Rule-based detection technique for ICMPv6 anomalous behaviour

The rapid growth of the Internet in the past few years has revealed the limitation of address space in the current Internet Protocol (IP), namely IPv4. Essentially, the increasing demand and consumption of IP addresses have led to the anticipated exhaustion of IPv4 addresses. In order to address this concern, the Internet Protocol version 6 (IPv6) has been developed to provide a sufficient address space. IPv6 is shipped with a new protocol, namely, the neighbour discovery protocol (NDP) which has vulnerabilities that can be used by attackers to launch attacks on IPv6 networks. Such vulnerabilities include the lack of exchange message authentication of NDP. Attacks targeting ICMPv6 protocol display ICMPv6 anomalies. As such, this paper proposes a rule-based technique for detecting ICMPv6 anomalous behaviours that negatively affect the network performance. The effectiveness of this technique is demonstrated by using substantial datasets obtained from the National Advance IPv6 Centre of Excellence (NAv6) laboratory. The experimental results have proved that the proposed technique is capable of detecting ICMPv6 anomalous behaviour s with a detection accuracy rate of 92%.