Enhanced risk assessment equation for IPV6 deployment

Deploying IPv6 concomitant with the emerging technologies exposes the enterprise networks to the unforeseen threats as well as the existing threats.In mitigating the threats, calculating the risks value for each of the identified threats is vital. However, the existing equation for risk assessment is inappropriate to be applied in assessing the risks in IPv6 because of their limitation in asset determination.Therefore, this paper highlights the modification made in the existing risk assessment equation.The enhanced risk assessment equation is used to calculate the risk value for IPv6 deployment.The enhanced equation adapts three elements: confidentiality, integrity and availability in achieving security goals. The importance of having the enhanced equation is it enables the network administrator to calculate the potential risks for each of the potential IPv6 attack.Securing the enterprise networks is an iterative process that has no ended points. Hence, it is crucial to modify and adapt a proper equation when performing the risk assessment.In the future, more experiments will be conducted to test for feasibility of the equation

Implementation of hybrid artificial intelligence technique to detect covert channels in new generation network protocol IPv6

Intrusion detection systems offer monolithic way to detect attacks through monitoring, searching for abnormal characteristics and malicious behavior in network communications. Cyber-attack is performed through using covert channel which currently, is one of the most sophisticated challenges facing network security systems. Covert channel is used to ex/infiltrate classified information from legitimate targets, consequently, this manipulation violates network security policy and privacy. The New Generation Internet Protocol version 6 (IPv6) has certain security vulnerabilities and need to be addressed using further advanced techniques. Fuzzy rule is implemented to classify different network attacks as an advanced machine learning technique, meanwhile, Genetic algorithm is considered as an optimization technique to obtain the ideal fuzzy rule. This paper suggests a novel hybrid covert channel detection system implementing two Artificial Intelligence (AI) techniques; Fuzzy Logic and Genetic Algorithm (FLGA) to gain sufficient and optimal detection rule against covert channel. Our approach counters sophisticated network unknown attacks through an advanced analysis of deep packet inspection. Results of our suggested system offer high detection rate of 97.7% and a better performance in comparison to previous tested techniques

Security Aspects of IPv6-based Wireless Sensor Networks

Seamless integration of wireless sensor networks (WSN) with conventional IP-based networks is a very important basis for the Internet of Things (IoT) concept. To realize this goal, it is important to implement the IP protocol stack into a WSN. A global IP-based network is currently going through a transition from IPv4 to IPv6. Therefore, IPv6 should have priority in the implementation of the IP protocol into WSN. The paper analyses the existing security threats and possible countermeasures in IPv6-based WSNs. It also analyzes the implementation of a unique security framework for IPv6-based WSNs. The paper also analyzes a possible intrusion detection system for IPv6-based WSNs

Security Aspects of IPv6-based Wireless Sensor Networks

Seamless integration of wireless sensor networks (WSN) with conventional IP-based networks is a very important basis for the Internet of Things (IoT) concept. To realize this goal, it is important to implement the IP protocol stack into a WSN. A global IP-based network is currently going through a transition from IPv4 to IPv6. Therefore, IPv6 should have priority in the implementation of the IP protocol into WSN. The paper analyses the existing security threats and possible countermeasures in IPv6-based WSNs. It also analyzes the implementation of a unique security framework for IPv6-based WSNs. The paper also analyzes a possible intrusion detection system for IPv6-based WSNs

Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks

Given the proliferation of internet connected devices, IPv6 has been proposed to replace IPv4. Aside from providing a larger address space which can be assigned to internet enabled devices, it has been suggested that the IPv6 protocol offers increased security due to the fact that with the large number of addresses available, standard IP scanning attacks will no longer become feasible. However, given the interest in attacking organizations rather than individual devices, most initial points of entry onto an organization's network and their attendant devices are visible and reachable through web crawling techniques, and, therefore, attacks on the visible application layer may offer ways to compromise the overall network. In this evaluation, we provide a straightforward implementation of a web crawler in conjunction with a benign black box penetration testing system and analyze the ease at which SQL injection attacks can be carried out

IPv6-Only Network Design and Deployment at IITH

The aim of thesis is for deploying an IPv6 only daily base enterprise network in IITH and making it fully functional for the daily use and address some of the key current challenges. The motivation for deploying IPv6 only network in the campus is due to the depletion of IPv4 address space. The IPv4 address space is only 32 bits, therefore has 232 addresses whereas IPv6 addresses are represented by 128 bits thereby its address space consists of 2128 addresses which is quite enough to address all the particles in the world with an IP address. Because of this scarcity of IPv4 addresses, many public organizations implemented NAT (Network Address Translation) to map private IPv4 addresses to a single public IPv4 addresses. So like this way NAT helped in dealing with the problem of IPv4 address scarcity. But NAT has got many disadvantages such as NAT adds complexities and it has basic disconnectivity problem with IPv6 only enabled devices. Also NAT has many security issues such as it is not compatible with IPSec protocol. Morover NAT was meant to be just a temporary solution for IPv4 exhaustion. So came the IPv6 address which contains enough IPv6 addresses to address all the devices. But the problem is both IPv4 and IPv6 are not compatible and during initial phase of IPv6 deployment IPv4 and IPv6 coexist together.So there has to be some mechanism to translate IPv4 to IPv6 and vice versa

An adaptive approach to detecting behavioural covert channels in IPv6

One of the most important techniques in data hiding is (Metaferography) covert channel, which recently has shown potential impacts on network and data security. Encryption can only protect communication from being decoded, meanwhile, covert channel is the art of hiding information in an overt communication as a carrier of information. Covert channels are normally used for transferring information stealthily. They are used to leak information across the network and to ex/infiltrate classified information from legitimate targets. These hidden channels violate network security and privacy polices, it is easy to embed but unlikely and almost impossible to be detected. Despite of the obvious improvements in IPv6 components and functionality enhancements, there exist intrinsic security vulnerabilities. These vulnerabilities have ongoing implications on network security and traffic performance. Hence, they will create insecure environments in business and banking network, information security management and IT security. ICMPv6 is vital integral part in IPv6, as well as IPsec protocol, to mitigate and eliminate covert channels, the RFC standards and controls should be investigated intensively. Furthermore, incomplete implementation of IPv6 nowadays on all Operating Systems has not exposed the realm of this security protocol performance explicitly. In this thesis, we present a novel Hybrid Heuristic Intelligent Algorithm coupled with enhanced Polynomial Naïve Bayes machine Learning algorithm. The framework is implemented in a supervised learning model to detect and classify covert channels in IPv6. The proposed multi-threaded framework acts as an active security warden processing intelligent information gain and optimized decision trees technique to improve the security vulnerabilities in this new network generation protocol. This new approach develops intelligent heuristic techniques for in depth packet inspection to analyse and examine the header fields of IPv6 protocol. Some of these fields are designated by the designer for quality of service (QoS), future performance diagnostic analysis, unfortunately, they are misused by "bad guys and black hats" to perform various network security attacks against vulnerable targets. These attacks cause immediate and ongoing damage to classified data. In order to prevent and mitigate these types of breaches and threat risks, a multi-security prevention model was created. Furthermore, advanced machine learning technique was implemented to detect, classify and document all current and future unknown anomaly attacks. The suggested HeuBNet6 classiffier obtained highly significant results of 98% detection rate and showed better performance and accuracy with good True Positive Rate (TPR) and low False Positive Rate (FPR)