| Peer-Reviewed

Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment

Received: 29 October 2020     Accepted: 9 November 2020     Published: 19 November 2020
Views:       Downloads:
Abstract

This paper presents a comprehensive investigation, backed up by detailed simulations, that the default settings of the software based open source Intrusion Detection and Prevention Systems (IDPs) are not enough to thwart the network attacks in a modern high-speed IPv6-only environment. It aims to solve this problem by improving the processing capabilities of an IDPS in more than one way, with each method being totally independent from the other. The proposed solution can be implemented by any user running an IDPS, without needing escalated privileges. Using and IPv6 packet generator, it is shown that with the increase in IPv6 traffic in a fixed amount of time, the IDPS fails to analyse all the packets and starts dropping them. This phenomenon compromises the core functionality of IDPS which is to stop the unwanted traffic. A hybrid solution has been proposed to increase the performance of the IDPS. Our research involves only the system running an IDPS, with little to no tweaking of the other elements within a network like routers, switches and firewalls. The paper also talks briefly about the current and the future generation of the IDPSs. The simulation with the hybrid solution concludes that the performance is improved to a staggering 200%, approximately, compared to the built-in settings of the IDPS.

Published in Advances in Networks (Volume 8, Issue 2)
DOI 10.11648/j.net.20200802.12
Page(s) 22-33
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2020. Published by Science Publishing Group

Keywords

Internet Protocol Version 6, Intrusion Detection and Prevention System, Maximum Transmission Unit, Fragmentation and Jumbo Packets, Kernel and Application Buffer, Packet Priority and Niceness

References
[1] RIPE NCC, 2019. The RIPE NCC has run out of IPv4 Addresses, RIPE NCC https://www.ripe.net/publications/news/about-ripe-ncc-and-ripe/the-ripe-ncc-has-run-out-of-ipv4-addresses [Accessed 1 Aug 2020].
[2] Bly, Jennifer. 2014. Why Is the Transition to IPv6 Taking So Long? Team ARIN https://teamarin.net/2014/08/13/transition-ipv6-taking-long/ [Accessed 1 Aug 2020].
[3] Cisco, 2016. Global – 2021 Forecast Highlights, VNI Complete Forecast Highlights, Cisco https://www.cisco.com/c/dam/m/en_us/solutions/service-provider/vni-forecast-highlights/pdf/Global_2021_Forecast_Highlights.pdf [Accessed 1 Aug 2020].
[4] Internet Society, 2018. State of IPv6 Deployment 2018, Internet Society https://www.internetsociety.org/resources/2018/state-of-ipv6-deployment-2018/ [Accessed 1 Aug 2020].
[5] Deering, S. and Hinden, R. 2017. Internet Protocol, Version 6 (IPv6) Specification, RFC8200, IETF https://tools.ietf.org/html/rfc8200 [Accessed 1 Aug 2020].
[6] Mishti D. et al. 2016. International Journal of Applied Information Systems (Foundation of Computer Science), vol. 10, No. 5, pp 18-26.
[7] Chellappan, K. 2015. Layered Defense Approach: Towards Total Network Security, International Journal of Computer Science and Business Informatics, Vol. 15, No. 1, pp. 13-22.
[8] Gehrke, K. 2012. The Unexplored Impact of IPv6 On Intrusion Detection Systems, Master’s Thesis, Naval Postgraduate School.
[9] Bul’ajoul, W. et al. 2013. Network Intrusion Detection Systems in High-Speed Traffic in Computer Networks, IEEE 10th International Conference on e-Business Engineering, pp. 168-175.
[10] Kumar, S. and Kaur, R. 2013. IPv6 Network Security Using Snort, Journal of Engineering, Computers & Applied Sciences (JEC&AS), Volume 2, Issue 8, pp. 17-22.
[11] Schütte, M. 2013. Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection System, Magdeburger Journal zur Sicherheitsforschung, 2, 409–452.
[12] Bul’ajoul, W. et al. 2015. Improving network intrusion detection system performance through quality of service configuration and parallel technology, Journal of Computer and System Sciences, Volume 81, Issue 6, pp. 981-999.
[13] Elejla, E. et al. 2018. Flow-Based IDS for ICMPv6-Based DDoS Attacks Detection, Arabian Journal for Science and Engineering, 43, pp. 7757–7775.
[14] Bul’ajoul, W. et al. 2019. A New Architecture for Network Intrusion Detection and Prevention, IEEE Access, vol. 7, pp. 18558-18573.
[15] SolarWinds, 2020. Network Traffic Generator and Stress Test, SolarWinds https://www.solarwinds.com/engineers-toolset/use-cases/traffic-generator-wan-killer [Accessed 1 Aug 2020].
[16] Snort, 2020. Snort – Network Intrusion Detection and Prevention System, Snort https://www.snort.org/ [Accessed 1 Aug 2020].
[17] Albin, E. and Rowe, N. 2012. A realistic experimental comparison of the Suricata and Snort intrusion-detection systems, IEEE 26th International Conference on Advanced Information Networking and Applications (WAINA), pp. 122–127.
[18] Hornig, C. 1984. A Standard for the Transmission of IP Datagrams over Ethernet Networks, RFC894, IETF https://tools.ietf.org/html/rfc894 [Accessed 1 Aug 2020].
[19] AskUbuntu, 2020. Process ‘niceness’ vs. ‘priority’, AskUbuntu https://askubuntu.com/questions/656771/process-niceness-vs-priority [Accessed 1 Aug 2020].
[20] Mishra, C. 2019. A brief guide to priority and nice values in the linux ecosystem, Medium https://medium.com/@chetaniam/a-brief-guide-to-priority-and-nice-values-in-the-linux-ecosystem-fb39e49815e0#:~:text=In%20Linux%20system%20priorities%20are,default%20and%20%2B19%20is%20lowest. [Accessed 1 Aug 2020].
[21] Snort Users Manual. 2020. Snort Users Manual 2.9.16, Snort, https://snort.org/documents/1 [Accessed 1 Aug 2020].
[22] Suricata, 2016. Runmodes – Suricata 4.1.0-dev Documentation, Suricata https://suricata.readthedocs.io/en/suricata-4.1.3/performance/runmodes.html [Accessed 1 Aug 2020].
[23] Snort 3 User Manual. 2020. Snort 3 User Manual, Snort https://snort-org-site.s3.amazonaws.com/production/release_files/files/000/013/581/original/snort_manual.pdf [Accessed 1 Aug 2020].
Cite This Article
  • APA Style

