2,770 Hits in 3.5 sec

Flow-Based Detection of IPv6-specific Network Layer Attacks [chapter]

Luuk Hendriks, Petr Velan, Ricardo de O. Schmidt, Pieter-Tjerk de Boer, Aiko Pras
2017 Lecture Notes in Computer Science  
In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring.  ...  While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed.  ...  CZ.02.1.01/0.0/0.0/16 013/0001797 co-funded by the Ministry of Education, Youth and Sports of the Czech Republic and European Regional Development Fund, and the Ministry of the Interior of the Czech Republic  ... 
doi:10.1007/978-3-319-60774-0_11 fatcat:pxew6qt6b5h37f7l2dypec4fue

Characterizing the IPv6 Security Landscape by Large-Scale Measurements [chapter]

Luuk Hendriks, Anna Sperotto, Aiko Pras
2015 Lecture Notes in Computer Science  
The main research goal as described is to be achieved within the duration of four years, as parts of Ph.D. research.  ...  Extra consideration or adjustment of plans might be needed if these questions create legitimate limitations.  ...  If flow-level data is insufficient to perform accurate detection, e.g. because specific headers or payload are key in detecting the attack, packet-level input will be used.  ... 
doi:10.1007/978-3-319-20034-7_16 fatcat:ez7ufkkks5g63pfoikzetra7ny

An SDN-Based Approach to Ward Off LAN Attacks

René Rietz, Radoslaw Cwalinski, Hartmut König, Andreas Brinner
2018 Journal of Computer Networks and Communications  
In this paper, we propose based on an analysis of typical LAN-based attacks an approach for preventing these attacks for both IPv4 and IPv6 networks.  ...  The detection of attacks on large administrative network domains is nowadays generally accomplished centrally by analyzing the data traffic on the uplink to the Internet.  ...  ., the flow analysis, use primarily accounting information of the network and transport layer [1] and are thus unable to detect actions at the data link layer. erefore, an attacker can use any link layer  ... 
doi:10.1155/2018/4127487 fatcat:iiccqyhuf5dybhrnzk2r6pt4xa

Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP)

Abdullah Ahmed Bahashwan, Mohammed Anbar, Iznan Husainy Hasbullah, Ziyad R. Alashhab, Ali Bin-Salem
2021 IEEE Access  
Any nodes in the IPv6 network can send NS messages at any time to request a link-layer address of a target node on the same link-local network.  ...  Flow-based construction for the detection of abnormal NDP traffic caused by the RA DoS flooding attack is expressed as follows: Another aspect of this stage is the flow-based aggregation.  ...  His current research interests include IOT, wireless LAN, QoS, 4G & 5G Networks, cross-Layer, optimization techniques, distributed system, and client-server architecture.  ... 
doi:10.1109/access.2021.3066630 fatcat:wqzwsiqjfreq7evqi4tsf5n7i4

Detection and Mitigation of Flood Attacks in IPv6 Enabled Software Defined Networks

O. Ashimi Quadri, Adeniji Oluwashola David
2020 Advances in Research  
as first signs of an attack are detected.  ...  To resolve this problem, the research developed a mechanism that detects and mitigates flood attacks in IPv6 enabled software to define networks.  ...  ACKNOWLEDGEMENT The authors wish to thank the Department of Computer Science, University of Ibadan for the support in this research work.  ... 
doi:10.9734/air/2020/v21i830221 fatcat:qylu726zfvabhdsldji7wp573y

Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks

Ayman Al-Ani, Mohammed Anbar, Shams A. Laghari, Ahmed K. Al-Ani, Muhammad Asif
2020 PLoS ONE  
IPv6 fragmentation in OpenFlow networks.  ...  This study tests the IPv6 fragmented packets that can evade the OpenFlow firewall, and proposes a new mechanism to guard against attacks carried out by malicious users to exploit IPv6 fragmentation loophole  ...  The RA based attack is one of the most common attacks in the IPv6 network, which is rogue RA message crafted by the attacker and send to IPv6 nodes in the network to inject rogue information in the IPv6  ... 
doi:10.1371/journal.pone.0232574 pmid:32392261 fatcat:hn6mei4rubdvjp62akcezgnfgu

Review on IPv6 Security Vulnerability Issues and Mitigation Methods

2012 International journal of network security and its applications  
This paper reviews IPv6 security vulnerabilities that have large potential exploitation in terms of denial of service attacks.  ...  One of the main purposes of Internet Protocol version 6 (IPv6) developments was to solve the IP address depletion concern due to the burgeoning growth of the Internet users.  ...  ACKNOWLEDGEMENTS This research was supported by the Directorate General of Higher Education, Ministry of Education and Culture, the Republic of Indonesia, and in collaboration with National Advanced IPv6  ... 
doi:10.5121/ijnsa.2012.4613 fatcat:vqfoepqq5vg4jlk4rpmhhvldle


Rosilah Hassan, Amjed Sid Ahmed, Nur Effendy Osman
2014 American Journal of Applied Sciences  
This study presents a new mechanism to avoid security threats for IPv6 NDP based on digital signature procedures.  ...  attacks.  ...  Protecting ND is important as it is frequently subjected to attacks (Liu and Qing, 2013) . Known to cause disruption in the flow of IP packets.  ... 
doi:10.3844/ajassp.2014.1472.1479 fatcat:l7qvwqqfuvd5bnehixj6i7bbg4

Header of death: security implications of IPv6 extension headers to the open-source firewall

