Internet Protocol Version 6 (IPv6) Protocol Security Assessment

Martin, Cynthia; Dunn, Jeffrey H.

doi:10.1109/milcom.2007.4455200

Cited by 7 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Failure of DAD and NUD processes: A malicious router can falsely respond to the DAD requests and prevent a new node from joining the link. Thus a router will respond to a false NUD (Neighbor Unreachability Detection [9].…”

Section: Iva3 Auto Configurationmentioning

confidence: 99%

Evaluating the performance of IPv6 with IPv4 and its distributed security policy

Vineeth¹,

Rejimoan²

2013

2013 Ieee Conference on Information and Communication Technologies

View full text Add to dashboard Cite

Internet Protocol version 6 (IPv6) is a new generation protocol that is designed to solve the issues which arises in IPv4. The introduction of IPv6 may pose additional security risks and give potential vulnerabilities in addition to those which are provided by IPv4. This paper analyzes the security vulnerabilities exist, network security improvements and implementation, and the distributed security policy in the IPv6. Hence, several security policies should be created to maintain the security for both IPv4 and IPv6.

show abstract

Section: Iva3 Auto Configurationmentioning

confidence: 99%

Evaluating the performance of IPv6 with IPv4 and its distributed security policy

Vineeth¹,

Rejimoan²

2013

2013 Ieee Conference on Information and Communication Technologies

View full text Add to dashboard Cite

show abstract

“…ICMPv6 detects faults discovered when processing packets [11,12] and performs additional internet-layer functions such as diagnostics. ICMPv6 has two sorts of messages: error notification and information notification, which are used in router advertisement and neighbour solicitation [2] processes that define relationships between neighbouring nodes by using type and code fields to distinguish services, both of which are susceptible to denial-of-service (DoS), Man-in-the-Middle (MITM), and spoofing attacks [13,14]. Fields with empty values in ICMPv6 packets can be used in the future [15].…”

Section: Introductionmentioning

confidence: 99%

Labelled Dataset on Distributed Denial-of-Service (DDoS) Attacks Based on Internet Control Message Protocol Version 6 (ICMPv6)

Manickam

AIghuraibawi

Abdullah

et al. 2022

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

The most dangerous attack against IPv6 networks today is a distributed denial-of-service (DDoS) attack using Internet Control Message Protocol version 6 (ICMPv6) messages. Many ICMPv6-DDoS attack detection mechanisms rely on self-created datasets because very few suitable ICMPv6-DDoS attack datasets are publicly available due to privacy and security concerns. When implemented in a real network, however, a detection system that relies on a dataset with incorrect packet or flow representation and contains unqualified features generates a large number of false alerts. The goal of this work is to create a comprehensive ICMPv6-DDoS attack dataset that can be used for tuning, benchmarking, and evaluating any detection systems designed to detect ICMPv6-DDoS attacks. The proposed datasets met the criteria for a good dataset, ensuring their usefulness to other researchers. A GNS3 network simulation tool is used to simulate an IPv6 network and generate ICMPv6 traffic for the dataset. The generated traffic contains both normal and abnormal ICMPv6 traffic, with the abnormal traffic containing ten different ICMPv6-DDoS attacks based on RA and NS message flooding. Five classifiers were chosen, varying in terms of type, classification performance, and the number of features used, and the results were as follows: decision tree 80%, support vector machine 78%, naïve Bayes 80%, k -nearest neighbours 81%, and neural networks 81%. The proposed dataset has been shown to accurately represent attack traffic in tests, with a high detection accuracy and a low false-positive rate.

show abstract

“…Moreover, every node implement-ing IPv6 must support six extension headers such as Hopby-Hop Options, Routing, Fragment, Destination Options, Authentication Header (AH), and Encapsulating Security Payload (ESP). This feature is vulnerable to DoS as by flooding of intentionally syntactically or semantically incorrect extensions invoke the ICMPv6 "Parameter Problem" message (ICMPv6 message type value 4) and may consume the target's resources [27].…”

Section: Introductionmentioning

confidence: 99%

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

2020

View full text Add to dashboard Cite

Although the launch of Internet Protocol version six (IPv6) addressed the issue of IPv4's address depletion, but also mandated the use of Internet Control Message Protocol version six (ICMPv6) messages in newly introduced features such as the Neighbor Discovery Protocol (NDP). This has exacerbated existing network attacks including ICMPv6-based Denial of Service (DoS) attacks and its variant form Distributed Denial of Service (DDoS) attack. Intrusion Detection Systems (IDS) aimed at tackling security issues raised by ICMPv6-based DoS and DDoS attacks have been reviewed by researchers and a general classification of existing IDSs was proposed as anomaly-based and signature-based. However, it is incredibly hard to see the overall picture of IDSs based on Machine Learning (ML) techniques with such a classification, as there is a lack of a more detailed view of the ML approach, classifiers, feature selection techniques, datasets, and different evaluation metrics. Nevertheless, recent developments in this relatively new field have not been covered such as ML-based IDSs using flow-based traffic representation. Therefore, this paper specifically reviews and classifies IDSs based on ML techniques to detect ICMPv6-based DoS and DDoS attacks as single and hybrid classifiers. In addition, blockchain applicability in Collaborative IDS (CIDS) architecture based on the ensemble framework has been proposed as a solution to one of the open challenges for ICMPv6-based DoS and DDoS attacks detection problem. Moreover, this review also provides a classification of ICMPv6 vulnerabilities to DoS and DDoS attacks which would provide a reference resource for future researchers in this domain. To the best of the author's knowledge, this is the first review paper specifically focusing on IDSs based on ML techniques in this domain, as well as blockchain applicability as a possible research direction has been proposed to attract researcher's focus on building ensemble learning-based IDS models.

show abstract

Internet Protocol Version 6 (IPv6) Protocol Security Assessment

Cited by 7 publications

References 0 publications

Evaluating the performance of IPv6 with IPv4 and its distributed security policy

Evaluating the performance of IPv6 with IPv4 and its distributed security policy

Labelled Dataset on Distributed Denial-of-Service (DDoS) Attacks Based on Internet Control Message Protocol Version 6 (ICMPv6)

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

Contact Info

Product

Resources

About