SADetection: Security Mechanisms to Detect SLAAC Attack in IPv6 Link-Local Network
DOI:
https://doi.org/10.31449/inf.v46i9.4441Abstract
Neighbour Discovery Protocol (NDP) attacks are a serious security concern for IPv6. Attackers utilise the Stateless Address Auto-configuration (SLAAC) NDP attack type to target the SLAAC process. SLAAC attacks can compromise an IPv6 link-local network and expose private data. Attack detection mechanisms including RA-Guard, Snort IPv6 Plugin, SLAAC detection method by Buenaventura et al., and SLAAC Security Method by Massamba et al. have been proposed by researchers to address this issue. However, the detection algorithms have a number of shortcomings, including a complete reliance on preconfigured router databases. Additionally, fragment packets and packets with Hop-by-Hop Options and Destination Options extension headers are not detectable by the detection techniques for hidden RA messages. In this study, a rule-based detection method called SADetection is proposed for use in IPv6 link-local networks to identify SLAAC attacks. Both an illegal Router Advertisement (RA) message and a concealed RA message in a packet with an extension header have been found by SADetection. SADetection has demonstrated a detection accuracy of 98\% percent and the capacity to defend an IPv6 link-local network from SLAAC attacks.References
S. Deering and R. Hinden, “Internet pro-
tocol, version 6 (ipv6) specification,” Tech.
Rep., 2017.
T. Narten, E. Nordmark, W. Simpson, and
H. Soliman, “Neighbor discovery for ip ver-
sion 6 (ipv6),” Tech. Rep., 2007.
S. Thomson, T. Narten, and T. Jinmei, “Ipv6
stateless address autoconfiguration,” Tech.
Rep., 2007.
P. Nikander, J. Kempf, and E. Nordmark,
“Ipv6 neighbor discovery (nd) trust models
and threats,” Tech. Rep., 2004.
Downloads
Published
How to Cite
Issue
Section
License
I assign to Informatica, An International Journal of Computing and Informatics ("Journal") the copyright in the manuscript identified above and any additional material (figures, tables, illustrations, software or other information intended for publication) submitted as part of or as a supplement to the manuscript ("Paper") in all forms and media throughout the world, in all languages, for the full term of copyright, effective when and if the article is accepted for publication. This transfer includes the right to reproduce and/or to distribute the Paper to other journals or digital libraries in electronic and online forms and systems.
I understand that I retain the rights to use the pre-prints, off-prints, accepted manuscript and published journal Paper for personal use, scholarly purposes and internal institutional use.
In certain cases, I can ask for retaining the publishing rights of the Paper. The Journal can permit or deny the request for publishing rights, to which I fully agree.
I declare that the submitted Paper is original, has been written by the stated authors and has not been published elsewhere nor is currently being considered for publication by any other journal and will not be submitted for such review while under review by this Journal. The Paper contains no material that violates proprietary rights of any other person or entity. I have obtained written permission from copyright owners for any excerpts from copyrighted works that are included and have credited the sources in my article. I have informed the co-author(s) of the terms of this publishing agreement.
Copyright © Slovenian Society Informatika
