FIGURE 1 - available via license: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Content may be subject to copyright.
Source publication
Increased usage of the Internet has risen the demand for more IP addresses across the globe resulting in replacement of IPv4 by IPv6 protocol. Hence, security of IPv6 has become a vital area of research. One of the serious threats to Internet security is the presence of Network Covert Channels (NCCs) that provide substantial aid for performing cove...
Contexts in source publication
Context 1
... of 32 bits long IPv4 addresses, IPv6 was engineered by Internet Engineering Task Force in 1998. According to Google statistics, the IPv6 adoption rate has reached a value of 39.88% as of 31 July 2022 [9]. RFC 8200 [19] provides a detailed description of this protocol. The structure of the header part of this next-generation protocol is given in Fig. ...
Context 2
... results of these experiments in terms of accuracy percentage, training time, and average prediction time per covert sample after trying different combinations of classifiers are shown in Fig. 8, Fig. 9, and Fig. 10 respectively. To differentiate the performances of different classifiers, accuracy was calculated in terms of percentage. It was found that the combinations of DNN -DNN, DNN -CNN, and DNN -OvR SVM outperformed the rest by achieving the highest accuracy percentage in detecting and locating storage-based covert channels in IPv6. However, ...
Context 3
... confusion matrix generated while experimenting with the proposed system on the testing dataset is shown in Fig. 11. The next experiment compared the proposed system with the various state-of-the-art ML and DL classifiers used for multiclass classification. ...
Context 4
... proposed system was further compared with various state-of-the-art ML and DL classifiers for multiclass classifications. These algorithms included CNN, LSTM, OvR SVM, OvR LR, Naïve Bayes, and XGBoost classifiers. Fig. 12, Fig. 13, Fig. 14, and, Fig. 15 depict the comparison of accuracy percentage, precision, recall, and F1-score values of various ML and DL algorithms in consideration in predicting all four classes. The results showed that the proposed system outperformed all its counterparts in terms of accuracy percentage, precision, recall, and F1-score in detecting and locating ...
Context 5
... addition, two new systems that perform detection and locating of the storage area of storage-based NCCs in IPv6 were developed using only DNN and only OvR SVM. Their performance was compared with that of the proposed system and the results have been presented in Fig.16. It was observed that the proposed system achieved maximum accuracy percentage in comparison to other systems in consideration. ...
Context 6
... we experimented with different sizes of the dataset to analyze the effect of dataset size on the accuracy percentage of the proposed system by taking a different number of packets each time. The results for the same are shown in Fig. 17. It was observed that the proposed system obtained the highest accuracy percentage with the dataset size of 300000 IPv6 packets thereby justifying the use of a dataset with 300000 IPv6 packets for training and testing of the proposed system. To summarize, the proposed system performed the detection and locating of the storage area of ...
Citations
... Where, in 1987, this concept was expanded to include computer networks [5]. Recent research indicated that the existence of network covert channels, which offer significant assistance for undertaking covered communications including transmitting secret data and/or stealing confidential information, is one of the major risks to internet security [6]. Covert channels in networks, are techniques that aim to hide information in normal network traffic to stay undiscovered [7], and have recently attracted more attention [8]. ...
... Readers who are interested can view some recent studies that use machine learning or deep learning techniques to thwart covert channel attacks in [29]- [34]. As an example, Dua et al. [6] proposed a two-layered system to locate and detect storage covert channels that use the IPv6 protocol. deep neural networks (DNN) and the one-vsrest technique with support vector machine (SVM) are used in their suggested system. ...
Covert channel techniques have enriched the way to commit dangerous and unwatched attacks. They exploit ways that are not intended to convey information; therefore, traditional security measures cannot detect them. One class of covert channels that difficult to detect, mitigate, or eliminate is packet length covert channels. This class of covert channels takes advantage of packet length variations to convey covert information. Numerous research articles reflect the useful use of machine learning (ML) classification approaches to discover covert channels. Therefore, this study presented an efficient ensemble classification model to detect such types of attacks. The ensemble model consists of five machine learning algorithms representing the base classifiers. The base classifiers include naive Bayes (NB), decision tree (DT), support vector machine (SVM), k-nearest neighbor (KNN), and random forest (RF). Whereas, the logistic regression (LR) classifier was employed to aggregate the outputs of the base classifiers and thus to generate the ensemble classifier output. The results showed a good performance of our proposed ensemble classifier. It beats all single classification algorithms, with a 99.3% accuracy rate and negligible classification errors.
... Most of the papers in the literature discuss only the storage-based covert communication detection in IPv6. Further, Dua et al. [18] presented a system that detects and finds the location of the hidden data in covert communications that utilize either field of an IPv6 header amongst Hop Limit, Flow Label, and Traffic Class. However, we could not find any work that detects and identifies the location of the hidden data present in a combination of header fields of an IPv6 packet. ...
... As per the best of our knowledge, state-of-the-art work presented to date mostly discusses only NCCs detection in IPv6 header fields. Recently, Dua et al. [18] proposed a system that detects and locates the storage area of IPv6-based NCCs in any one of the header fields namely TC, HL, and FL. However, we could not find any work that detects and identifies the location of the hidden data present in multiple header fields of an IPv6 header simultaneously. ...
... It is evident from Table 4 that the proposed SPYIPv6 obtains comparable accuracy in the least testing time among all the previous works considered for comparison in this paper. Moreover, the works done in [16] and [17] only detect covert IPv6 packets, and work done in [18] detects and locates covert data in individual fields only. Thus, the proposed SPYIPv6 outperforms all the considered previous works in terms of average testing time per covert sample as well as functionality with comparable or higher accuracy. ...
Advancement in the utilization of IPv6 protocol has led to an increase in research related to its security. In recent times, researchers proposed the possibility of the existence of covert channels over networks termed Network Covert Channels (NCCs) which may exploit IPv6. NCC is a serious threat that provides a hidden avenue for the transfer of information from one end to another. Hence, to detect and locate such threats that use IPv6 packets as cover, SPYIPv6 is proposed that detects the existence of hidden information in IPv6 packets and further identifies its location in one or a combination of IPv6 header field(s). The proposed SPYIPv6 comprises two layers. The first layer detects the covert IPv6 packets in the network traffic using a binary K-Nearest-Neighbour (b-KNN) classifier. These packets are further passed to the second layer that locates the header field(s) carrying covert data using a multiclass K-Nearest-Neighbour (m-KNN) classifier. The experimentation dataset was generated from normal and covert IPv6 packet samples. Normal packets were obtained from the Center for Applied Internet Data Analysis (CAIDA), whereas covert packets were obtained using an NCC generation tool (pcapStego) and Python scripts. Experimentation results show that SPYIPv6 attains an accuracy of 99.85% in detecting and identifying the location of hidden information in the IPv6 header. Further, when compared with other counterparts, SPYIPv6 provides higher accuracy in lesser testing time justifying its suitability for the detection and location of covert information present in one or a combination of the header field(s) of an IPv6 packet.
