Analysing denial of service attack traffic signature in IPv6 local network using correlation inspection

摘要

One of the most effective Cyber-attacks against legitimate targets is Denial of Service (Dos). Despite the fact that security improvements in IPv6 are notable, meanwhile “black hat” experts launch their continuous threats against business network and banking systems to damage the network service development. In order to mitigate such security threat, we need to understand the infrastructure and the underlining mechanism. In this paper, we examine the traffic signatures of different denial of service (Dos) attacks that affect IPv6 protocol by using packet analyzer tools in collaboration with a popular IPv6 security assessment tool and traffic correlational values to establish the similarities and difference between various Dos attack traffic signatures (i.e. uniqueness). The level of uniqueness of the attack traffic signatures is used to determine whether a correlational-based intrusion detection technique is suitable for mitigating Dos attacks in IPv6. A comprehensive table of all simulated Dos attacks is illustrated to present the observations and inferences drawn from the assessments achieved through two different operating system platforms (Windows and Linux). This new analysis approach is added to many pre-existing works carried out to investigate the security of IPv6 protocol.