Skip to main content
SpringerLink
Log in

Overview of IPv6 Based DDoS and DoS Attacks Detection Mechanisms

  • Conference paper
  • First Online:
Advances in Cyber Security (ACeS 2019)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1132))

Included in the following conference series:

Abstract

In recent years, the number of Internet users and devices are rapidly increased. For this reason, the Internet Assigned Number Authority (IANA) launched a new protocol called Internet Protocol version six (IPv6) next generation. The IPv6 provides new features that fit the internet revolution. IPv6 is equipped with new protocols such as Neighbor Discovery Protocol (NDP) and Internet Control Messages protocol version six (ICMPv6). In fact, ICMPv6 is considered as the backbone of the IPv6 protocol since it is responsible for many key functions like the NDP process. In addition, the NDP protocol is a stateless protocol that gives the lack of authentication to NDP messages, which is vulnerable to many types of attacks such as Distributed Denial of Services (DDoS) and Denial of Services (DoS) flooding attacks. In this type of attacks, the attacker sends an enormous volume of abnormal traffic to increase network congestion and break down the network. Under those circumstances, the first line of defense in a network has been supplemented by additional devices and tools that supervise the network activities and monitor the network traffic behaviors as well as to stop unauthorized intrusions. Overall, the aim of this review paper is to give pure thoughts about the IPv6 features and the most important related protocols like ICMPv6 protocol and NDP protocol. Also, this article discusses DDoS and DoS attack based on ICMPv6 protocol. Likewise, this article gives a comprehensive review of the IPv6 Intrusion Detection Systems based on DDoS & DoS attacks with their features and security limitations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Zulkiflee, M., Azmi, M., Ahmad, S., Sahib, S., Ghani, M.: A framework of features selection for ipv6 network attacks detection. WSEAS Trans. Commun. 14(46), 399–408 (2015)

    Google Scholar 

  2. Mali, P., Phadke, R., Rao, J., Sanghvi, R.: Mitigating IPv6 Vulnerabilities (2015)

    Google Scholar 

  3. Deering, S., Hinden, R.: Internet protocol, version 6 (IPv6) specification (No. RFC 8200) (2017)

    Google Scholar 

  4. Mun, Y., Lee, H.K.: Understanding IPv6. Springer, Heidelberg (2005). https://doi.org/10.1007/b135746

    Book  Google Scholar 

  5. Saad, R.M., Anbar, M., Manickam, S., Alomari, E.: An intelligent ICMPv6 DDoS flooding-attack detection framework (V6IIDS) using back-propagation neural network. IETE Tech. Rev. 33(3), 244–255 (2016)

    Article  Google Scholar 

  6. Radhakrishnan, R., Jamil, M., Mehfuz, S., Moinuddin, M.: Security issues in IPv6. In: International Conference on Networking and Services (ICNS 2007), pp. 110–110. IEEE (2007)

    Google Scholar 

  7. Tian, J., Li, Z.: The next generation Internet protocol and its test. In: ICC 2001. IEEE International Conference on Communications. Conference Record (Cat. No. 01CH37240), Vol. 1, pp. 210–215. IEEE (2001)

    Google Scholar 

  8. Conta, A., Gupta, M.: Internet control message protocol (ICMPv6) for the internet protocol version 6 (IPv6) specification (2006)

    Google Scholar 

  9. Najjar, F., Kadhum, M.M.: Reliable behavioral dataset for IPv6 neighbor discovery protocol investigation. In: 2015 5th International Conference on IT Convergence and Security (ICITCS), pp. 1–5. IEEE (2015)

    Google Scholar 

  10. Arjuman, N.C., Manickam, S.: A review on ICMPv6 vulnerabilities and its mitigation techniques: classification and art. In: 2015 International Conference on Computer, Communications, and Control Technology (I4CT), pp. 323–327. IEEE (2015)

    Google Scholar 

  11. Osman, A.: Improvement of Address Resolution Security in IPv6 Local Network using Trust-ND (2015)

    Google Scholar 

  12. Anbar, M., Abdullah, R., Saad, R., Hasbullah, I.H.: Review of preventive security mechanisms for neighbour discovery protocol. Adv. Sci. Lett. 23(11), 11306–11310 (2017)

    Article  Google Scholar 

  13. Alsadhan, A.A., Hussain, A., Baker, T., Alfandi, O.: Detecting distributed denial of service attacks in neighbour discovery protocol using machine learning algorithm based on streams representation. In: Huang, D.S., Gromiha, M., Han, K., Hussain, A. (eds.) Intelligent Computing Methodologies, vol. 10956, pp. 551–563. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95957-3_58

    Chapter  Google Scholar 

  14. Zhang, T., Wang, Z.: Research on IPv6 neighbor discovery protocol (NDP) security. In: 2016 2nd IEEE International Conference on Computer and Communications (ICCC), pp. 2032–2035. IEEE (2016)

