SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)
Advancement in the utilization of IPv6 protocol has led to an increase in research related to its security. In recent times, researchers proposed the possibility of the existence of covert channels over networks termed Network Covert Channels (NCCs) which may exploit IPv6. NCC is a serious threat th...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
IEEE
2023-01-01
|
Series: | IEEE Access |
Subjects: | |
Online Access: | https://ieeexplore.ieee.org/document/10258266/ |
_version_ | 1797668038623887360 |
---|---|
author | Punam Bedi Vinita Jindal Arti Dua |
author_facet | Punam Bedi Vinita Jindal Arti Dua |
author_sort | Punam Bedi |
collection | DOAJ |
description | Advancement in the utilization of IPv6 protocol has led to an increase in research related to its security. In recent times, researchers proposed the possibility of the existence of covert channels over networks termed Network Covert Channels (NCCs) which may exploit IPv6. NCC is a serious threat that provides a hidden avenue for the transfer of information from one end to another. Hence, to detect and locate such threats that use IPv6 packets as cover, SPYIPv6 is proposed that detects the existence of hidden information in IPv6 packets and further identifies its location in one or a combination of IPv6 header field(s). The proposed SPYIPv6 comprises two layers. The first layer detects the covert IPv6 packets in the network traffic using a binary K-Nearest-Neighbour (b-KNN) classifier. These packets are further passed to the second layer that locates the header field(s) carrying covert data using a multiclass K-Nearest-Neighbour (m-KNN) classifier. The experimentation dataset was generated from normal and covert IPv6 packet samples. Normal packets were obtained from the Center for Applied Internet Data Analysis (CAIDA), whereas covert packets were obtained using an NCC generation tool (pcapStego) and Python scripts. Experimentation results show that SPYIPv6 attains an accuracy of 99.85% in detecting and identifying the location of hidden information in the IPv6 header. Further, when compared with other counterparts, SPYIPv6 provides higher accuracy in lesser testing time justifying its suitability for the detection and location of covert information present in one or a combination of the header field(s) of an IPv6 packet. |
first_indexed | 2024-03-11T20:22:17Z |
format | Article |
id | doaj.art-5b712692730c498d9ecda81afb4ddab1 |
institution | Directory Open Access Journal |
issn | 2169-3536 |
language | English |
last_indexed | 2024-03-11T20:22:17Z |
publishDate | 2023-01-01 |
publisher | IEEE |
record_format | Article |
series | IEEE Access |
spelling | doaj.art-5b712692730c498d9ecda81afb4ddab12023-10-02T23:01:03ZengIEEEIEEE Access2169-35362023-01-011110348610350110.1109/ACCESS.2023.331817210258266SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)Punam Bedi0Vinita Jindal1https://orcid.org/0000-0002-0481-4840Arti Dua2https://orcid.org/0000-0002-7663-5999Department of Computer Science, University of Delhi, Delhi, IndiaKeshav Mahavidyalaya, University of Delhi, Delhi, IndiaBhaskaracharya College of Applied Sciences, University of Delhi, Delhi, IndiaAdvancement in the utilization of IPv6 protocol has led to an increase in research related to its security. In recent times, researchers proposed the possibility of the existence of covert channels over networks termed Network Covert Channels (NCCs) which may exploit IPv6. NCC is a serious threat that provides a hidden avenue for the transfer of information from one end to another. Hence, to detect and locate such threats that use IPv6 packets as cover, SPYIPv6 is proposed that detects the existence of hidden information in IPv6 packets and further identifies its location in one or a combination of IPv6 header field(s). The proposed SPYIPv6 comprises two layers. The first layer detects the covert IPv6 packets in the network traffic using a binary K-Nearest-Neighbour (b-KNN) classifier. These packets are further passed to the second layer that locates the header field(s) carrying covert data using a multiclass K-Nearest-Neighbour (m-KNN) classifier. The experimentation dataset was generated from normal and covert IPv6 packet samples. Normal packets were obtained from the Center for Applied Internet Data Analysis (CAIDA), whereas covert packets were obtained using an NCC generation tool (pcapStego) and Python scripts. Experimentation results show that SPYIPv6 attains an accuracy of 99.85% in detecting and identifying the location of hidden information in the IPv6 header. Further, when compared with other counterparts, SPYIPv6 provides higher accuracy in lesser testing time justifying its suitability for the detection and location of covert information present in one or a combination of the header field(s) of an IPv6 packet.https://ieeexplore.ieee.org/document/10258266/Cybersecuritydetection of covert channelsIPv6K-nearest-neighbour (KNN)label powersetnetwork security |
spellingShingle | Punam Bedi Vinita Jindal Arti Dua SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s) IEEE Access Cybersecurity detection of covert channels IPv6 K-nearest-neighbour (KNN) label powerset network security |
title | SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s) |
title_full | SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s) |
title_fullStr | SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s) |
title_full_unstemmed | SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s) |
title_short | SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s) |
title_sort | spyipv6 locating covert data in one or a combination of ipv6 header field s |
topic | Cybersecurity detection of covert channels IPv6 K-nearest-neighbour (KNN) label powerset network security |
url | https://ieeexplore.ieee.org/document/10258266/ |
work_keys_str_mv | AT punambedi spyipv6locatingcovertdatainoneoracombinationofipv6headerfields AT vinitajindal spyipv6locatingcovertdatainoneoracombinationofipv6headerfields AT artidua spyipv6locatingcovertdatainoneoracombinationofipv6headerfields |