Detection of neighbor discovery protocol based attacks in IPv6 network

Barbhuiya, Ferdous Ahmed; Bansal, Gunjan; Kumar, Nitin; Biswas, Santosh; Nandi, Sukumar

doi:10.1007/s13119-013-0018-2

Cited by 32 publications

(22 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the other hand, active mechanisms [26,27] use probe packets for additional observations. Bansal [28] uses Multicast Listener Discovery (MLD) probing to reduce the traffic, while Kumar [29] proposed a host-based IDPS which verified any changes made on its neighbor cache by sending NS probes.…”

Section: Related Workmentioning

confidence: 99%

Detecting Neighbor Discovery Protocol-Based Flooding Attack Using Machine Learning Techniques

Najjar

Kadhum

El-Taj

2016

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

Neighbor Discovery Protocol (NDP) is stateless and lacks of authentication which exposes it to flooding attacks. Securing NDP is critical due to the large deployment of open network. Commonly existing solutions for securing NDP violate its design principle in terms of overhead and complexity. Other solutions suffer from high false positive alerts which affects solution trustiness. This paper aims to investigate the use of machine learning mechanism for detecting NDP flooding attacks. It was found that the advantage of using machine learning is that the detection can be done without relying on attack signatures they can learn broader definitions of attack attributes.

show abstract

Section: Related Workmentioning

confidence: 99%

Detecting Neighbor Discovery Protocol-Based Flooding Attack Using Machine Learning Techniques

Najjar

Kadhum

El-Taj

2016

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

show abstract

“…This mechanism detects the anomalies based on behavioral changes in the hosts (IP and MAC addresses). However, the drawback with behavior based detection mechanism is that if genuine changes takes places in the network it still considers them anomalies [12]. Since, this mechanism is unable to distinguish between the normal and abnormal traffic changes in IPv6 network.…”

Section: Existing Detection Mechanismsmentioning

confidence: 99%

“…In recent attempts, an Active detection mechanism [12] was proposed to detect the attacks against NDP Protocol. This proposed mechanism is probing based (IDS).…”

Section: Existing Detection Mechanismsmentioning

confidence: 99%

“…In addition to that, it claimed to be interoperable with major Operating Systems. Nevertheless, due to its probing nature increases CPU utilization and require larger bandwidth [12]. Thus, can raise the complexity issues during DAD process in IPv6 LLC.…”

Section: Existing Detection Mechanismsmentioning

confidence: 99%

“…WinSeND has same security issue like SeND mechanism. Apart from being platform dependent, it also requires regular patching [12]. Thus, due to these limitations WinSeND mechanism is not appropriate for securing DAD process in IPv6 LLC.…”

Section: Existing Mitigation Mechanismsmentioning

confidence: 99%

See 2 more Smart Citations