Intrusion Detection Systems of ICMPv6-based DDoS attacks

Elejla, Omar E.; Belaton, Bahari; Anbar, Mohammed; ALnajjar, Ahmad

doi:10.1007/s00521-016-2812-8

Cited by 29 publications

(29 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Moreover, considering the importance of DoS and DDoS threats using ICMPv6 messages in the IPv6 network, several other classifications have been proposed by researchers such as [6], [7], and [8]. Based on the ML approaches, existing ML-based IDS models can be categorized into two classes as single or hybrid for the detection of ICMPv6-based DoS and DDoS attacks.…”

Section: Existing Ml-based Ids Models Detecting Icmpv6-based Dos mentioning

confidence: 99%

“…In literature, existing reviews on proposed IDSs for ICMPv6-based DoS and DDoS attacks detection problem has either focused on general defensive mechanisms (detection and prevention) or intrusion detection systems built on signature or anomaly-based detection approaches, as reviewed by Elejla et al [6], [7], and Bdair et al [8]. In general, Anomaly-based Detection (AD) builds a benign profile of network behavior by observing normal events in the network and any deviation produces an alert as a possible intrusion.…”

Section: Introductionmentioning

confidence: 99%

“…As in [6] and [7], the focus of the reviews was on the classification of exploitation methods used to perform ICMPv6based DoS and DDoS attacks. In addition to this, the authors proposed a taxonomy of the existing IDSs based on SD and AD approaches.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

2020

Self Cite

View full text Add to dashboard Cite

Although the launch of Internet Protocol version six (IPv6) addressed the issue of IPv4's address depletion, but also mandated the use of Internet Control Message Protocol version six (ICMPv6) messages in newly introduced features such as the Neighbor Discovery Protocol (NDP). This has exacerbated existing network attacks including ICMPv6-based Denial of Service (DoS) attacks and its variant form Distributed Denial of Service (DDoS) attack. Intrusion Detection Systems (IDS) aimed at tackling security issues raised by ICMPv6-based DoS and DDoS attacks have been reviewed by researchers and a general classification of existing IDSs was proposed as anomaly-based and signature-based. However, it is incredibly hard to see the overall picture of IDSs based on Machine Learning (ML) techniques with such a classification, as there is a lack of a more detailed view of the ML approach, classifiers, feature selection techniques, datasets, and different evaluation metrics. Nevertheless, recent developments in this relatively new field have not been covered such as ML-based IDSs using flow-based traffic representation. Therefore, this paper specifically reviews and classifies IDSs based on ML techniques to detect ICMPv6-based DoS and DDoS attacks as single and hybrid classifiers. In addition, blockchain applicability in Collaborative IDS (CIDS) architecture based on the ensemble framework has been proposed as a solution to one of the open challenges for ICMPv6-based DoS and DDoS attacks detection problem. Moreover, this review also provides a classification of ICMPv6 vulnerabilities to DoS and DDoS attacks which would provide a reference resource for future researchers in this domain. To the best of the author's knowledge, this is the first review paper specifically focusing on IDSs based on ML techniques in this domain, as well as blockchain applicability as a possible research direction has been proposed to attract researcher's focus on building ensemble learning-based IDS models.

show abstract

Section: Existing Ml-based Ids Models Detecting Icmpv6-based Dos mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…Elejila et al, in 2016 examined intrusion detection systems designed to thwart ICMPv6-based DDoS attacks. [22]. In this work, they considered existing vulnerabilities in ICMPv6 and how these could be exploited to launch DDoS attacks.…”

Section: Review Of Related Workmentioning

confidence: 99%

Locally weighted classifiers for detection of neighbor discovery protocol distributed denial‐of‐service and replayed attacks

Alsadhan

Hussain

Liatsis

et al. 2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…The attacker changes a captured message transmitted between two nodes. For instance, this attack could occur when Host B tries to communicate with Host A, where, to obtain the physical address of Host B, Host A transmits a Neighbour Solicitation message [17].…”

Section: ) Redirectmentioning

confidence: 99%

Denial of Service Attack over Secure Neighbor Discovery (SeND)

Ahmed¹,

Hassan²,

Othman³

2018

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.

show abstract

Intrusion Detection Systems of ICMPv6-based DDoS attacks

Cited by 29 publications

References 27 publications

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

Locally weighted classifiers for detection of neighbor discovery protocol distributed denial‐of‐service and replayed attacks

Denial of Service Attack over Secure Neighbor Discovery (SeND)

Contact Info

Product

Resources

About