Earticle

초록

영어

In addition to addressing the scarcity of IP address space, Internet Protocol version 6 (IPv6) also addressed some of the shortcomings of Internet Protocol version 4(IPv4). These include neighbor discovery, address auto-configuration, and others. Many of this message exchange are done via the Internet Control Message Protocol (ICMP) and the use of this protocol in the IPv6 paradigm, i.e. ICMPv6 plays a bigger role compared to ICMPv4. One of the key process that is carried during neighbor discovery process is to check if the address generated already exists. This process is called the Duplicate Address Detection (DAD). Nevertheless, the design of this process has led to a severe security vulnerability allowing attackers to easily carry out Denial-of-Service (DoS) attack by causing every address generated to be a duplicate leading to new hosts unable to join the network. Various techniques and mechanisms have been introduced to address this vulnerability such as NDPMon, SeND, and SAVA. Nevertheless, these techniques are either not robust or have performance implications vis-à-vis with the DAD DoS detection and mitigation. In this paper, we put forward a novel framework that is able to detect, mitigate DoS attacks while being light-weight at the same time.

목차

Abstract
 1. Introduction
 2. Related Works
  2.1 Existing Detection Mechanisms
  2.2 Existing Mitigation Mechanisms
 3. Proposed Scheme
  3.1 Assumptions
  3.2 Design of Integrated Framework
  3.3 Elements of Proposed Framework
  3.4 Proposed Framework Scheme
 5. Conclusion and Future Work
 References

키워드

저자

• Shafiq Ul Rehman [ National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia ]
• Selvakumar Manickam [ National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia ]

참고문헌

발행기관

간행물

표지보기 관심저널 등록

• 간행물명

  International Journal of Security and Its Applications

• 간기

  격월간

• pISSN

  1738-9976

• 수록기간

  2008~2016

• 등재여부

  SCOPUS

• 십진분류

  KDC 505 DDC 605