Flow-based detection of IPv6-specific network layer attacks

Abstract

With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

Original languageEnglish
Title of host publicationSecurity of Networks and Services in an All-Connected World
Subtitle of host publication11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings
EditorsDaphne Tuncer, Robert Koch, Rémi Badonne, Burkhard Stiller
Place of PublicationCham
PublisherSpringer
Pages137-142
Number of pages6
ISBN (Electronic)978-3-319-60774-0
ISBN (Print)978-3-319-60773-3
DOIs
StatePublished - 2017
Event11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017 - Zurich, Switzerland

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume10356
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349
NameLecture Notes in Computer Communication Networks and Telecommunications
PublisherSpringer

Conference

Conference11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017
Abbreviated titleAIMS
CountrySwitzerland
CityZurich
Period10/07/1713/07/17

Fingerprint

Monitoring
Network layers

Cite this

Hendriks, L., Velan, P., de O. Schmidt, R., de Boer, P-T., & Pras, A. (2017). Flow-based detection of IPv6-specific network layer attacks. In D. Tuncer, R. Koch, R. Badonne, & B. Stiller (Eds.), Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings (pp. 137-142). (Lecture Notes in Computer Science; Vol. 10356), (Lecture Notes in Computer Communication Networks and Telecommunications). Cham: Springer. DOI: 10.1007/978-3-319-60774-0_11

Hendriks, Luuk ; Velan, Petr; de O. Schmidt, Ricardo ; de Boer, Pieter-Tjerk ; Pras, Aiko / Flow-based detection of IPv6-specific network layer attacks.

Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. ed. / Daphne Tuncer; Robert Koch; Rémi Badonne; Burkhard Stiller. Cham : Springer, 2017. p. 137-142 (Lecture Notes in Computer Science; Vol. 10356), (Lecture Notes in Computer Communication Networks and Telecommunications).

Research output: Scientific - peer-reviewConference contribution

@inbook{2fd77bd570784ede96fb7a41a65042d3,
title = "Flow-based detection of IPv6-specific network layer attacks",
abstract = "With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.",
author = "Luuk Hendriks and Petr Velan and {de O. Schmidt}, Ricardo and {de Boer}, Pieter-Tjerk and Aiko Pras",
year = "2017",
doi = "10.1007/978-3-319-60774-0_11",
isbn = "978-3-319-60773-3",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "137--142",
editor = "Daphne Tuncer and Robert Koch and Rémi Badonne and Burkhard Stiller",
booktitle = "Security of Networks and Services in an All-Connected World",

}

Hendriks, L, Velan, P, de O. Schmidt, R, de Boer, P-T & Pras, A 2017, Flow-based detection of IPv6-specific network layer attacks. in D Tuncer, R Koch, R Badonne & B Stiller (eds), Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. Lecture Notes in Computer Science, vol. 10356, Lecture Notes in Computer Communication Networks and Telecommunications, Springer, Cham, pp. 137-142, 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Zurich, Switzerland, 10-13 July. DOI: 10.1007/978-3-319-60774-0_11

Flow-based detection of IPv6-specific network layer attacks. / Hendriks, Luuk ; Velan, Petr; de O. Schmidt, Ricardo ; de Boer, Pieter-Tjerk ; Pras, Aiko .

Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. ed. / Daphne Tuncer; Robert Koch; Rémi Badonne; Burkhard Stiller. Cham : Springer, 2017. p. 137-142 (Lecture Notes in Computer Science; Vol. 10356), (Lecture Notes in Computer Communication Networks and Telecommunications).

Research output: Scientific - peer-reviewConference contribution

TY - CHAP

T1 - Flow-based detection of IPv6-specific network layer attacks

AU - Hendriks,Luuk

AU - Velan,Petr

AU - de O. Schmidt,Ricardo

AU - de Boer,Pieter-Tjerk

AU - Pras,Aiko

PY - 2017

Y1 - 2017

N2 - With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

AB - With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

UR - http://www.scopus.com/inward/record.url?scp=85025133530&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-60774-0_11

DO - 10.1007/978-3-319-60774-0_11

M3 - Conference contribution

SN - 978-3-319-60773-3

T3 - Lecture Notes in Computer Science

SP - 137

EP - 142

BT - Security of Networks and Services in an All-Connected World

PB - Springer

ER -

Hendriks L, Velan P, de O. Schmidt R, de Boer P-T, Pras A. Flow-based detection of IPv6-specific network layer attacks. In Tuncer D, Koch R, Badonne R, Stiller B, editors, Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. Cham: Springer. 2017. p. 137-142. (Lecture Notes in Computer Science). (Lecture Notes in Computer Communication Networks and Telecommunications). Available from, DOI: 10.1007/978-3-319-60774-0_11