• 文献检索
  • 文档翻译
  • 深度研究
  • 学术资讯
  • Suppr Zotero 插件Zotero 插件
  • 邀请有礼
  • 套餐&价格
  • 历史记录
应用&插件
Suppr Zotero 插件Zotero 插件浏览器插件Mac 客户端Windows 客户端微信小程序
定价
高级版会员购买积分包购买API积分包
服务
文献检索文档翻译深度研究API 文档MCP 服务
关于我们
关于 Suppr公司介绍联系我们用户协议隐私条款
关注我们

Suppr 超能文献

核心技术专利:CN118964589B侵权必究
粤ICP备2023148730 号-1Suppr @ 2026

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验

一种基于确定性决策自动机的IPv6扩展报头威胁自适应检测模型。

An adaptive detection model for IPv6 extension header threats based on deterministic decision automaton.

作者信息

Lin Bin, Zhang Liancheng, Zhang Hongtao, Guo Yi, Ge Shaowei, Fang Yakai, Ren Mingyue

机构信息

School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou, 450001, China.

National Digital Switching System Engineering and Technological Research Center, Zhengzhou, 450002, China.

出版信息

Sci Rep. 2024 Apr 25;14(1):9534. doi: 10.1038/s41598-024-59913-8.

DOI:10.1038/s41598-024-59913-8
PMID:38664483
原文链接:https://pmc.ncbi.nlm.nih.gov/articles/PMC11045768/
Abstract

The IPv6 extension header mechanism, a new feature of the IPv6 protocol, enhances flexibility and scalability but introduces numerous security threats like firewall evasion and covert channels. Existing threat detection methods face limitations in detection types, universality, and speed. Hence, an adaptive detection model for IPv6 extension header threats (ADM-DDA6) is proposed. Firstly, standard rule sets are designed for common IPv6 extension headers, successfully detecting 70 types of threats from THC-IPv6 and ExtHdr tools using only 20 rules. Secondly, by parsing IPv6 extension headers, matching rules, establishing transition relationships, and deciding packet threat status based on final states (Normal or Abnormal), complex threats like header disorder and header repetition can be detected. Finally, an adaptive rule matching method is introduced, which dynamically selects rule sets based on IPv6 extension header types, effectively reducing rule matching time. Experimental results show that under different threat magnitudes, ADM-DDA6 is 32% faster than Suricata v6.0.12 and 21.2% faster than Snort v3.1.61.0 in detection speed. Additionally, as the number of threats increases, on commodity hardware, ADM-DDA6 incurs only a 0.7% increase in CPU overhead with no significant memory consumption increase, maintains maximum throughput, and exhibits minor performance changes under low and moderate network load conditions.

摘要

IPv6扩展报头机制是IPv6协议的一项新特性,它增强了灵活性和可扩展性,但也带来了诸如防火墙规避和隐蔽通道等众多安全威胁。现有的威胁检测方法在检测类型、通用性和速度方面存在局限性。因此,提出了一种针对IPv6扩展报头威胁的自适应检测模型(ADM-DDA6)。首先,为常见的IPv6扩展报头设计标准规则集,仅使用20条规则就能成功检测出THC-IPv6和ExtHdr工具中的70种威胁类型。其次,通过解析IPv6扩展报头、匹配规则、建立转换关系并根据最终状态(正常或异常)确定数据包威胁状态,可以检测出头无序和头重复等复杂威胁。最后,引入了一种自适应规则匹配方法,该方法根据IPv6扩展报头类型动态选择规则集,有效减少了规则匹配时间。实验结果表明,在不同威胁程度下,ADM-DDA6的检测速度比Suricata v6.0.12快32%,比Snort v3.1.61.0快21.2%。此外,随着威胁数量的增加,在商用硬件上,ADM-DDA6的CPU开销仅增加0.7%,内存消耗无显著增加,保持了最大吞吐量,并且在低和中等网络负载条件下性能变化较小。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/b99cd2cc50c7/41598_2024_59913_Fig12_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/431aecb10a72/41598_2024_59913_Fig1_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/f4684ae10ce7/41598_2024_59913_Fig2_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/e65f8e41c7a1/41598_2024_59913_Fig3_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/e3a93215c033/41598_2024_59913_Fig4_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/529388e0ebfe/41598_2024_59913_Fig5_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/e8ed19158434/41598_2024_59913_Fig6_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/d46e4fcf754b/41598_2024_59913_Fig7_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/9ea3277af381/41598_2024_59913_Fig8_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/edb4d489b896/41598_2024_59913_Fig9_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/93af4ab49aff/41598_2024_59913_Fig10_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/be1f708297a7/41598_2024_59913_Fig11_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/b99cd2cc50c7/41598_2024_59913_Fig12_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/431aecb10a72/41598_2024_59913_Fig1_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/f4684ae10ce7/41598_2024_59913_Fig2_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/e65f8e41c7a1/41598_2024_59913_Fig3_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/e3a93215c033/41598_2024_59913_Fig4_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/529388e0ebfe/41598_2024_59913_Fig5_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/e8ed19158434/41598_2024_59913_Fig6_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/d46e4fcf754b/41598_2024_59913_Fig7_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/9ea3277af381/41598_2024_59913_Fig8_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/edb4d489b896/41598_2024_59913_Fig9_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/93af4ab49aff/41598_2024_59913_Fig10_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/be1f708297a7/41598_2024_59913_Fig11_HTML.jpg
https://cdn.ncbi.nlm.nih.gov/pmc/blobs/1dd5/11045768/b99cd2cc50c7/41598_2024_59913_Fig12_HTML.jpg

