A New Approach Of Network Intrusion Detection In 6TO4 Tunneling
Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration proce...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/20748/1/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling%20-%20Alauddin%20Maulana%20Hirzan%20-%2024%20Pages.pdf http://eprints.utem.edu.my/id/eprint/20748/2/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling.pdf http://eprints.utem.edu.my/id/eprint/20748/ https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=106084 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utem.eprints.20748 |
|---|---|
| record_format |
eprints |
| spelling |
my.utem.eprints.207482022-02-03T11:17:39Z http://eprints.utem.edu.my/id/eprint/20748/ A New Approach Of Network Intrusion Detection In 6TO4 Tunneling Hirzan, Alauddin Maulana T Technology (General) TK Electrical engineering. Electronics Nuclear engineering Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration process from IPv4 to IPv6 network. However, there are security considerations of this mechanism due to the double encapsulation of packets. Basically, this mechanism encapsulates IPv6 packets with IPv4 datagram to allow transmission. Attacker from IPv6 network can use this tunneling mechanism to send intrusion without being detected by Network Intrusion Detection System. Normally NIDS only capable to decapsulate packet once, and NIDS like Snort cannot detect payload with protocol 41. Thus, a new approach is needed to handle decapsulation of second layer of packet, and extraction for the needed information for detection. This design adds a secondary decapsulation process of NIDS when NIDS detects a 6to4 packets. The design will decapsulate the second layer, and extract the information from the payload and continue to the detection process. The detection process itself is signature-based, where intrusions’ unique and repetitive information are defined inside the ruleset. The design implemented to Java-based NIDS for testing purpose, and run under attack simulations. According to the test, all attacks are detected as True Positive detection with several reply packets detected as False Negative detection. 2017 Thesis NonPeerReviewed text en http://eprints.utem.edu.my/id/eprint/20748/1/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling%20-%20Alauddin%20Maulana%20Hirzan%20-%2024%20Pages.pdf text en http://eprints.utem.edu.my/id/eprint/20748/2/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling.pdf Hirzan, Alauddin Maulana (2017) A New Approach Of Network Intrusion Detection In 6TO4 Tunneling. Masters thesis, Universiti Teknikal Malaysia Melaka. https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=106084 |
| institution |
Universiti Teknikal Malaysia Melaka |
| building |
UTEM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknikal Malaysia Melaka |
| content_source |
UTEM Institutional Repository |
| url_provider |
http://eprints.utem.edu.my/ |
| language |
English English |
| topic |
T Technology (General) TK Electrical engineering. Electronics Nuclear engineering |
| spellingShingle |
T Technology (General) TK Electrical engineering. Electronics Nuclear engineering Hirzan, Alauddin Maulana A New Approach Of Network Intrusion Detection In 6TO4 Tunneling |
| description |
Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration process from IPv4 to IPv6 network. However, there are security considerations of this mechanism due to the double encapsulation of packets. Basically, this mechanism encapsulates IPv6 packets with IPv4 datagram to allow transmission. Attacker from IPv6 network can use this tunneling mechanism to send intrusion without being
detected by Network Intrusion Detection System. Normally NIDS only capable to decapsulate packet once, and NIDS like Snort cannot detect payload with protocol 41. Thus, a new approach is needed to handle decapsulation of second layer of packet, and extraction for the needed information for detection. This design adds a secondary decapsulation process of NIDS when NIDS detects a 6to4 packets. The design will decapsulate the second layer, and extract the information from the payload and continue to the detection process. The detection process itself is signature-based, where intrusions’ unique and repetitive information are defined inside the ruleset. The design implemented to Java-based NIDS for testing purpose, and run under attack simulations. According to the test, all attacks are detected as True Positive detection with several reply packets detected as False Negative detection. |
| format |
Thesis |
| author |
Hirzan, Alauddin Maulana |
| author_facet |
Hirzan, Alauddin Maulana |
| author_sort |
Hirzan, Alauddin Maulana |
| title |
A New Approach Of Network Intrusion Detection In 6TO4 Tunneling |
| title_short |
A New Approach Of Network Intrusion Detection In 6TO4 Tunneling |
| title_full |
A New Approach Of Network Intrusion Detection In 6TO4 Tunneling |
| title_fullStr |
A New Approach Of Network Intrusion Detection In 6TO4 Tunneling |
| title_full_unstemmed |
A New Approach Of Network Intrusion Detection In 6TO4 Tunneling |
| title_sort |
new approach of network intrusion detection in 6to4 tunneling |
| publishDate |
2017 |
| url |
http://eprints.utem.edu.my/id/eprint/20748/1/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling%20-%20Alauddin%20Maulana%20Hirzan%20-%2024%20Pages.pdf http://eprints.utem.edu.my/id/eprint/20748/2/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling.pdf http://eprints.utem.edu.my/id/eprint/20748/ https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=106084 |
| _version_ |
1724077948589309952 |
| score |
13.211869 |