbor discovery: review, challenges, perspectives, and recommendations. Security & Privacy IEEE 10:26–34
Gaeil A, Kiyoung K, Jongsoo J, and Yonghee J (2007) Analysis of SEND Protocol through Implementation and Simulation. In Convergence Information Technology. International Conference on 670–676
Nikander EP, Kempf J, and Nordmark E IPv6 Neighbor Discovery (ND) Trust Models and Threats. Internet Engineering Task Force2004
Saad RMA, Anbar M, Manickam S, Alomari E (2016) An intelligent ICMPv6 DDoS flooding-attack detection framework (v6IIDS) using back-propagation neural network. IETE Tech Rev 33:244–255
Rafiee H, Alsa'deh A, and Meinel C (2012) Multicore-based auto-scaling SEcure Neighbor Discovery for Windows operating systems. In Information Networking (ICOIN), International Conference on 269–274
Patcha A, Park J-M (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51:3448–3470
Roesch M (2014) Snort, intrusion detection system
Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Computers & Security 28:18–28
Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10:1–35
Jyothsna V, Prasad VR, Prasad KM (2011) A review of anomaly based intrusion detection systems. International Journal of Computer Applications 28:26–35
Abouabdalla O, El-Taj H, Manasrah A, and Ramadass S (2009) False positive reduction in intrusion detection system: A survey. In Broadband Network & Multimedia Technology. IC-BNMT'09. 2nd IEEE International Conference on, 2009 463–466
Mitra A, Najjar W, and Bhuyan L (2007) Compiling pcre to fpga for accelerating Snort IDS. In Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems 127–136
Ektefa M, Memar S, Sidi F, and Affendey LS (2010) Intrusion detection using data mining techniques. In Information Retrieval & Knowledge Management, (CAMP), International Conference on 2010 200–203
McAfee Denial-of-Service (DoS) Prevention Techniques (2013) McAfee, Inc. Network Security Platfor
Das D, Sharma U, and Bhattacharyya D (2011) Detection of HTTP flooding attacks in multiple scenarios. In Proceedings of the 2011 International Conference on Communication, Computing & Security 517–522
Raghavan S and Dawson E (2011) An Investigation Into the Detection and Mitigation of Denial of Service (DoS) Attacks: Critical Information Infrastructure Protection: Springer Science & Business Media
THC (2015) THC-IPv6 Attack Toolkit. Available: https://www.thc.org/thc-ipv6/
Saad RM, Manickam S, AlomariI E, Anbar M, and Singh P (2014) Design & deployment of testbed based on icmpv6 flooding attack. Journal of Theoretical & Applied Information Technology 64
Tang H, Cao Z (2009) Machine learning-based intrusion detection algorithms. Journal of Computational Information Systems 5:1825–1831
Osareh A, Shadgar B (2008) Intrusion detection in computer networks based on machine learning algorithms. Int J Comput Sci Netw Secur (IJCSNS) 8:15–23
Acknowledgements
This research is supported by Short Term Research Grant, Universiti Sains Malaysia (USM) No: 304/PNAV/6313272.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Rights and permissions
About this article
Cite this article
Saad, R.M.A., Anbar, M. & Manickam, S. Rule-based detection technique for ICMPv6 anomalous behaviour. Neural Comput & Applic 30, 3815–3824 (2018). https://doi.org/10.1007/s00521-017-2967-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-017-2967-y