资源描述:
《IPv6 Anomaly Traffic Monitoring with IPFIX》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、11IPv6AnomalyTrafficMonitoringwithIPFIXYoungseokLee,SeonghoShin,SoonbyoungChoi,andHyeon-guSon{lee,shshin,wakusoon,hgson}@cnu.ac.krDept.ofComputerScienceandEngineering,ChungnamNationalUniversity,Daejon,KoreaimplementationofIPv6protocolstacksofhostsorroutershasAbstract—
2、ThoughtheIPv6networkisbelievedtobesafeagainstnotbeenfullyverifiedinthefield,whichimpliesunexpectedsecurity-violatingexploitsorattacksthatwereprevailedinIPv4,itissecurityvulnerabilities.ForsuccessfultransitionfromIPv4tostillexpectedthatbrand-newormutationalanomalytraff
3、icwillappearIPv6,variousmechanismslikedualstacks,translators,andasIPv6networksarebeingdeployed.Inthispaper,amongseveraltunnelingwillbeutilized.Therefore,fromtheaspectofanomalytrafficpatternsweconsiderthepossibleIPv6attacksthatareutilizingICMPv6,IPv6extensionheaders,an
4、dIPv6-over-IPv4security,IPv6deploymentwillcausecomplicatedchallengestotunneling.ForIPv6trafficmeasurementinfrastructure,weemployIPtheIPv4aswellasIPv6networks.FlowInformationeXport(IPFIX)thathasbeenstandardizedtoTherehavebeenafewstudiesonthepredictionofIPv6generatethef
5、low-leveltrafficmeasurementinformation.Thus,weanomalytraffic[1][2][3][4].AmodifiedformofInternetpresentnewIPFIXtemplatesthathavebeenextendedtocarryIPv6routingwormshasbeendescribedin[1].VariousthreatsinanomalytrafficrelatedwithICMPv6,IPv6extensionheaders,andIPv4andIPv6
6、arecomparedin[2].Generally,itisexpectedIPv6-over-IPv4tunneling.Then,basedontheextendedIPFIXflowtemplates,weproposeasimpleIPv6flowclassificationmethodthatthatInternetworms/viruses,orDDoSattacks,broadcastcouldbeusedfordetectingIPv6DoSattack,IPv6covertchannelamplifyingat
7、tackscalledsmurf,orotherapplication-layerexploitingdestinationoption,andIPv6-over-IPv4tunnelingflows.anomalytrafficthathavebeenobservedinIPv4networksFromtheexperimentswithourownIPFIXanalyzerandtheIPFIXmightoccurinIPv6networks.Specifically,DuplicateAddressflow-generati
8、ngprobe,wehaveshownthatIPFIXisusefulforDetection(DAD)isessentialwhenanIPv6hostisconnectedtomonitoringnormalIPv6trafficaswell
