Evaluation of open-source intrusion detection systems for IPv6 vulnerabilities in realistic test network
MetadataShow full item record
The Internet Protocol (IP) defines the format by which packets are relayed throughout and across networks. A majority of the Internet today uses Internet Protocol version 4 (IPv4), but due to several key industries, a growing share of the Internet is adopting IPv4’s successor, Internet Protocol version 6 (IPv6) for its promise of unique addressability, automatic configuration features, built-in security, and more. Since the invention of the Internet, network security has proven a leading and worthwhile concern. The evolution of the information security field has produced an important solution for network security monitoring: the intrusion detection system (IDS). In this report, I explore the difference in detection effectiveness and resource usage of two network monitoring philosophies, signature-based and behavior-based detection. I test these philosophies, represented by leading edge passive monitors Snort and Bro, against several categories of state-of-the-art IPv6 attacks. I model an IPv6 host-to-host intrusion across the Internet in a virtual test network by including benign background traffic and mimicking adverse network conditions. My results suggest that neither IDS philosophy is superior in all categories and a hybrid of the two, leveraging each’s strengths, would best secure a network against leading IPv6 vulnerabilities.