Research on the Security of IPv6 Communication Based on Petri Net under IoT-Reference-Cited by-同舟云学术

Research on the Security of IPv6 Communication Based on Petri Net under IoT

Published:2023-05-30 Issue:11 Volume:23 Page:5192
ISSN:1424-8220
Container-title:Sensors
language:en
Short-container-title:Sensors

Author:

Han Yu¹,Zhang Liumei¹^ORCID,Wang Yichuan²³^ORCID,Deng Xi¹,Gu Zhendong⁴,Zhang Xiaohui²^ORCID

Affiliation:

1. School of Computer Science, Xi’an Shiyou University, Xi’an 710065, China

2. School of Computer Science and Engineering, Xi’an University of Technology, Xi’an 710048, China

3. Shaanxi Key Laboratory for Network Computing and Security Technology, Xi’an 710048, China

4. Hanjiang-to-Weihe River Valley Water Diversion Project Construction Co., Ltd., Xi’an 710024, China

Abstract

The distribution of wireless network systems challenges the communication security of Internet of Things (IoT), and the IPv6 protocol is gradually becoming the main communication protocol under the IoT. The Neighbor Discovery Protocol (NDP), as the base protocol of IPv6, includes address resolution, DAD, route redirection and other functions. The NDP protocol faces many attacks, such as DDoS attacks, MITM attacks, etc. In this paper, we focus on the communication-addressing problem between nodes in the Internet of Things (IoT). We propose a Petri-Net-based NS flooding attack model for the flooding attack problem of address resolution protocols under the NDP protocol. Through a fine-grained analysis of the Petri Net model and attacking techniques, we propose another Petri-Net-based defense model under the SDN architecture, achieving security for communications. We further simulate the normal communication between nodes in the EVE-NG simulation environment. We implement a DDoS attack on the communication protocol by an attacker who obtains the attack data through the THC-IPv6 tool. In this paper, the SVM algorithm, random forest algorithm (RF) and Bayesian algorithm (NBC) are used to process the attack data. The NBC algorithm is proven to exhibit high accuracy in classifying and identifying data through experiments. Further, the abnormal data are discarded through the abnormal data processing rules issued by the controller in the SDN architecture, to ensure the security of communications between nodes.

Funder

National Natural Science Foundation of China

Key Research and Development Program of Shaanxi Province

Open Project Funds of Shaanxi Key Laboratory for Network Computing and Security Technology

Postgraduate Innovation and Practical Ability Training Program Grant of Xi’an Shiyou University, the Basic Research in Natural Science and Enterprise Joint Fund of Shaanxi

Natural Science Basic Research Program of Shaanxi Province

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Biochemistry,Instrumentation,Atomic and Molecular Physics, and Optics,Analytical Chemistry

Link

https://www.mdpi.com/1424-8220/23/11/5192/pdf

Reference36 articles.

1. Zarif, N.S., Najafi, H., Imani, M., and Moghadam, A.Q. (2019, January 18–19). A New Hybrid Method of IPv6 Addressing in the Internet of Things. Proceedings of the 2019 Smart Grid Conference (SGC), Tehran, Iran.

2. Shiranzaei, A., and Khan, R.Z. (2018). Advances in Intelligent Systems and Computing, Springer.

3. Maintaining the progress of IPv6 adoption;Nikkhah;Comput. Netw.,2016

4. Arjuman, N.C., Manickam, S., and Karuppayah, S. (2021, January 24–25). An Improved Secure Router Discovery Mechanism to Prevent Fake RA Attack in Link Local IPv6 Network. Proceedings of the Advances in Cyber Security: Third International Conference, ACeS 2021, Penang, Malaysia.

5. Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP);Bahashwan;IEEE Access,2021