Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment
Advances in Networks
Volume 8, Issue 2, December 2020, Pages: 22-33
Received: Oct. 29, 2020;
Accepted: Nov. 9, 2020;
Published: Nov. 19, 2020
Views 19 Downloads 9
Adeel Sadiq, School of Science and Technology, Nottingham Trent University, Nottingham, UK
Waleed Bul’ajoul, School of Science and Technology, Nottingham Trent University, Nottingham, UK
This paper presents a comprehensive investigation, backed up by detailed simulations, that the default settings of the software based open source Intrusion Detection and Prevention Systems (IDPs) are not enough to thwart the network attacks in a modern high-speed IPv6-only environment. It aims to solve this problem by improving the processing capabilities of an IDPS in more than one way, with each method being totally independent from the other. The proposed solution can be implemented by any user running an IDPS, without needing escalated privileges. Using and IPv6 packet generator, it is shown that with the increase in IPv6 traffic in a fixed amount of time, the IDPS fails to analyse all the packets and starts dropping them. This phenomenon compromises the core functionality of IDPS which is to stop the unwanted traffic. A hybrid solution has been proposed to increase the performance of the IDPS. Our research involves only the system running an IDPS, with little to no tweaking of the other elements within a network like routers, switches and firewalls. The paper also talks briefly about the current and the future generation of the IDPSs. The simulation with the hybrid solution concludes that the performance is improved to a staggering 200%, approximately, compared to the built-in settings of the IDPS.
Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment, Advances in Networks.
Vol. 8, No. 2,
2020, pp. 22-33.
RIPE NCC, 2019. The RIPE NCC has run out of IPv4 Addresses, RIPE NCC https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses [Accessed 1 Aug 2020].
Bly, Jennifer. 2014. Why Is the Transition to IPv6 Taking So Long? Team ARIN https://teamarin.net/2014/08/13/transition-ipv6-taking-long/ [Accessed 1 Aug 2020].
Cisco, 2016. Global – 2021 Forecast Highlights, VNI Complete Forecast Highlights, Cisco https://www.cisco.com/c/dam/m/en_us/solutions/service-provider/vni-forecast-highlights/pdf/Global_2021_Forecast_Highlights.pdf [Accessed 1 Aug 2020].
Internet Society, 2018. State of IPv6 Deployment 2018, Internet Society https://www.internetsociety.org/resources/2018/state-of-ipv6-deployment-2018/ [Accessed 1 Aug 2020].
Deering, S. and Hinden, R. 2017. Internet Protocol, Version 6 (IPv6) Specification, RFC8200, IETF https://tools.ietf.org/html/rfc8200 [Accessed 1 Aug 2020].
Mishti D. et al. 2016. International Journal of Applied Information Systems (Foundation of Computer Science), vol. 10, No. 5, pp 18-26.
Chellappan, K. 2015. Layered Defense Approach: Towards Total Network Security, International Journal of Computer Science and Business Informatics, Vol. 15, No. 1, pp. 13-22.
Gehrke, K. 2012. The Unexplored Impact of IPv6 On Intrusion Detection Systems, Master’s Thesis, Naval Postgraduate School.
Bul’ajoul, W. et al. 2013. Network Intrusion Detection Systems in High-Speed Traffic in Computer Networks, IEEE 10th International Conference on e-Business Engineering, pp. 168-175.
Kumar, S. and Kaur, R. 2013. IPv6 Network Security Using Snort, Journal of Engineering, Computers & Applied Sciences (JEC&AS), Volume 2, Issue 8, pp. 17-22.
Schütte, M. 2013. Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection System, Magdeburger Journal zur Sicherheitsforschung, 2, 409–452.
Bul’ajoul, W. et al. 2015. Improving network intrusion detection system performance through quality of service configuration and parallel technology, Journal of Computer and System Sciences, Volume 81, Issue 6, pp. 981-999.
Elejla, E. et al. 2018. Flow-Based IDS for ICMPv6-Based DDoS Attacks Detection, Arabian Journal for Science and Engineering, 43, pp. 7757–7775.
Bul’ajoul, W. et al. 2019. A New Architecture for Network Intrusion Detection and Prevention, IEEE Access, vol. 7, pp. 18558-18573.
SolarWinds, 2020. Network Traffic Generator and Stress Test, SolarWinds https://www.solarwinds.com/engineers-toolset/use-cases/traffic-generator-wan-killer [Accessed 1 Aug 2020].
Snort, 2020. Snort – Network Intrusion Detection and Prevention System, Snort https://www.snort.org/ [Accessed 1 Aug 2020].
Albin, E. and Rowe, N. 2012. A realistic experimental comparison of the Suricata and Snort intrusion-detection systems, IEEE 26th International Conference on Advanced Information Networking and Applications (WAINA), pp. 122–127.
Hornig, C. 1984. A Standard for the Transmission of IP Datagrams over Ethernet Networks, RFC894, IETF https://tools.ietf.org/html/rfc894 [Accessed 1 Aug 2020].
AskUbuntu, 2020. Process ‘niceness’ vs. ‘priority’, AskUbuntu https://askubuntu.com/questions/656771/process-niceness-vs-priority [Accessed 1 Aug 2020].
Mishra, C. 2019. A brief guide to priority and nice values in the linux ecosystem, Medium https://medium.com/@chetaniam/a-brief-guide-to-priority-and-nice-values-in-the-linux-ecosystem-fb39e49815e0#:~:text=In%20Linux%20system%20priorities%20are,default%20and%20%2B19%20is%20lowest. [Accessed 1 Aug 2020].
Snort Users Manual. 2020. Snort Users Manual 2.9.16, Snort, https://snort.org/documents/1 [Accessed 1 Aug 2020].
Suricata, 2016. Runmodes – Suricata 4.1.0-dev Documentation, Suricata https://suricata.readthedocs.io/en/suricata-4.1.3/performance/runmodes.html [Accessed 1 Aug 2020].
Snort 3 User Manual. 2020. Snort 3 User Manual, Snort https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/013/581/original/snort_manual.pdf [Accessed 1 Aug 2020].