SADetection: Security Mechanisms to Detect SLAAC Attack in IPv6 Link-Local Network

Abstract

Neighbour Discovery Protocol (NDP) attacks are a serious security concern for IPv6. Attackers utilise the Stateless Address Auto-configuration (SLAAC) NDP attack type to target the SLAAC process. SLAAC attacks can compromise an IPv6 link-local network and expose private data. Attack detection mechanisms including RA-Guard, Snort IPv6 Plugin, SLAAC detection method by Buenaventura et al., and SLAAC Security Method by Massamba et al. have been proposed by researchers to address this issue. However, the detection algorithms have a number of shortcomings, including a complete reliance on preconfigured router databases. Additionally, fragment packets and packets with Hop-by-Hop Options and Destination Options extension headers are not detectable by the detection techniques for hidden RA messages. In this study, a rule-based detection method called SADetection is proposed for use in IPv6 link-local networks to identify SLAAC attacks. Both an illegal Router Advertisement (RA) message and a concealed RA message in a packet with an extension header have been found by SADetection. SADetection has demonstrated a detection accuracy of 98\% percent and the capacity to defend an IPv6 link-local network from SLAAC attacks.

Author Biography

Mahmood A. Al-Shareeda, National Advanced IPv6 Centre, Universiti Sains Malaysia, 11800, Penang, Malaysia\

obtained his Ph.D. in Advanced Computer Network from University Sains Malaysia (USM). He is currently a Postdoctoral Fellow at National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia. His current research interests include network monitoring, Internet of Things (IoT), Vehicular Ad hoc Network (VANET) security and IPv6 security.

References

S. Deering and R. Hinden, “Internet pro-

tocol, version 6 (ipv6) specification,” Tech.

Rep., 2017.

T. Narten, E. Nordmark, W. Simpson, and

H. Soliman, “Neighbor discovery for ip ver-

sion 6 (ipv6),” Tech. Rep., 2007.

S. Thomson, T. Narten, and T. Jinmei, “Ipv6

stateless address autoconfiguration,” Tech.

Rep., 2007.

P. Nikander, J. Kempf, and E. Nordmark,

“Ipv6 neighbor discovery (nd) trust models

and threats,” Tech. Rep., 2004.

Authors

  • Mahmood A. Al-Shareeda National Advanced IPv6 Centre, Universiti Sains Malaysia, 11800, Penang, Malaysia\
  • Selvakumar Manickam
  • Murtaja Ali Saare
  • Nazrool Bin Omar

DOI:

https://doi.org/10.31449/inf.v46i9.4441

Downloads

Published

01/18/2023

How to Cite

Al-Shareeda, M. A., Manickam, S., Saare, M. A., & Omar, N. B. (2023). SADetection: Security Mechanisms to Detect SLAAC Attack in IPv6 Link-Local Network. Informatica, 46(9). https://doi.org/10.31449/inf.v46i9.4441

Issue

Vol. 46 No. 9 (2022): Online-only issue

Section

Online-only

License

Authors retain copyright in their work. By submitting to and publishing with Informatica, authors grant the publisher (Slovene Society Informatika) the non-exclusive right to publish, reproduce, and distribute the article and to identify itself as the original publisher.

All articles are published under the Creative Commons Attribution license CC BY 3.0. Under this license, others may share and adapt the work for any purpose, provided appropriate credit is given and changes (if any) are indicated.

Authors may deposit and share the submitted version, accepted manuscript, and published version, provided the original publication in Informatica is properly cited.