相似文献

1
An adaptive detection model for IPv6 extension header threats based on deterministic decision automaton.一种基于确定性决策自动机的IPv6扩展报头威胁自适应检测模型。
Sci Rep. 2024 Apr 25;14(1):9534. doi: 10.1038/s41598-024-59913-8.
2
DAD-match; Security technique to prevent denial of service attack on duplicate address detection process in IPv6 link-local network.DAD 匹配;防止 IPv6 链路本地网络中重复地址检测过程中拒绝服务攻击的安全技术。
PLoS One. 2019 Apr 2;14(4):e0214518. doi: 10.1371/journal.pone.0214518. eCollection 2019.
3
Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks.防止 OpenFlow 网络中 IPv6 分片滥用的机制。
PLoS One. 2020 May 11;15(5):e0232574. doi: 10.1371/journal.pone.0232574. eCollection 2020.
4
Assessing a Methodology for Evaluating the Latency of IPv6 with SCHC Compression in LoRaWAN Deployments.评估在 LoRaWAN 部署中使用 SCHC 压缩的 IPv6 延迟的方法。
Sensors (Basel). 2023 Feb 22;23(5):2407. doi: 10.3390/s23052407.
5
MES-FPMIPv6: MIH-Enabled and enhanced secure Fast Proxy Mobile IPv6 handover protocol for 5G networks.MES-FPMIPv6:用于5G网络的启用MIH并增强的安全快速代理移动IPv6切换协议。
PLoS One. 2022 May 26;17(5):e0262696. doi: 10.1371/journal.pone.0262696. eCollection 2022.
6
IPv6 addressing proxy: mapping native addressing from legacy technologies and devices to the Internet of Things (IPv6).IPv6 地址代理:将传统技术和设备的本地寻址映射到物联网(IPv6)。
Sensors (Basel). 2013 May 17;13(5):6687-712. doi: 10.3390/s130506687.
7
Evaluation of 6LoWPAN Generic Header Compression in the Context of a RPL Network.在RPL网络环境下对6LoWPAN通用头部压缩的评估。
Sensors (Basel). 2023 Dec 22;24(1):73. doi: 10.3390/s24010073.
8
Intelligent Approach to Network Device Migration Planning towards Software-Defined IPv6 Networks.面向软件定义 IPv6 网络的网络设备迁移规划智能方法。
Sensors (Basel). 2021 Dec 26;22(1):143. doi: 10.3390/s22010143.
9
Experimental Evaluation of 6BLEMesh: IPv6-Based BLE Mesh Networks.6BLEMesh的实验评估:基于IPv6的低功耗蓝牙网状网络
Sensors (Basel). 2020 Aug 17;20(16):4623. doi: 10.3390/s20164623.
10
DICOM image secure communications with Internet protocols IPv6 and IPv4.使用互联网协议IPv6和IPv4进行DICOM图像安全通信。
IEEE Trans Inf Technol Biomed. 2007 Jan;11(1):70-80. doi: 10.1109/titb.2006.879606.

引用本文的文献

1
An IPv6 address fast scanning method based on local domain name association.一种基于本地域名关联的IPv6地址快速扫描方法。
Sci Rep. 2025 Apr 4;15(1):11524. doi: 10.1038/s41598-025-95680-w.

本文引用的文献

1
A survey on performance evaluation of artificial intelligence algorithms for improving IoT security systems.关于用于改进物联网安全系统的人工智能算法性能评估的调查。
Sci Rep. 2023 Dec 1;13(1):21255. doi: 10.1038/s41598-023-46640-9.
2
Mechanism to prevent the abuse of IPv6 fragmentation in OpenFlow networks.防止 OpenFlow 网络中 IPv6 分片滥用的机制。
PLoS One. 2020 May 11;15(5):e0232574. doi: 10.1371/journal.pone.0232574. eCollection 2020.