Overview of IPv6 Based DDoS and DoS Attacks Detection Mechanisms

  • Abdullah Ahmed BahashwanEmail author
  • Mohammed AnbarEmail author
  • Sabri M. Hanshi
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1132)


In recent years, the number of Internet users and devices are rapidly increased. For this reason, the Internet Assigned Number Authority (IANA) launched a new protocol called Internet Protocol version six (IPv6) next generation. The IPv6 provides new features that fit the internet revolution. IPv6 is equipped with new protocols such as Neighbor Discovery Protocol (NDP) and Internet Control Messages protocol version six (ICMPv6). In fact, ICMPv6 is considered as the backbone of the IPv6 protocol since it is responsible for many key functions like the NDP process. In addition, the NDP protocol is a stateless protocol that gives the lack of authentication to NDP messages, which is vulnerable to many types of attacks such as Distributed Denial of Services (DDoS) and Denial of Services (DoS) flooding attacks. In this type of attacks, the attacker sends an enormous volume of abnormal traffic to increase network congestion and break down the network. Under those circumstances, the first line of defense in a network has been supplemented by additional devices and tools that supervise the network activities and monitor the network traffic behaviors as well as to stop unauthorized intrusions. Overall, the aim of this review paper is to give pure thoughts about the IPv6 features and the most important related protocols like ICMPv6 protocol and NDP protocol. Also, this article discusses DDoS and DoS attack based on ICMPv6 protocol. Likewise, this article gives a comprehensive review of the IPv6 Intrusion Detection Systems based on DDoS & DoS attacks with their features and security limitations.


IPv6 ICMPv6 NDP ICMPv6 based DDoS & DoS utilization IDS 



The authors would like to thank Hadhramout Establishment For Human Development. Yemen-Hadramout-Mukalla for finalacial support of this research work.


