SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)

Advancement in the utilization of IPv6 protocol has led to an increase in research related to its security. In recent times, researchers proposed the possibility of the existence of covert channels over networks termed Network Covert Channels (NCCs) which may exploit IPv6. NCC is a serious threat th...

Full description

Bibliographic Details
Main Authors: Punam Bedi, Vinita Jindal, Arti Dua
Format: Article
Language:English
Published: IEEE 2023-01-01
Series:IEEE Access
Subjects:
Online Access:https://ieeexplore.ieee.org/document/10258266/
_version_ 1797668038623887360
author Punam Bedi
Vinita Jindal
Arti Dua
author_facet Punam Bedi
Vinita Jindal
Arti Dua
author_sort Punam Bedi
collection DOAJ
description Advancement in the utilization of IPv6 protocol has led to an increase in research related to its security. In recent times, researchers proposed the possibility of the existence of covert channels over networks termed Network Covert Channels (NCCs) which may exploit IPv6. NCC is a serious threat that provides a hidden avenue for the transfer of information from one end to another. Hence, to detect and locate such threats that use IPv6 packets as cover, SPYIPv6 is proposed that detects the existence of hidden information in IPv6 packets and further identifies its location in one or a combination of IPv6 header field(s). The proposed SPYIPv6 comprises two layers. The first layer detects the covert IPv6 packets in the network traffic using a binary K-Nearest-Neighbour (b-KNN) classifier. These packets are further passed to the second layer that locates the header field(s) carrying covert data using a multiclass K-Nearest-Neighbour (m-KNN) classifier. The experimentation dataset was generated from normal and covert IPv6 packet samples. Normal packets were obtained from the Center for Applied Internet Data Analysis (CAIDA), whereas covert packets were obtained using an NCC generation tool (pcapStego) and Python scripts. Experimentation results show that SPYIPv6 attains an accuracy of 99.85% in detecting and identifying the location of hidden information in the IPv6 header. Further, when compared with other counterparts, SPYIPv6 provides higher accuracy in lesser testing time justifying its suitability for the detection and location of covert information present in one or a combination of the header field(s) of an IPv6 packet.
first_indexed 2024-03-11T20:22:17Z
format Article
id doaj.art-5b712692730c498d9ecda81afb4ddab1
institution Directory Open Access Journal
issn 2169-3536
language English
last_indexed 2024-03-11T20:22:17Z
publishDate 2023-01-01
publisher IEEE
record_format Article
series IEEE Access
spelling doaj.art-5b712692730c498d9ecda81afb4ddab12023-10-02T23:01:03ZengIEEEIEEE Access2169-35362023-01-011110348610350110.1109/ACCESS.2023.331817210258266SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)Punam Bedi0Vinita Jindal1https://orcid.org/0000-0002-0481-4840Arti Dua2https://orcid.org/0000-0002-7663-5999Department of Computer Science, University of Delhi, Delhi, IndiaKeshav Mahavidyalaya, University of Delhi, Delhi, IndiaBhaskaracharya College of Applied Sciences, University of Delhi, Delhi, IndiaAdvancement in the utilization of IPv6 protocol has led to an increase in research related to its security. In recent times, researchers proposed the possibility of the existence of covert channels over networks termed Network Covert Channels (NCCs) which may exploit IPv6. NCC is a serious threat that provides a hidden avenue for the transfer of information from one end to another. Hence, to detect and locate such threats that use IPv6 packets as cover, SPYIPv6 is proposed that detects the existence of hidden information in IPv6 packets and further identifies its location in one or a combination of IPv6 header field(s). The proposed SPYIPv6 comprises two layers. The first layer detects the covert IPv6 packets in the network traffic using a binary K-Nearest-Neighbour (b-KNN) classifier. These packets are further passed to the second layer that locates the header field(s) carrying covert data using a multiclass K-Nearest-Neighbour (m-KNN) classifier. The experimentation dataset was generated from normal and covert IPv6 packet samples. Normal packets were obtained from the Center for Applied Internet Data Analysis (CAIDA), whereas covert packets were obtained using an NCC generation tool (pcapStego) and Python scripts. Experimentation results show that SPYIPv6 attains an accuracy of 99.85% in detecting and identifying the location of hidden information in the IPv6 header. Further, when compared with other counterparts, SPYIPv6 provides higher accuracy in lesser testing time justifying its suitability for the detection and location of covert information present in one or a combination of the header field(s) of an IPv6 packet.https://ieeexplore.ieee.org/document/10258266/Cybersecuritydetection of covert channelsIPv6K-nearest-neighbour (KNN)label powersetnetwork security
spellingShingle Punam Bedi
Vinita Jindal
Arti Dua
SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)
IEEE Access
Cybersecurity
detection of covert channels
IPv6
K-nearest-neighbour (KNN)
label powerset
network security
title SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)
title_full SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)
title_fullStr SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)
title_full_unstemmed SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)
title_short SPYIPv6: Locating Covert Data in One or a Combination of IPv6 Header Field(s)
title_sort spyipv6 locating covert data in one or a combination of ipv6 header field s
topic Cybersecurity
detection of covert channels
IPv6
K-nearest-neighbour (KNN)
label powerset
network security
url https://ieeexplore.ieee.org/document/10258266/
work_keys_str_mv AT punambedi spyipv6locatingcovertdatainoneoracombinationofipv6headerfields
AT vinitajindal spyipv6locatingcovertdatainoneoracombinationofipv6headerfields
AT artidua spyipv6locatingcovertdatainoneoracombinationofipv6headerfields