Enhanced Techniques For Detection And Classification Of Neighbor Discovery Protocol Anomalies

Thumbnail Image
Date
2016-08
Authors
S. Najjar, Firas (M.H.)
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
This research presents enhanced solution, called " Intelligent Neighbor Discovery Protocol Monitoring (INDPMon)", for improving the security of IPv6 networks by maintaining constant awareness of Neighbor Discovery Protocol (NDP) incidents, vulnerabilities, and attacks to support organizational risk management decisions. INDPMon adapts a network analysis approach to monitor network layer packets, and utilizes a stateful protocol methodology to precisely describe the protocol anomalies. Extended Finite State Machine is used to understand and analyze the dynamic behavior of the protocol in order to specify the violation events that cause NDP anomalies. The most discriminative events are selected to define the NDP features set which used to characterize the NDP behavior. Testbed has been used to generate NDP dataset and preprocessing procedures are applied to the generated NDP dataset for optimization. NDP dataset along with NDP features set are used to create a representative NDP features dataset which is the backbone of INDPMon for prediction and classifications decisions. Currently, NDP monitoring tool, called (NDPMon), is the commonly cited solution for monitoring NDP. However, NDPMon uses passive matching techniques and depends on training phase to identify network legitimate nodes, which affects the dynamism and scalability. The evaluation results showed that the proposed INDPMon has a significant detection accuracy over NDPMon, which makes it a promising solution for NDP monitoring. The detection efficiency is resulted of defining a set of NDP features that precisely characterizes the protocol behaviors. It is important to mention that INDPMon can only detect NDP anomalies. Hence, it must be combined with other solutions to build a complete security solution. Working towards securing the future Internet, the major contribution of this research is introducing a framework that is capable of continuously monitoring and analyzing the processes of NDP behaviors to provide decision support regarding the violation of NDP standards or organization policies.
Description
Keywords
Intelligent Neighbor Discovery Protocol Monitoring , for improving the security of IPv6 networks.
Citation
URI
http://hdl.handle.net/123456789/3458
Collections
Pusat Pengajian Sains Komputer - Tesis