  1. 1.
    Zulkiflee, M., Azmi, M., Ahmad, S., Sahib, S., Ghani, M.: A framework of features selection for ipv6 network attacks detection. WSEAS Trans. Commun. 14(46), 399–408 (2015)Google Scholar
  2. 2.
    Mali, P., Phadke, R., Rao, J., Sanghvi, R.: Mitigating IPv6 Vulnerabilities (2015)Google Scholar
  3. 3.
    Deering, S., Hinden, R.: Internet protocol, version 6 (IPv6) specification (No. RFC 8200) (2017)Google Scholar
  4. 4.
    Mun, Y., Lee, H.K.: Understanding IPv6. Springer, Heidelberg (2005). Scholar
  5. 5.
    Saad, R.M., Anbar, M., Manickam, S., Alomari, E.: An intelligent ICMPv6 DDoS flooding-attack detection framework (V6IIDS) using back-propagation neural network. IETE Tech. Rev. 33(3), 244–255 (2016)CrossRefGoogle Scholar
  6. 6.
    Radhakrishnan, R., Jamil, M., Mehfuz, S., Moinuddin, M.: Security issues in IPv6. In: International Conference on Networking and Services (ICNS 2007), pp. 110–110. IEEE (2007)Google Scholar
  7. 7.
    Tian, J., Li, Z.: The next generation Internet protocol and its test. In: ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No. 01CH37240), Vol. 1, pp. 210–215. IEEE (2001)Google Scholar
  8. 8.
    Conta, A., Gupta, M.: Internet control message protocol (ICMPv6) for the internet protocol version 6 (IPv6) specification (2006)Google Scholar
  9. 9.
    Najjar, F., Kadhum, M.M.: Reliable behavioral dataset for IPv6 neighbor discovery protocol investigation. In: 2015 5th International Conference on IT Convergence and Security (ICITCS), pp. 1–5. IEEE (2015)Google Scholar
  10. 10.
    Arjuman, N.C., Manickam, S.: A review on ICMPv6 vulnerabilities and its mitigation techniques: classification and art. In: 2015 International Conference on Computer, Communications, and Control Technology (I4CT), pp. 323–327. IEEE (2015)Google Scholar
  11. 11.
    Osman, A.: Improvement of Address Resolution Security in IPv6 Local Network using Trust-ND (2015)Google Scholar
  12. 12.
    Anbar, M., Abdullah, R., Saad, R., Hasbullah, I.H.: Review of preventive security mechanisms for neighbour discovery protocol. Adv. Sci. Lett. 23(11), 11306–11310 (2017)CrossRefGoogle Scholar
  13. 13.
    Alsadhan, A.A., Hussain, A., Baker, T., Alfandi, O.: Detecting distributed denial of service attacks in neighbour discovery protocol using machine learning algorithm based on streams representation. In: Huang, D.S., Gromiha, M., Han, K., Hussain, A. (eds.) Intelligent Computing Methodologies, vol. 10956, pp. 551–563. Springer, Cham (2018). Scholar
  14. 14.
    Zhang, T., Wang, Z.: Research on IPv6 neighbor discovery protocol (NDP) security. In: 2016 2nd IEEE International Conference on Computer and Communications (ICCC), pp. 2032–2035. IEEE (2016)Google Scholar
  15. 15.
    Saad, R.M., Anbar, M., Manickam, S.: Rule-based detection technique for ICMPv6 anomalous behaviour. Neural Comput. Appl. 30(12), 3815–3824 (2018)CrossRefGoogle Scholar
  16. 16.
    Saad, R., Manickam, S., Alomari, E., Anbar, M., Singh, P.: Design & deployment of testbed based on ICMPv6 flooding attack. J. Theoret. Appl. Inf. Technol. 64(3), 795–801 (2014)Google Scholar
  17. 17.
    Mowla, N.I., Doh, I., Chae, K.: Multi-defense mechanism against DDoS in SDN based CDNi. In: 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 447–451. IEEE (2014)Google Scholar
  18. 18.
    Elejla, O.E., Anbar, M., Belaton, B.: ICMPv6-based DoS and DDoS attacks and defense mechanisms. IETE Tech. Rev. 34(4), 390–407 (2017)CrossRefGoogle Scholar
  19. 19.
    Anbar, M., Abdullah, R., Al-Tamimi, B.N., Hussain, A.: A machine learning approach to detect router advertisement flooding attacks in next-generation IPv6 networks. Cogn. Comput. 10(2), 201–214 (2018)CrossRefGoogle Scholar
  20. 20.
    Elejla, O.E., Belaton, B., Anbar, M., Smadi, I.M.: A new set of features for detecting router advertisement flooding attacks. In: 2017 Palestinian International Conference on Information and Communication Technology (PICICT), pp. 1–5. IEEE (2017)Google Scholar
  21. 21.
    Anbar, M., Abdullah, R., Hasbullah, I.H., Chong, Y.W., Elejla, O.E.: Comparative performance analysis of classification algorithms for intrusion detection system. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 282–288. IEEE (2016)Google Scholar
  22. 22.
    Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Dendron: genetic trees driven rule induction for network intrusion detection systems. Future Gener. Comput. Syst. 79, 558–574 (2018)CrossRefGoogle Scholar
  23. 23.
    Jyothsna, V.V.R.P.V., Prasad, V.R., Prasad, K.M.: A review of anomaly based intrusion detection systems. Int. J. Comput. Appl. 28(7), 26–35 (2011)Google Scholar
  24. 24.
    Moore, N.: Optimistic duplicate address detection (DAD) for IPv6 (No. RFC 4429) (2006)Google Scholar
  25. 25.
    Uddin, M., Rahman, A.A., Uddin, N., Memon, J., Alsaqour, R.A., Kazi, S.: Signature-based Multi-layer distributed intrusion detection system using mobile agents. IJ Netw. Secur. 15(2), 97–105 (2013)Google Scholar