    Google Scholar 

  15. Saad, R.M., Anbar, M., Manickam, S.: Rule-based detection technique for ICMPv6 anomalous behaviour. Neural Comput. Appl. 30(12), 3815–3824 (2018)

    Article  Google Scholar 

  16. Saad, R., Manickam, S., Alomari, E., Anbar, M., Singh, P.: Design & deployment of testbed based on ICMPv6 flooding attack. J. Theoret. Appl. Inf. Technol. 64(3), 795–801 (2014)

    Google Scholar 

  17. Mowla, N.I., Doh, I., Chae, K.: Multi-defense mechanism against DDoS in SDN based CDNi. In: 2014 Eighth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pp. 447–451. IEEE (2014)

    Google Scholar 

  18. Elejla, O.E., Anbar, M., Belaton, B.: ICMPv6-based DoS and DDoS attacks and defense mechanisms. IETE Tech. Rev. 34(4), 390–407 (2017)

    Article  Google Scholar 

  19. Anbar, M., Abdullah, R., Al-Tamimi, B.N., Hussain, A.: A machine learning approach to detect router advertisement flooding attacks in next-generation IPv6 networks. Cogn. Comput. 10(2), 201–214 (2018)

    Article  Google Scholar 

  20. Elejla, O.E., Belaton, B., Anbar, M., Smadi, I.M.: A new set of features for detecting router advertisement flooding attacks. In: 2017 Palestinian International Conference on Information and Communication Technology (PICICT), pp. 1–5. IEEE (2017)

    Google Scholar 

  21. Anbar, M., Abdullah, R., Hasbullah, I.H., Chong, Y.W., Elejla, O.E.: Comparative performance analysis of classification algorithms for intrusion detection system. In: 2016 14th Annual Conference on Privacy, Security and Trust (PST), pp. 282–288. IEEE (2016)

    Google Scholar 

  22. Papamartzivanos, D., Mármol, F.G., Kambourakis, G.: Dendron: genetic trees driven rule induction for network intrusion detection systems. Future Gener. Comput. Syst. 79, 558–574 (2018)

    Article  Google Scholar 

  23. Jyothsna, V.V.R.P.V., Prasad, V.R., Prasad, K.M.: A review of anomaly based intrusion detection systems. Int. J. Comput. Appl. 28(7), 26–35 (2011)

    Google Scholar 

  24. Moore, N.: Optimistic duplicate address detection (DAD) for IPv6 (No. RFC 4429) (2006)

    Google Scholar 

  25. Uddin, M., Rahman, A.A., Uddin, N., Memon, J., Alsaqour, R.A., Kazi, S.: Signature-based Multi-layer distributed intrusion detection system using mobile agents. IJ Netw. Secur. 15(2), 97–105 (2013)

    Google Scholar 

  26. Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)

    Article  Google Scholar 

  27. Roesch, M.: Snort: lightweight intrusion detection for networks. In: Lisa, vol. 99, no. 1, pp. 229–238 (1999)

    Google Scholar 

  28. Suricata: Suricata—Open Source IDS/IPS/NSM engine. https://suricata-ids.org. Accessed 02 Apr 2019

  29. Gehrke, K.A.: The unexplored impact of ipv6 on intrusion detection systems. Naval Postgraduate School, Monterey, CA, Department of Computer Science (2012)

    Google Scholar 

  30. Patcha, A., Park, J.M.: An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput. Netw. 51(12), 3448–3470 (2007)

    Article  Google Scholar 

  31. Aydın, M.A., Zaim, A.H., Ceylan, K.G.: A hybrid intrusion detection system design for computer network security. Comput. Electr. Eng. 35(3), 517–526 (2009)

    Article  Google Scholar 

  32. Beck, F., Cholez, T., Festor, O., Chrisment, I.: Monitoring the neighbor discovery protocol. In: 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI 2007), pp. 57–57. IEEE (2007)

    Google Scholar 

  33. Lecigne, C.: Ndpwatch, Ethernet/IPv6 address pairings monitor. http://ndpwatch.sourceforge.net/. Accessed 19 Apr 2018

  34. Morse, J.: Router Advert MONitoring Daemon. http://ramond.sourceforge.net/. Accessed 19 Apr 2018

  35. Elejla, O.E., Belaton, B., Anbar, M., Alnajjar, A.: Intrusion detection systems of ICMPv6-based DDoS attacks. Neural Comput. Appl. 30(1), 45–56 (2018)

    Article  Google Scholar 

  36. Barbhuiya, F.A., Biswas, S., Nandi, S.: Detection of neighbor solicitation and advertisement spoofing in IPv6 neighbor discovery protocol. In: Proceedings of the 4th International Conference on Security of Information and Networks, pp. 111–118. ACM (2011)

    Google Scholar 

  37. Bansal, G., Kumar, N., Nandi, S., Biswas, S.: Detection of NDP based attacks using MLD. In: Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 163–167. ACM (2012)

    Google Scholar 

  38. Saad, R.M., Almomani, A., Altaher, A., Gupta, B.B., Manickam, S.: ICMPv6 flood attack detection using DENFIS algorithms. Indian J. Sci. Technol. 7(2), 168 (2014)

    Google Scholar 

  39. Saad, R.M.A.: ICMPv6 echo request DDoS attack detection framework using back-propagation neural network, Doctoral dissertation, Universiti Sains Malaysia (2016)

    Google Scholar 

  40. Liu, Z., Lai, Y.: A data mining framework for building intrusion detection models based on IPv6. In: Park, J.H., Chen, H.H., Atiquzzaman, M., Lee, C., Kim, T., Yeo, S.S. (eds.) ISA 2009. LNCS, vol. 5576, pp. 608–618. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02617-1_62

    Chapter  Google Scholar 

  41. Umer, M.F., Sher, M., Bi, Y.: Flow-based intrusion detection: techniques and challenges. Comput. Secur. 70, 238–254 (2017)

    Article  Google Scholar 

  42. David, J., Thomas, C.: DDoS attack detection using fast entropy approach on flow-based network traffic. Procedia Comput. Sci. 50, 30–36 (2015)

    Article  Google Scholar 

  43. Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against SDN controllers. In: 2015 International Conference on Computing, Networking and Communications (ICNC), pp. 77–81. IEEE (2015)

    Google Scholar 

  44. Özçelik, İ., Brooks, R.R.: Cusum-entropy: an efficient method for DDoS attack detection. In: 2016 4th International Istanbul Smart Grid Congress and Fair (ICSG), pp. 1–5. IEEE (2016)

    Google Scholar 

  45. Shah, S.B.I., Anbar, M., Al-Ani, A., Al-Ani, A.K.: Hybridizing entropy based mechanism with adaptive threshold algorithm to detect RA flooding attack in IPv6 networks. In: Alfred, R., Lim, Y., Ibrahim, A., Anthony, P. (eds.) Computational Science and Technology, vol. 481, pp. 315–323. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-2622-6_31

    Chapter  Google Scholar 

  46. Shone, N., Ngoc, T.N., Phai, V.D., Shi, Q.: A deep learning approach to network intrusion detection. IEEE Trans. Emerg. Top. Comput. Intell. 2(1), 41–50 (2018)

    Article  Google Scholar 

  47. Karatas, G., Demir, O., Sahingoz, O.K.: Deep learning in intrusion detection systems. In: 2018 International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT), pp. 113–116. IEEE, December 2018

    Google Scholar 

  48. Javaid, A., Niyaz, Q., Sun, W., Alam, M.: A deep learning approach for network intrusion detection system. In: Proceedings of the 9th EAI International Conference on Bio-Inspired Information and Communications Technologies (formerly BIONETICS), pp. 21–26. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering) (2016)

    Google Scholar 

  49. Van, N.T., Thinh, T.N., Sach, L.T.: An anomaly-based network intrusion detection system using deep learning. In: 2017 International Conference on System Science and Engineering (ICSSE), pp. 210–214. IEEE (2017)

    Google Scholar 

  50. Gurung, S., Ghose, M.K., Subedi, A.: Deep learning approach on network intrusion detection system using NSL-KDD dataset. Int. J. Comput. Netw. Inf. Secur. 11(3), 8 (2019)

    Google Scholar 

  51. AlSa’deh, A., Meinel, C.: Secure neighbor discovery: review, challenges, perspectives, and recommendations. IEEE Secur. Priv. 10(4), 26–34 (2012)

    Article  Google Scholar 

Download references

Acknowledgment

The authors would like to thank Hadhramout Establishment For Human Development. Yemen-Hadramout-Mukalla for finalacial support of this research work.

Author information

Authors and Affiliations

  1. National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia (USM), 11800, Gelugor, Penang, Malaysia

    Abdullah Ahmed Bahashwan & Mohammed Anbar

  2. Seiyun Community College, Hadhramaut, Yemen

    Sabri M. Hanshi

Authors
  1. Abdullah Ahmed Bahashwan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammed Anbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sabri M. Hanshi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Abdullah Ahmed Bahashwan or Mohammed Anbar .

Editor information

Editors and Affiliations

  1. Universiti Sains Malaysia, Penang, Malaysia

    Mohammed Anbar

  2. Universiti Sains Malaysia, Penang, Malaysia

    Nibras Abdullah

  3. Universiti Sains Malaysia, George Town, Malaysia

    Selvakumar Manickam

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bahashwan, A.A., Anbar, M., Hanshi, S.M. (2020). Overview of IPv6 Based DDoS and DoS Attacks Detection Mechanisms. In: Anbar, M., Abdullah, N., Manickam, S. (eds) Advances in Cyber Security. ACeS 2019. Communications in Computer and Information Science, vol 1132. Springer, Singapore. https://doi.org/10.1007/978-981-15-2693-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-981-15-2693-0_11

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-15-2692-3

  • Online ISBN: 978-981-15-2693-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation