Flow-based detection of IPv6-specific network layer attacks

Luuk Hendriks*, Petr Velan, Ricardo de O. Schmidt, Pieter-Tjerk de Boer, Aiko Pras

*Corresponding author for this work

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    2 Citations (Scopus)
    33 Downloads (Pure)

    Abstract

    With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

    Original languageEnglish
    Title of host publicationSecurity of Networks and Services in an All-Connected World
    Subtitle of host publication11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings
    EditorsDaphne Tuncer, Robert Koch, Rémi Badonne, Burkhard Stiller
    Place of PublicationCham
    PublisherSpringer
    Pages137-142
    Number of pages6
    ISBN (Electronic)978-3-319-60774-0
    ISBN (Print)978-3-319-60773-3
    DOIs
    Publication statusPublished - 2017
    Event11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017 - Zurich, Switzerland
    Duration: 10 Jul 201713 Jul 2017
    Conference number: 11

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer
    Volume10356
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349
    NameLecture Notes in Computer Communication Networks and Telecommunications
    PublisherSpringer

    Conference

    Conference11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017
    Abbreviated titleAIMS
    CountrySwitzerland
    CityZurich
    Period10/07/1713/07/17

    Fingerprint

    Network layers
    Attack
    Monitoring
    Signature
    Vulnerability
    Traffic
    Prototype

    Cite this

    Hendriks, L., Velan, P., de O. Schmidt, R., de Boer, P-T., & Pras, A. (2017). Flow-based detection of IPv6-specific network layer attacks. In D. Tuncer, R. Koch, R. Badonne, & B. Stiller (Eds.), Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings (pp. 137-142). (Lecture Notes in Computer Science; Vol. 10356), (Lecture Notes in Computer Communication Networks and Telecommunications). Cham: Springer. https://doi.org/10.1007/978-3-319-60774-0_11
    Hendriks, Luuk ; Velan, Petr ; de O. Schmidt, Ricardo ; de Boer, Pieter-Tjerk ; Pras, Aiko . / Flow-based detection of IPv6-specific network layer attacks. Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. editor / Daphne Tuncer ; Robert Koch ; Rémi Badonne ; Burkhard Stiller. Cham : Springer, 2017. pp. 137-142 (Lecture Notes in Computer Science). (Lecture Notes in Computer Communication Networks and Telecommunications).
    @inproceedings{2fd77bd570784ede96fb7a41a65042d3,
    title = "Flow-based detection of IPv6-specific network layer attacks",
    abstract = "With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.",
    author = "Luuk Hendriks and Petr Velan and {de O. Schmidt}, Ricardo and {de Boer}, Pieter-Tjerk and Aiko Pras",
    year = "2017",
    doi = "10.1007/978-3-319-60774-0_11",
    language = "English",
    isbn = "978-3-319-60773-3",
    series = "Lecture Notes in Computer Science",
    publisher = "Springer",
    pages = "137--142",
    editor = "Daphne Tuncer and Robert Koch and R{\'e}mi Badonne and Burkhard Stiller",
    booktitle = "Security of Networks and Services in an All-Connected World",

    }

    Hendriks, L, Velan, P, de O. Schmidt, R, de Boer, P-T & Pras, A 2017, Flow-based detection of IPv6-specific network layer attacks. in D Tuncer, R Koch, R Badonne & B Stiller (eds), Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. Lecture Notes in Computer Science, vol. 10356, Lecture Notes in Computer Communication Networks and Telecommunications, Springer, Cham, pp. 137-142, 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Zurich, Switzerland, 10/07/17. https://doi.org/10.1007/978-3-319-60774-0_11

    Flow-based detection of IPv6-specific network layer attacks. / Hendriks, Luuk ; Velan, Petr; de O. Schmidt, Ricardo ; de Boer, Pieter-Tjerk ; Pras, Aiko .

    Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. ed. / Daphne Tuncer; Robert Koch; Rémi Badonne; Burkhard Stiller. Cham : Springer, 2017. p. 137-142 (Lecture Notes in Computer Science; Vol. 10356), (Lecture Notes in Computer Communication Networks and Telecommunications).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    TY - GEN

    T1 - Flow-based detection of IPv6-specific network layer attacks

    AU - Hendriks, Luuk

    AU - Velan, Petr

    AU - de O. Schmidt, Ricardo

    AU - de Boer, Pieter-Tjerk

    AU - Pras, Aiko

    PY - 2017

    Y1 - 2017

    N2 - With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

    AB - With a vastly different header format, IPv6 introduces new vulnerabilities not possible in IPv4, potentially requiring new detection algorithms. While many attacks specific to IPv6 have proven to be possible and are described in the literature, no detection solutions for these attacks have been proposed. In this study we identify and characterise IPv6-specific attacks that can be detected using flow monitoring. By constructing flow-based signatures, detection can be performed using available technologies such as NetFlow and IPFIX. To validate our approach, we implemented these signatures in a prototype, monitoring two production networks and injecting attacks into the production traffic.

    UR - http://www.scopus.com/inward/record.url?scp=85025133530&partnerID=8YFLogxK

    U2 - 10.1007/978-3-319-60774-0_11

    DO - 10.1007/978-3-319-60774-0_11

    M3 - Conference contribution

    AN - SCOPUS:85025133530

    SN - 978-3-319-60773-3

    T3 - Lecture Notes in Computer Science

    SP - 137

    EP - 142

    BT - Security of Networks and Services in an All-Connected World

    A2 - Tuncer, Daphne

    A2 - Koch, Robert

    A2 - Badonne, Rémi

    A2 - Stiller, Burkhard

    PB - Springer

    CY - Cham

    ER -

    Hendriks L, Velan P, de O. Schmidt R, de Boer P-T, Pras A. Flow-based detection of IPv6-specific network layer attacks. In Tuncer D, Koch R, Badonne R, Stiller B, editors, Security of Networks and Services in an All-Connected World: 11th IFIP WG 6.6 International Conference on Autonomous Infrastructure, Management, and Security, AIMS 2017, Proceedings. Cham: Springer. 2017. p. 137-142. (Lecture Notes in Computer Science). (Lecture Notes in Computer Communication Networks and Telecommunications). https://doi.org/10.1007/978-3-319-60774-0_11