Flow-based detection of IPv6-specific network layer attacks

Luuk Hendriks*, Petr Velan, Ricardo de O. Schmidt, Pieter-Tjerk de Boer, Aiko Pras

*Corresponding author for this work

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    2 Citations (Scopus)
    45 Downloads (Pure)

    Abstract

    With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

    Original languageEnglish
    Title of host publicationSecurity of Networks and Services in an All-Connected World
    Subtitle of host publication11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings
    EditorsDaphne Tuncer, Robert Koch, Rémi Badonne, Burkhard Stiller
    Place of PublicationCham
    PublisherSpringer
    Pages137-142
    Number of pages6
    ISBN (Electronic)978-3-319-60774-0
    ISBN (Print)978-3-319-60773-3
    DOIs
    Publication statusPublished - 2017
    Event11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017 - Zurich, Switzerland
    Duration: 10 Jul 201713 Jul 2017
    Conference number: 11

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer
    Volume10356
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349
    NameLecture Notes in Computer Communication Networks and Telecommunications
    PublisherSpringer

    Conference

    Conference11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017
    Abbreviated titleAIMS
    CountrySwitzerland
    CityZurich
    Period10/07/1713/07/17

    Fingerprint Dive into the research topics of 'Flow-based detection of IPv6-specific network layer attacks'. Together they form a unique fingerprint.

  • Cite this

    Hendriks, L., Velan, P., de O. Schmidt, R., de Boer, P-T., & Pras, A. (2017). Flow-based detection of IPv6-specific network layer attacks. In D. Tuncer, R. Koch, R. Badonne, & B. Stiller (Eds.), Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings (pp. 137-142). (Lecture Notes in Computer Science; Vol. 10356), (Lecture Notes in Computer Communication Networks and Telecommunications). Cham: Springer. https://doi.org/10.1007/978-3-319-60774-0_11