Method of IPv6 neighbor cache protection based on improved reversed detection

doi:10.11772/j.issn.1001-9081.2014.04.0950

Journal of Computer Applications ›› 2014, Vol. 34 ›› Issue (4): 950-954.DOI: 10.11772/j.issn.1001-9081.2014.04.0950

• Network and communications • Previous Articles Next Articles

Method of IPv6 neighbor cache protection based on improved reversed detection

KONG Yazhou,WANG Zhenxing,WANG Yu,ZHANG Liancheng

State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou Henan 450002, China

Received:2013-10-14 Revised:2013-12-19 Online:2014-04-01 Published:2014-04-29
Contact: KONG Yazhou

基于改进反向探测的IPv6邻居缓存保护方法

孔亚洲,王振兴,王禹,张连成

数学工程与先进计算国家重点实验室,郑州 450002

通讯作者: 孔亚洲
作者简介:孔亚洲(1989-),男,河南濮阳人,硕士研究生,CCF会员,主要研究方向:IPv6网络安全;
王振兴(1959-),男,河北晋州人,教授,博士,主要研究方向:IPv6网络安全;
王禹(1984-),男,河南郑州人,博士研究生,主要研究方向:网络安全;
张连成(1982-),男,河南商丘人,讲师,博士,主要研究方向:流量分析、网络安全。

Abstract

Abstract:

IPv6 Neighbor Cache (NC) was very vulnerable to be attacked, therefore, an improved method named Reversed Detection Plus (RD+) was proposed. Timestamp and sequence were firstly introduced to limit strict time of response and response matching respectively; RD+ queue was defined to store timestamp and sequence, and Random Early Detection Based on Timestamp (RED-T) algorithm was designed to prevent Denial of Service (DoS) attacks. The experimental results show that RD+ can effectively protect IPv6 NC to resist spoofing and DoS attacks, and compared with Heuristic and Explicit (HE) and Secure Neighbor Discovery (SEND), RD+ has a low consumption of resources.

摘要：

针对IPv6邻居缓存(NC)易被攻击的问题,提出一种改进的反向探测方法(RD+)。该方法首先引入时间戳和报文序列两个选项,分别用于限制报文响应时长以及响应报文匹配;之后,定义RD+队列存储时间戳和报文序号等信息,并设计基于时间戳的随机早期检测(RED-T)算法对RD+队列实施管理以防范拒绝服务(DoS)攻击。实验结果表明,RD+能够有效抵抗邻居缓存欺骗和DoS攻击,与启发式和显式相结合的方法(HE)以及安全邻居发现协议(SEND)相比,其资源消耗较少。

CLC Number:

TP393.08

KONG Yazhou WANG Zhenxing WANG Yu ZHANG Liancheng. Method of IPv6 neighbor cache protection based on improved reversed detection[J]. Journal of Computer Applications, 2014, 34(4): 950-954.

孔亚洲王振兴王禹张连成. 基于改进反向探测的IPv6邻居缓存保护方法[J]. 计算机应用, 2014, 34(4): 950-954.

References

［1］NARTEN T, NORDMARK E, SIMPSON W, et al.RFC 4861, Neighbor Discovery for IP version 6 (IPv6) ［S］.Geneva: IETF, 2007.
［2］HUANG M. The IPv6 technology research of the next-generation Internet ［D］. Nanjing: Nanjing University of Posts and Telecommunications, 2013. (黄明超.下一代互联网IPv6技术的研究［D］.南京:南京邮电大学,2013.)
［3］ZHAO Y. Research of security in IPv6 transition phase ［D］. Beijing: Beijing Jiaotong University, 2013. (赵延. IPv6过渡阶段中的安全研究［D］.北京:北京交通大学, 2013.)
［4］ARKKO J, ERICSSON ED, KEMPF J, et al.RFC 3971, Secure Neighbor Discovery (SEND) ［S］.Geneva: IETF, 2005.
［5］AURA T. RFC 3972, Cryptographically Generated Address (CGA) ［S］. Geneva: IETF, 2005.
［6］KITAMURA H, ATA S, MURATA M. IPv6 neighbor cache update ［EB/OL］. (2009-10-19) ［2013-05-12］. http://tools.ietf.org/id/draft-kitamura-ipv6-neighbor-cache-update-00.txt.
［7］JIANG S, CHEN X, SONG X. Neighbor cache protection in neighbor discovery protocol ［EB/OL］. (2010-03-02) ［2013-04-15］. http://tools.ietf.org/html/draft-jiang-v6ops-nc-protection-01.
［8］GASHINSKY I, JAEGGLI J, KUMARI W. RFC 6583, Operational neighbor discovery problems ［S］. Geneva: IETF, 2012.
［9］ZHANG L. The research of priority checking RED algorithm based on IPv6 network ［D］. Changchun: Jilin University, 2012. (张黎丽.基于IPv6网络的优先级检测RED算法的研究［D］.长春:吉林大学,2012.)
［10］LIU X. Active queue management algorithm research based on fuzzy model ［D］. Nanjing: Nanjing University of Science and Technology, 2013. (刘雪梅.基于模糊控制理论的主动队列管理算法研究［D］.南京:南京理工大学,2013.)
［11］LI R. Active queue management algorithm research based on robust control ［D］. Nanjing: Nanjing University of Science and Technology, 2013. (李睿.基于鲁棒控制的主动队列管理算法研究［D］.南京:南京理工大学,2013.)
［12］YIN X, Research on congestion control mechanism over heterogeneous networks ［D］. Hangzhou: Zhejiang University, 2013. (尹翔.异构网络环境下拥塞控制方法研究［D］.杭州:浙江大学,2013.)
［13］WANG J, LIN B. Active queue management algorithm based on particle swarm optimization ［J］. Journal of Computer Applications, 2013, 33(2): 390-396. (王军祥,林柏钢.基于粒子群优化的主动队列管理方法［J］.计算机应用,2013,33(2):390-396.)
［14］YANG X, HE W. Adaptive nonlinear RED algorithm based on routing queue resources ［J］. Journal of Computer Applications, 2013, 33(3): 621-624. (杨晓亚,何万生.基于路由队列资源自适应的非线性随机早起检测算法［J］.计算机应用,2013,33(3): 621-624.)

