Flow-based detection of IPv6-specific network layer attacks

Luuk  Hendriks; Petr Velan; Ricardo  de O. Schmidt; Pieter-Tjerk  de Boer; Aiko  Pras

doi:10.1007/978-3-319-60774-0_11

Flow-based detection of IPv6-specific network layer attacks

Luuk Hendriks^*, Petr Velan, Ricardo de O. Schmidt, Pieter-Tjerk de Boer, Aiko Pras

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

2 Citations (Scopus)

33 Downloads (Pure)

Abstract

With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

Original language	English
Title of host publication	Security of Networks and Services in an All-Connected World
Subtitle of host publication	11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings
Editors	Daphne Tuncer, Robert Koch, Rémi Badonne, Burkhard Stiller
Place of Publication	Cham
Publisher	Springer
Pages	137-142
Number of pages	6
ISBN (Electronic)	978-3-319-60774-0
ISBN (Print)	978-3-319-60773-3
DOIs	https://doi.org/10.1007/978-3-319-60774-0_11
Publication status	Published - 2017
Event	11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017 - Zurich, Switzerland Duration: 10 Jul 2017 → 13 Jul 2017 Conference number: 11

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	10356
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Name	Lecture Notes in Computer Communication Networks and Telecommunications
Publisher	Springer

Conference

Conference	11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017
Abbreviated title	AIMS
Country	Switzerland
City	Zurich
Period	10/07/17 → 13/07/17

Fingerprint

Network layers

Attack

Monitoring

Signature

Vulnerability

Traffic

Prototype

Cite this

Hendriks, L., Velan, P., de O. Schmidt, R., de Boer, P-T., & Pras, A. (2017). Flow-based detection of IPv6-specific network layer attacks. In D. Tuncer, R. Koch, R. Badonne, & B. Stiller (Eds.), Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings (pp. 137-142). (Lecture Notes in Computer Science; Vol. 10356), (Lecture Notes in Computer Communication Networks and Telecommunications). Cham: Springer. https://doi.org/10.1007/978-3-319-60774-0_11

Hendriks, Luuk ; Velan, Petr ; de O. Schmidt, Ricardo ; de Boer, Pieter-Tjerk ; Pras, Aiko . / Flow-based detection of IPv6-specific network layer attacks. Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. editor / Daphne Tuncer ; Robert Koch ; Rémi Badonne ; Burkhard Stiller. Cham : Springer, 2017. pp. 137-142 (Lecture Notes in Computer Science). (Lecture Notes in Computer Communication Networks and Telecommunications).

@inproceedings{2fd77bd570784ede96fb7a41a65042d3,

title = "Flow-based detection of IPv6-specific network layer attacks",

abstract = "With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.",

author = "Luuk Hendriks and Petr Velan and {de O. Schmidt}, Ricardo and {de Boer}, Pieter-Tjerk and Aiko Pras",

year = "2017",

doi = "10.1007/978-3-319-60774-0_11",

language = "English",

isbn = "978-3-319-60773-3",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "137--142",

editor = "Daphne Tuncer and Robert Koch and R{\'e}mi Badonne and Burkhard Stiller",

booktitle = "Security of Networks and Services in an All-Connected World",

}

Hendriks, L, Velan, P, de O. Schmidt, R, de Boer, P-T & Pras, A 2017, Flow-based detection of IPv6-specific network layer attacks. in D Tuncer, R Koch, R Badonne & B Stiller (eds), Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. Lecture Notes in Computer Science, vol. 10356, Lecture Notes in Computer Communication Networks and Telecommunications, Springer, Cham, pp. 137-142, 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Zurich, Switzerland, 10/07/17. https://doi.org/10.1007/978-3-319-60774-0_11

Flow-based detection of IPv6-specific network layer attacks. / Hendriks, Luuk ; Velan, Petr; de O. Schmidt, Ricardo ; de Boer, Pieter-Tjerk ; Pras, Aiko .

Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. ed. / Daphne Tuncer; Robert Koch; Rémi Badonne; Burkhard Stiller. Cham : Springer, 2017. p. 137-142 (Lecture Notes in Computer Science; Vol. 10356), (Lecture Notes in Computer Communication Networks and Telecommunications).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Flow-based detection of IPv6-specific network layer attacks

AU - Hendriks, Luuk

AU - Velan, Petr

AU - de O. Schmidt, Ricardo

AU - de Boer, Pieter-Tjerk

AU - Pras, Aiko

PY - 2017

Y1 - 2017

N2 - With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

AB - With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

UR - http://www.scopus.com/inward/record.url?scp=85025133530&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-60774-0_11

DO - 10.1007/978-3-319-60774-0_11

M3 - Conference contribution

AN - SCOPUS:85025133530

SN - 978-3-319-60773-3

T3 - Lecture Notes in Computer Science

SP - 137

EP - 142

BT - Security of Networks and Services in an All-Connected World

A2 - Tuncer, Daphne

A2 - Koch, Robert

A2 - Badonne, Rémi

A2 - Stiller, Burkhard

PB - Springer

CY - Cham

ER -

Hendriks L, Velan P, de O. Schmidt R, de Boer P-T , Pras A. Flow-based detection of IPv6-specific network layer attacks. In Tuncer D, Koch R, Badonne R, Stiller B, editors, Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. Cham: Springer. 2017. p. 137-142. (Lecture Notes in Computer Science). (Lecture Notes in Computer Communication Networks and Telecommunications). https://doi.org/10.1007/978-3-319-60774-0_11

Access to Document

10.1007/978-3-319-60774-0_11

Hendriks2017flow-basedFinal published version, 163 KB

Link to publication in Scopus