  26. 26.
    Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)CrossRefGoogle Scholar
  27. 27.
    Roesch, M.: Snort: lightweight intrusion detection for networks. In: Lisa, vol. 99, no. 1, pp. 229–238 (1999)Google Scholar
  28. 28.
    Suricata: Suricata—Open Source IDS/IPS/NSM engine. Accessed 02 Apr 2019
  29. 29.
    Gehrke, K.A.: The unexplored impact of ipv6 on intrusion detection systems. Naval Postgraduate School, Monterey, CA, Department of Computer Science (2012)Google Scholar
  30. 30.
    Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)CrossRefGoogle Scholar
  31. 31.
    Aydın, M.A., Zaim, A.H., Ceylan, K.G.: A hybrid intrusion detection system design for computer network security. Comput. Electr. Eng. 35(3), 517–526 (2009)CrossRefGoogle Scholar
  32. 32.
    Beck, F., Cholez, T., Festor, O., Chrisment, I.: Monitoring the neighbor discovery protocol. In: 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI 2007), pp. 57–57. IEEE (2007)Google Scholar
  33. 33.
    Lecigne, C.: Ndpwatch, Ethernet/IPv6 address pairings monitor. Accessed 19 Apr 2018
  34. 34.
    Morse, J.: Router Advert MONitoring Daemon. Accessed 19 Apr 2018
  35. 35.
    Elejla, O.E., Belaton, B., Anbar, M., Alnajjar, A.: Intrusion detection systems of ICMPv6-based DDoS attacks. Neural Comput. Appl. 30(1), 45–56 (2018)CrossRefGoogle Scholar
  36. 36.
    Barbhuiya, F.A., Biswas, S., Nandi, S.: Detection of neighbor solicitation and advertisement spoofing in IPv6 neighbor discovery protocol. In: Proceedings of the 4th International Conference on Security of Information and Networks, pp. 111–118. ACM (2011)Google Scholar
  37. 37.
    Bansal, G., Kumar, N., Nandi, S., Biswas, S.: Detection of NDP based attacks using MLD. In: Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 163–167. ACM (2012)Google Scholar
  38. 38.
    Saad, R.M., Almomani, A., Altaher, A., Gupta, B.B., Manickam, S.: ICMPv6 flood attack detection using DENFIS algorithms. Indian J. Sci. Technol. 7(2), 168 (2014)Google Scholar
  39. 39.
    Saad, R.M.A.: ICMPv6 echo request DDoS attack detection framework using back-propagation neural network, Doctoral dissertation, Universiti Sains Malaysia (2016)Google Scholar
  40. 40.
    Liu, Z., Lai, Y.: A data mining framework for building intrusion detection models based on IPv6. In: Park, J.H., Chen, H.H., Atiquzzaman, M., Lee, C., Kim, T., Yeo, S.S. (eds.) ISA 2009. LNCS, vol. 5576, pp. 608–618. Springer, Heidelberg (2009). Scholar
  41. 41.
    Umer, M.F., Sher, M., Bi, Y.: Flow-based intrusion detection: techniques and challenges. Comput. Secur. 70, 238–254 (2017)CrossRefGoogle Scholar
  42. 42.
    David, J., Thomas, C.: DDoS attack detection using fast entropy approach on flow-based network traffic. Procedia Comput. Sci. 50, 30–36 (2015)CrossRefGoogle Scholar
  43. 43.
    Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against SDN controllers. In: 2015 International Conference on Computing, Networking and Communications (ICNC), pp. 77–81. IEEE (2015)Google Scholar
  44. 44.
    Özçelik, İ., Brooks, R.R.: Cusum-entropy: an efficient method for DDoS attack detection. In: 2016 4th International Istanbul Smart Grid Congress and Fair (ICSG), pp. 1–5. IEEE (2016)Google Scholar
  45. 45.
    Shah, S.B.I., Anbar, M., Al-Ani, A., Al-Ani, A.K.: Hybridizing entropy based mechanism with adaptive threshold algorithm to detect RA flooding attack in IPv6 networks. In: Alfred, R., Lim, Y., Ibrahim, A., Anthony, P. (eds.) Computational Science and Technology, vol. 481, pp. 315–323. Springer, Singapore (2019). Scholar
  46. 46.
    Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018)CrossRefGoogle Scholar
  47. 47.
    Karatas, G., Demir, O., Sahingoz, O.K.: Deep learning in intrusion detection systems. In: 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), pp. 113–116. IEEE, December 2018Google Scholar
  48. 48.
    Javaid, A., Niyaz, Q., Sun, W., Alam, M.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-Inspired Information and Communications Technologies (formerly BIONETICS), pp. 21–26. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2016)Google Scholar
  49. 49.
    Van, N.T., Thinh, T.N., Sach, L.T.: An anomaly-based network intrusion detection system using deep learning. In: 2017 International Conference on System Science and Engineering (ICSSE), pp. 210–214. IEEE (2017)Google Scholar
  50. 50.
    Gurung, S., Ghose, M.K., Subedi, A.: Deep learning approach on network intrusion detection system using NSL-KDD dataset. Int. J. Comput. Netw. Inf. Secur. 11(3), 8 (2019)Google Scholar
  51. 51.
    AlSa’deh, A., Meinel, C.: Secure neighbor discovery: review, challenges, perspectives, and recommendations. IEEE Secur. Priv. 10(4), 26–34 (2012)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2020

Authors and Affiliations

  1. 1.National Advanced IPv6 Centre (NAv6)Universiti Sains Malaysia (USM)GelugorMalaysia
  2. 2.Seiyun Community CollegeHadhramautYemen

Personalised recommendations