[1]	. Moving target defense decision-making algorithm based on multi-stage evolutionary signal game model [J]. Journal of Computer Applications, 0, (): 0-0.
[2]	ZHU Yuna, ZHANG Yutao, YAN Shaoge, FAN Yudan, CHEN Hantuo. Protocol identification approach based on semi-supervised subspace clustering [J]. Journal of Computer Applications, 2021, 41(10): 2900-2904.
[3]	XIAO Yuelei, DENG Xiaofan. Improvement and analysis of certificate-based wired local area network security association scheme [J]. Journal of Computer Applications, 2021, 41(7): 1970-1976.
[4]	DU Xinyu, WANG Huaqun. Dynamic group based effective identity authentication and key agreement scheme in LTE-A networks [J]. Journal of Computer Applications, 2021, 41(6): 1715-1722.
[5]	WANG Yao, SUN Guozi. Oversampling method for intrusion detection based on clustering and instance hardness [J]. Journal of Computer Applications, 2021, 41(6): 1709-1714.
[6]	GE Lina, HU Yugu, ZHANG Guifen, CHEN Yuanyuan. Reverse hybrid access control scheme based on object attribute matching in cloud computing environment [J]. Journal of Computer Applications, 2021, 41(6): 1604-1610.
[7]	. Adversarial attack algorithm for deep learning interpretability [J]. Journal of Computer Applications, 0, (): 0-0.
[8]	GUO Shuai, SU Yang. Encrypted traffic classification method based on data stream [J]. Journal of Computer Applications, 2021, 41(5): 1386-1391.
[9]	ZHANG Quanlong, WANG Huaibin. Intrusion detection model based on combination of dilated convolution and gated recurrent unit [J]. Journal of Computer Applications, 2021, 41(5): 1372-1377.
[10]	TANG Yanqiang, LI Chenghai, SONG Yafei. Network security situation prediction based on improved particle swarm optimization and extreme learning machine [J]. Journal of Computer Applications, 2021, 41(3): 768-773.
[11]	HANG Mengxin, CHEN Wei, ZHANG Renjie. Abnormal flow detection based on improved one-dimensional convolutional neural network [J]. Journal of Computer Applications, 2021, 41(2): 433-440.
[12]	OU Binli, ZHONG Xiaru, DAI Jianhua, YANG Tian. Intrusion detection method based on variable precision covering rough set [J]. Journal of Computer Applications, 2020, 40(12): 3465-3470.
[13]	YANG Jianxi, ZHANG Yuanli, JIANG Hua, ZHU Xiaochen. Detection method of physical-layer impersonation attack based on deep Q-network in edge computing [J]. Journal of Computer Applications, 2020, 40(11): 3229-3235.
[14]	CHEN Yi, ZHANG Meijing, XU Fajian. Slow HTTP DoS attack detection method based on one-dimensional convolutional neural network [J]. Journal of Computer Applications, 2020, 40(10): 2973-2979.
[15]	ZHAO Guoxin, DING Ruofan, YOU Jianzhou, LYU Shichao, PENG Feng, LI Fei, SUN Limin. Design and implementation of high-interaction programmable logic controller honeypot system based on industrial control business simulation [J]. Journal of Computer Applications, 2020, 40(9): 2650-2656.

Method of IPv6 neighbor cache protection based on improved reversed detection

基于改进反向探测的IPv6邻居缓存保护方法

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics