Abstract
The IPv6 extension header mechanism, a new feature of the IPv6 protocol, enhances flexibility and scalability but introduces numerous security threats like firewall evasion and covert channels. Existing threat detection methods face limitations in detection types, universality, and speed. Hence, an adaptive detection model for IPv6 extension header threats (ADM-DDA6) is proposed. Firstly, standard rule sets are designed for common IPv6 extension headers, successfully detecting 70 types of threats from THC-IPv6 and ExtHdr tools using only 20 rules. Secondly, by parsing IPv6 extension headers, matching rules, establishing transition relationships, and deciding packet threat status based on final states (Normal or Abnormal), complex threats like header disorder and header repetition can be detected. Finally, an adaptive rule matching method is introduced, which dynamically selects rule sets based on IPv6 extension header types, effectively reducing rule matching time. Experimental results show that under different threat magnitudes, ADM-DDA6 is 32% faster than Suricata v6.0.12 and 21.2% faster than Snort v3.1.61.0 in detection speed. Additionally, as the number of threats increases, on commodity hardware, ADM-DDA6 incurs only a 0.7% increase in CPU overhead with no significant memory consumption increase, maintains maximum throughput, and exhibits minor performance changes under low and moderate network load conditions.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.