Anazel P. Gamilla, Marlon A. Naagas
2022 Bulletin of Electrical Engineering and Informatics  
Using IPv6 packet manipulations technique, the attacker can evade the target network including the firewall and target host that can lead to a complete unavailability of network service.  ...  The common vulnerability scoring system (CVSS) also indicates that the base, temporal, and environment metric groups of IPv6 EHs vulnerabilities were in the critical level of severity.  ...  for the implementation and testing of our experiments.  ... 
doi:10.11591/eei.v11i1.3446 fatcat:hb6lrz6ogffb7dk7kapg4evaw4

Network Based Intrusion Detection And Prevention Systems In Ip-Level Security Protocols

R. Kabila
2008 Zenodo  
We propose the design and implementation of controlled Internet security system, which is IPsec-based Internet information security system in IPv4/IPv6 network and also we show the data of performance  ...  IPsec technology has been implemented on various platforms in IPv4 and IPv6, gradually replacing old application-specific security mechanisms.  ...  Detection Events Types The types of events most commonly detected by networkbased IDPS sensors include the following: 1) Application Layer Reconnaissance and Attacks Most network-based IDPSs analyze  ... 
doi:10.5281/zenodo.1083488 fatcat:dwj7ivpjwvbshltwqaicf4mdfa

Security Threats among DICOM Imaging Communications in Public Networks

Feng Zhou, Zhongqi Zhang, Jin Wang, Bin Li, Jeong-Uk Kim
2014 International Journal of Future Generation Communication and Networking  
In this paper, we first analyzes how actual security threats and different types of attacks affect IPv6 networks while transmitting Digital Imaging and Communications in Medicine (DICOM) files through  ...  Second, illustrate some shortcomings of IPv6 and IPv6's traffic loads. Finally, some possible solutions against a number of security threats in IPv6 DICOM files transmitting networks have been given.  ...  It was also supported by the National Natural Science Foundation of China (61402234). Prof. Jeong -Uk Kim is the corresponding author.  ... 
doi:10.14257/ijfgcn.2014.7.6.22 fatcat:lu76j7ykkffdnbsk6twhqhfgcy

A Neuro-Fuzzy System to Detect IPv6 Router Alert Option DoS Packets

Shubair Abdullah
2018 ˜The œinternational Arab journal of information technology  
Detecting the denial of service attacks that solely target the router is a maximum security imperative in deploying IPv6 networks.  ...  However, the detection performance is highly affected by the quality of the feature selector and the reliability of datasets of IPv6 flow information.  ...  Then, an explanation of the process of developing a neuro-fuzzy expert system to classify the IPv6 packets and detect the router alert DoS attack in IPv6 networks.  ... 
doi:10.34028/iajit/17/1/3 fatcat:7haqql3jlzfrtckeoatmuxi4m4

Labelled Dataset on Distributed Denial-of-Service (DDoS) Attacks Based on Internet Control Message Protocol Version 6 (ICMPv6)

Selvakumar Manickam, Adnan Hasan Bdair AIghuraibawi, Rosni Abdullah, Zaid Abdi Alkareem Alyasseri, Karrar Hameed Abdulkareem, Mazin Abed Mohammed, Ayman Alani, Nawab Muhammad Faseeh Qureshi
2022 Wireless Communications and Mobile Computing  
The most dangerous attack against IPv6 networks today is a distributed denial-of-service (DDoS) attack using Internet Control Message Protocol version 6 (ICMPv6) messages.  ...  When implemented in a real network, however, a detection system that relies on a dataset with incorrect packet or flow representation and contains unqualified features generates a large number of false  ...  set, detection accuracy is directly proportional to the strength of the specific features.  ... 
doi:10.1155/2022/8060333 fatcat:dcv5uzlhhnadfm27dxnyeowcda

Flow-Based Network Management: A Report from the IRTF NMRG Workshop

Ricardo de O. Schmidt, Ramin Sadre, Luuk Hendriks
2016 Journal of Network and Systems Management  
Following the tradition of the IRTF NMRG, the workshop focused on technologies, developments, and challenges of using flow-level traffic measurements for network management.  ...  This is the report on the Workshop on Flow-Based Network Management, held within the 37th IRTF NMRG meeting, during IETF 93, on 24th July 2015, in Prague, Czech Republic.  ...  Acknowledgements This report was partially supported by the Self-managing Anycast Networks for DNS project ( and by the EU FP7 Mobile Cloud Networking project (#318109).  ... 
doi:10.1007/s10922-016-9365-0 fatcat:jq6whuvwknb4bcvmkus5qbhqrm

Code Augmentation for Detecting Covert Channels Targeting the IPv6 Flow Label

Luca Caviglione, Marco Zuppelli, Wojciech Mazurczyk, Andreas Shaffhauser, Matteo Repetto
2021 Zenodo  
The increasing diffusion of IPv6 makes it attractive for an attacker, especially for the presence of the Flow Label field, which can be manipulated to contain up to 20 secret bits per packet.  ...  This paper showcases how to take advantage of code augmentation features (i.e., the extended Berkeley Packet Filter) to detect covert channels targeting the IPv6 Flow Label.  ...  The authors would like to thank ntop ( for providing a free license of nProbePro used in experiments.  ... 
doi:10.5281/zenodo.4967418 fatcat:pfmutd7p5vcs7pvzalu7r2beiq
« Previous Showing results 1 — 15 out of 2,770 results