A New Approach Of Network Intrusion Detection In 6TO4 Tunneling

• Main Author: Hirzan, Alauddin Maulana
• Format: Thesis
• Language: English; English
• Published: 2017
• Subjects: T Technology (General); TK Electrical engineering. Electronics Nuclear engineering
• Online Access: http://eprints.utem.edu.my/id/eprint/20748/; https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=106084

Recent growth of internet users which almost reach the limit of IPv4 address space, make engineers must implement IPv6 to the system. However, the implementation of IPv6 is not easy due to many reasons like compatibility of hardware. Hence, transition mechanisms were proposed to help migration process from IPv4 to IPv6 network. However, there are security considerations of this mechanism due to the double encapsulation of packets. Basically, this mechanism encapsulates IPv6 packets with IPv4 datagram to allow transmission. Attacker from IPv6 network can use this tunneling mechanism to send intrusion without being detected by Network Intrusion Detection System. Normally NIDS only capable to decapsulate packet once, and NIDS like Snort cannot detect payload with protocol 41. Thus, a new approach is needed to handle decapsulation of second layer of packet, and extraction for the needed information for detection. This design adds a secondary decapsulation process of NIDS when NIDS detects a 6to4 packets. The design will decapsulate the second layer, and extract the information from the payload and continue to the detection process. The detection process itself is signature-based, where intrusions’ unique and repetitive information are defined inside the ruleset. The design implemented to Java-based NIDS for testing purpose, and run under attack simulations. According to the test, all attacks are detected as True Positive detection with several reply packets detected as False Negative detection.