    Adeel Sadiq, Waleed Bul’ajoul. (2020). Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment. Advances in Networks, 8(2), 22-33. https://doi.org/10.11648/j.net.20200802.12

    Copy | Download

    ACS Style

    Adeel Sadiq; Waleed Bul’ajoul. Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment. Adv. Netw. 2020, 8(2), 22-33. doi: 10.11648/j.net.20200802.12

    Copy | Download

    AMA Style

    Adeel Sadiq, Waleed Bul’ajoul. Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment. Adv Netw. 2020;8(2):22-33. doi: 10.11648/j.net.20200802.12

    Copy | Download

  • @article{10.11648/j.net.20200802.12,
      author = {Adeel Sadiq and Waleed Bul’ajoul},
      title = {Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment},
      journal = {Advances in Networks},
      volume = {8},
      number = {2},
      pages = {22-33},
      doi = {10.11648/j.net.20200802.12},
      url = {https://doi.org/10.11648/j.net.20200802.12},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.net.20200802.12},
      abstract = {This paper presents a comprehensive investigation, backed up by detailed simulations, that the default settings of the software based open source Intrusion Detection and Prevention Systems (IDPs) are not enough to thwart the network attacks in a modern high-speed IPv6-only environment. It aims to solve this problem by improving the processing capabilities of an IDPS in more than one way, with each method being totally independent from the other. The proposed solution can be implemented by any user running an IDPS, without needing escalated privileges. Using and IPv6 packet generator, it is shown that with the increase in IPv6 traffic in a fixed amount of time, the IDPS fails to analyse all the packets and starts dropping them. This phenomenon compromises the core functionality of IDPS which is to stop the unwanted traffic. A hybrid solution has been proposed to increase the performance of the IDPS. Our research involves only the system running an IDPS, with little to no tweaking of the other elements within a network like routers, switches and firewalls. The paper also talks briefly about the current and the future generation of the IDPSs. The simulation with the hybrid solution concludes that the performance is improved to a staggering 200%, approximately, compared to the built-in settings of the IDPS.},
     year = {2020}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment
    AU  - Adeel Sadiq
    AU  - Waleed Bul’ajoul
    Y1  - 2020/11/19
    PY  - 2020
    N1  - https://doi.org/10.11648/j.net.20200802.12
    DO  - 10.11648/j.net.20200802.12
    T2  - Advances in Networks
    JF  - Advances in Networks
    JO  - Advances in Networks
    SP  - 22
    EP  - 33
    PB  - Science Publishing Group
    SN  - 2326-9782
    UR  - https://doi.org/10.11648/j.net.20200802.12
    AB  - This paper presents a comprehensive investigation, backed up by detailed simulations, that the default settings of the software based open source Intrusion Detection and Prevention Systems (IDPs) are not enough to thwart the network attacks in a modern high-speed IPv6-only environment. It aims to solve this problem by improving the processing capabilities of an IDPS in more than one way, with each method being totally independent from the other. The proposed solution can be implemented by any user running an IDPS, without needing escalated privileges. Using and IPv6 packet generator, it is shown that with the increase in IPv6 traffic in a fixed amount of time, the IDPS fails to analyse all the packets and starts dropping them. This phenomenon compromises the core functionality of IDPS which is to stop the unwanted traffic. A hybrid solution has been proposed to increase the performance of the IDPS. Our research involves only the system running an IDPS, with little to no tweaking of the other elements within a network like routers, switches and firewalls. The paper also talks briefly about the current and the future generation of the IDPSs. The simulation with the hybrid solution concludes that the performance is improved to a staggering 200%, approximately, compared to the built-in settings of the IDPS.
    VL  - 8
    IS  - 2
    ER  - 

    Copy | Download

Author Information
  • School of Science and Technology, Nottingham Trent University, Nottingham, UK

  • School of Science and Technology, Nottingham Trent University, Nottingham, UK

  • Sections