Research on the Security of IPv6 Communication Based on Petri Net under IoT
Author:
Han Yu1, Zhang Liumei1ORCID, Wang Yichuan23ORCID, Deng Xi1, Gu Zhendong4, Zhang Xiaohui2ORCID
Affiliation:
1. School of Computer Science, Xi’an Shiyou University, Xi’an 710065, China 2. School of Computer Science and Engineering, Xi’an University of Technology, Xi’an 710048, China 3. Shaanxi Key Laboratory for Network Computing and Security Technology, Xi’an 710048, China 4. Hanjiang-to-Weihe River Valley Water Diversion Project Construction Co., Ltd., Xi’an 710024, China
Abstract
The distribution of wireless network systems challenges the communication security of Internet of Things (IoT), and the IPv6 protocol is gradually becoming the main communication protocol under the IoT. The Neighbor Discovery Protocol (NDP), as the base protocol of IPv6, includes address resolution, DAD, route redirection and other functions. The NDP protocol faces many attacks, such as DDoS attacks, MITM attacks, etc. In this paper, we focus on the communication-addressing problem between nodes in the Internet of Things (IoT). We propose a Petri-Net-based NS flooding attack model for the flooding attack problem of address resolution protocols under the NDP protocol. Through a fine-grained analysis of the Petri Net model and attacking techniques, we propose another Petri-Net-based defense model under the SDN architecture, achieving security for communications. We further simulate the normal communication between nodes in the EVE-NG simulation environment. We implement a DDoS attack on the communication protocol by an attacker who obtains the attack data through the THC-IPv6 tool. In this paper, the SVM algorithm, random forest algorithm (RF) and Bayesian algorithm (NBC) are used to process the attack data. The NBC algorithm is proven to exhibit high accuracy in classifying and identifying data through experiments. Further, the abnormal data are discarded through the abnormal data processing rules issued by the controller in the SDN architecture, to ensure the security of communications between nodes.
Funder
National Natural Science Foundation of China Key Research and Development Program of Shaanxi Province Open Project Funds of Shaanxi Key Laboratory for Network Computing and Security Technology Postgraduate Innovation and Practical Ability Training Program Grant of Xi’an Shiyou University, the Basic Research in Natural Science and Enterprise Joint Fund of Shaanxi Natural Science Basic Research Program of Shaanxi Province
Subject
Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry
Reference36 articles.
1. Zarif, N.S., Najafi, H., Imani, M., and Moghadam, A.Q. (2019, January 18–19). A New Hybrid Method of IPv6 Addressing in the Internet of Things. Proceedings of the 2019 Smart Grid Conference (SGC), Tehran, Iran. 2. Shiranzaei, A., and Khan, R.Z. (2018). Advances in Intelligent Systems and Computing, Springer. 3. Maintaining the progress of IPv6 adoption;Nikkhah;Comput. Netw.,2016 4. Arjuman, N.C., Manickam, S., and Karuppayah, S. (2021, January 24–25). An Improved Secure Router Discovery Mechanism to Prevent Fake RA Attack in Link Local IPv6 Network. Proceedings of the Advances in Cyber Security: Third International Conference, ACeS 2021, Penang, Malaysia. 5. Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP);Bahashwan;IEEE Access,2021
|
|