Skip to main content
SpringerLink
Log in

Rule-based detection technique for ICMPv6 anomalous behaviour

  • Original Article
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

The rapid growth of the Internet in the past few years has revealed the limitation of address space in the current Internet Protocol (IP), namely IPv4. Essentially, the increasing demand and consumption of IP addresses have led to the anticipated exhaustion of IPv4 addresses. In order to address this concern, the Internet Protocol version 6 (IPv6) has been developed to provide a sufficient address space. IPv6 is shipped with a new protocol, namely, the neighbour discovery protocol (NDP) which has vulnerabilities that can be used by attackers to launch attacks on IPv6 networks. Such vulnerabilities include the lack of exchange message authentication of NDP. Attacks targeting ICMPv6 protocol display ICMPv6 anomalies. As such, this paper proposes a rule-based technique for detecting ICMPv6 anomalous behaviours that negatively affect the network performance. The effectiveness of this technique is demonstrated by using substantial datasets obtained from the National Advance IPv6 Centre of Excellence (NAv6) laboratory. The experimental results have proved that the proposed technique is capable of detecting ICMPv6 anomalous behaviour s with a detection accuracy rate of 92%.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

References

  1. El-Bakry HM, Mastorakis N (2008) A real-time intrusion detection algorithm for network security. WSEAS Transactions on Communications 7:1222–1228

    Google Scholar 

  2. Zeng Z (2010) Intrusion detection system of ipv6 based on protocol analysis. In Multimedia Technology (ICMT), 2010 International Conference on 1–4

  3. Saad RM, Ramadass S, Manickam S (2013) A study on detecting ICMPv6 flooding attack based on IDS. Aust J Basic Appl Sci 7:175–181

    Google Scholar 

  4. S TechCenter (2013, 20 Sep.). Microsoft Security Bulletin Summary for August 2013. Available: https://technet.microsoft.com/en-us/library/security/ms13-aug.aspx

  5. Frankel S and S Krishnan IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap. RFC 6071 February 2011

  6. Black D and Koning P Securing Block Storage Protocols over IP: RFC 3723 Requirements Update for IPsec v3. RFC 7146 April2014

  7. Jara AJ, Fernandez D, Lopez P, Zamora MA, Skarmeta AF (2014) Lightweight MIPv6 with IPSec support. Mob Inf Syst 10:37–77

    Google Scholar 

  8. Rantos K, Papanikolaou A and Manifavas C (2013) IPsec over IEEE 802.15. 4 for low power and lossy networks. In Proceedings of the 11th ACM international symposium on Mobility management and wireless access 59–64

  9. AlSa'deh A, Meinel C (2012) Secure neighbor discovery: review, challenges, perspectives, and recommendations. Security & Privacy IEEE 10:26–34

    Article  Google Scholar 

  10. Gaeil A, Kiyoung K, Jongsoo J, and Yonghee J (2007) Analysis of SEND Protocol through Implementation and Simulation. In Convergence Information Technology. International Conference on 670–676

  11. Nikander EP, Kempf J, and Nordmark E IPv6 Neighbor Discovery (ND) Trust Models and Threats. Internet Engineering Task Force2004

  12. Saad RMA, Anbar M, Manickam S, Alomari E (2016) An intelligent ICMPv6 DDoS flooding-attack detection framework (v6IIDS) using back-propagation neural network. IETE Tech Rev 33:244–255

    Article  Google Scholar 

  13. Rafiee H, Alsa'deh A, and Meinel C (2012) Multicore-based auto-scaling SEcure Neighbor Discovery for Windows operating systems. In Information Networking (ICOIN), International Conference on 269–274

  14. Patcha A, Park J-M (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51:3448–3470

    Article  Google Scholar 

  15. Roesch M (2014) Snort, intrusion detection system

  16. Garcia-Teodoro P, Diaz-Verdejo J, Maciá-Fernández G, Vázquez E (2009) Anomaly-based network intrusion detection: techniques, systems and challenges. Computers & Security 28:18–28

    Article  Google Scholar 

  17. Wu SX, Banzhaf W (2010) The use of computational intelligence in intrusion detection systems: a review. Appl Soft Comput 10:1–35

    Article  Google Scholar 

  18. Jyothsna V, Prasad VR, Prasad KM (2011) A review of anomaly based intrusion detection systems. International Journal of Computer Applications 28:26–35

    Article  Google Scholar 

  19. Abouabdalla O, El-Taj H, Manasrah A, and Ramadass S (2009) False positive reduction in intrusion detection system: A survey. In Broadband Network & Multimedia Technology. IC-BNMT'09. 2nd IEEE International Conference on, 2009 463–466

  20. Mitra A, Najjar W, and Bhuyan L (2007) Compiling pcre to fpga for accelerating Snort IDS. In Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems 127–136

  21. Ektefa M, Memar S, Sidi F, and Affendey LS (2010) Intrusion detection using data mining techniques. In Information Retrieval & Knowledge Management, (CAMP), International Conference on 2010 200–203

  22. McAfee Denial-of-Service (DoS) Prevention Techniques (2013) McAfee, Inc. Network Security Platfor

  23. Das D, Sharma U, and Bhattacharyya D (2011) Detection of HTTP flooding attacks in multiple scenarios. In Proceedings of the 2011 International Conference on Communication, Computing & Security 517–522

  24. Raghavan S and Dawson E (2011) An Investigation Into the Detection and Mitigation of Denial of Service (DoS) Attacks: Critical Information Infrastructure Protection: Springer Science & Business Media

  25. THC (2015) THC-IPv6 Attack Toolkit. Available: https://www.thc.org/thc-ipv6/

  26. Saad RM, Manickam S, AlomariI E, Anbar M, and Singh P (2014) Design & deployment of testbed based on icmpv6 flooding attack. Journal of Theoretical & Applied Information Technology 64

  27. Tang H, Cao Z (2009) Machine learning-based intrusion detection algorithms. Journal of Computational Information Systems 5:1825–1831

    Google Scholar 

  28. Osareh A, Shadgar B (2008) Intrusion detection in computer networks based on machine learning algorithms. Int J Comput Sci Netw Secur (IJCSNS) 8:15–23

    Google Scholar 

Download references

Acknowledgements

This research is supported by Short Term Research Grant, Universiti Sains Malaysia (USM) No: 304/PNAV/6313272.

Author information

Authors and Affiliations

  1. Faculty of Engineering and Architecture, Ibb University, Ibb, Yemen

    Redhwan M. A. Saad

  2. National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia (USM), Penang, Malaysia

    Redhwan M. A. Saad, Mohammed Anbar & Selvakumar Manickam

Authors
  1. Redhwan M. A. Saad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed Anbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Selvakumar Manickam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Redhwan M. A. Saad.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Saad, R.M.A., Anbar, M. & Manickam, S. Rule-based detection technique for ICMPv6 anomalous behaviour. Neural Comput & Applic 30, 3815–3824 (2018). https://doi.org/10.1007/s00521-017-2967-y

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-017-2967-y

Keywords

Search

Navigation