Portal de Periódicos da CAPES

DADCNF: Diagnoser design for Duplicate Address Detection threat using Conjunctive Normal Form

2022; Elsevier BV; Volume: 222; Linguagem: Inglês

10.1016/j.comnet.2022.109539

1872-7069

Abhay Deep Seth, Santosh Biswas, Amit Kumar Dhar,

Network Packet Processing and Optimization

Duplicate Address Detection is the protocol that confirms the uniqueness of an IPv6 host′s identification when it joins a new network. DAD scheme is susceptible to neighbor advertisement and neighbor solicitation spoofing attacks because ICMPv6 control messages lack in authentication. Existing strategies against the DAD attack have major drawbacks, e.g., high computation, non-scalability, requirement of protocol modification etc. This paper presents a strategy for detecting DAD attack using Conjunctive Normal Form-based Discrete Event System diagnoser. DES-based intrusion detection system have shown effective results in terms of features, like no change in protocol, low overhead etc. against network attacks. The primary drawback of the DES-based IDS is the diagnosis process, which necessitates synchronization of two or more state-based models, making it computationally expensive. To address this issue, CNF-based DES diagnoser scheme is proposed that has all the advantages of DES-based IDS and at the same time addresses the complexity issues. The CNF diagnoser also facilitates the diagnosability verification. The proposed CNF-based IDS for DAD attack is implemented in a testbed and experimental results illustrate the effectiveness in terms of minimal resource consumption, 100% accuracy, high detection rate, less processing time and low traffic overhead.