To accommodate more hosts in the network, IP Version 6 (IPv6) is used. It also allows flexibility in allocating addresses and efficient routing for internet traffic using Stateless Autoconfiguration method (SLAAC) and Neighbor Discovery Protocol (NDP). Although efficient, NDP and SLAAC represent a significant security risk in IPv6. IPSec, which is mandated by the IPv6 specifications for security, is not suited to easily secure Ipv6 messages because of the need to manually configure the IPSec keys. Without IPSec protection, IPv6 messages can be easily spoofed. In this paper we propose a host based IDS using active detection technique for IPv6 (NDP). In this scheme we verify any change made in host cache using either data tables (passive) or by sending active probes in real time. The scheme is successfully validated in a test bed with various attack scenarios and the results show the effectiveness of the proposed technique.
展开▼