A New Approach Of Network Intrusion Detection In 6TO4 Tunneling

Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration proce...

Full description

Saved in:
Bibliographic Details
Main Author: Hirzan, Alauddin Maulana
Format: Thesis
Language:English
English
Published: 2017
Subjects:
Online Access:http://eprints.utem.edu.my/id/eprint/20748/1/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling%20-%20Alauddin%20Maulana%20Hirzan%20-%2024%20Pages.pdf
http://eprints.utem.edu.my/id/eprint/20748/2/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-utem-ep.20748
record_format uketd_dc
spelling my-utem-ep.207482022-02-03T11:17:39Z A New Approach Of Network Intrusion Detection In 6TO4 Tunneling 2017 Hirzan, Alauddin Maulana T Technology (General) TK Electrical engineering. Electronics Nuclear engineering Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration process from IPv4 to IPv6 network. However, there are security considerations of this mechanism due to the double encapsulation of packets. Basically, this mechanism encapsulates IPv6 packets with IPv4 datagram to allow transmission. Attacker from IPv6 network can use this tunneling mechanism to send intrusion without being detected by Network Intrusion Detection System. Normally NIDS only capable to decapsulate packet once, and NIDS like Snort cannot detect payload with protocol 41. Thus, a new approach is needed to handle decapsulation of second layer of packet, and extraction for the needed information for detection. This design adds a secondary decapsulation process of NIDS when NIDS detects a 6to4 packets. The design will decapsulate the second layer, and extract the information from the payload and continue to the detection process. The detection process itself is signature-based, where intrusions’ unique and repetitive information are defined inside the ruleset. The design implemented to Java-based NIDS for testing purpose, and run under attack simulations. According to the test, all attacks are detected as True Positive detection with several reply packets detected as False Negative detection. 2017 Thesis http://eprints.utem.edu.my/id/eprint/20748/ http://eprints.utem.edu.my/id/eprint/20748/1/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling%20-%20Alauddin%20Maulana%20Hirzan%20-%2024%20Pages.pdf text en public http://eprints.utem.edu.my/id/eprint/20748/2/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling.pdf text en validuser https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=106084 mphil masters Universiti Teknikal Malaysia Melaka Faculty of Information and Communication Technology
institution Universiti Teknikal Malaysia Melaka
collection UTeM Repository
language English
English
topic T Technology (General)
T Technology (General)
spellingShingle T Technology (General)
T Technology (General)
Hirzan, Alauddin Maulana
A New Approach Of Network Intrusion Detection In 6TO4 Tunneling
description Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration process from IPv4 to IPv6 network. However, there are security considerations of this mechanism due to the double encapsulation of packets. Basically, this mechanism encapsulates IPv6 packets with IPv4 datagram to allow transmission. Attacker from IPv6 network can use this tunneling mechanism to send intrusion without being detected by Network Intrusion Detection System. Normally NIDS only capable to decapsulate packet once, and NIDS like Snort cannot detect payload with protocol 41. Thus, a new approach is needed to handle decapsulation of second layer of packet, and extraction for the needed information for detection. This design adds a secondary decapsulation process of NIDS when NIDS detects a 6to4 packets. The design will decapsulate the second layer, and extract the information from the payload and continue to the detection process. The detection process itself is signature-based, where intrusions’ unique and repetitive information are defined inside the ruleset. The design implemented to Java-based NIDS for testing purpose, and run under attack simulations. According to the test, all attacks are detected as True Positive detection with several reply packets detected as False Negative detection.
format Thesis
qualification_name Master of Philosophy (M.Phil.)
qualification_level Master's degree
author Hirzan, Alauddin Maulana
author_facet Hirzan, Alauddin Maulana
author_sort Hirzan, Alauddin Maulana
title A New Approach Of Network Intrusion Detection In 6TO4 Tunneling
title_short A New Approach Of Network Intrusion Detection In 6TO4 Tunneling
title_full A New Approach Of Network Intrusion Detection In 6TO4 Tunneling
title_fullStr A New Approach Of Network Intrusion Detection In 6TO4 Tunneling
title_full_unstemmed A New Approach Of Network Intrusion Detection In 6TO4 Tunneling
title_sort new approach of network intrusion detection in 6to4 tunneling
granting_institution Universiti Teknikal Malaysia Melaka
granting_department Faculty of Information and Communication Technology
publishDate 2017
url http://eprints.utem.edu.my/id/eprint/20748/1/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling%20-%20Alauddin%20Maulana%20Hirzan%20-%2024%20Pages.pdf
http://eprints.utem.edu.my/id/eprint/20748/2/A%20New%20Approach%20Of%20Network%20Intrusion%20Detection%20In%206TO4%20Tunneling.pdf
_version_ 1747833998812381184