Citation
Carjuman, Navaneethan and Md Yusof, Muhammad Ukasyah and Hlaing, Zar Chi and Salih, Sami (2025) Enhanced Mechanism for Neighbor Discovery Protocol Table Exhaustion Attacks in IPv6 Networks. In: TENCON 2025 - 2025 IEEE Region 10 Conference (TENCON), 27-30 October 2025, Kota Kinabalu, Malaysia.|
Text
25.pdf - Published Version Restricted to Repository staff only Download (843kB) |
Abstract
The adoption of Internet Protocol version 6 (IPv6) has increased due to the requirements for a larger address space and better suitability for modern networks, such as Internet of Things (IoT) networks, but it also introduces new security challenges. The Neighbor Discovery Protocol (NDP) that supports features like the router discovery and address resolution, is not secured due to its stateless and trust-based feature. The most notable one is the NDP Table Exhaustion attack that consists of overwhelming the network with forged Neighbor Solicitation (NS) and Neighbor Advertisement (NA) packets, inducing neighbor cache overload and denial-of-service (DoS). Current defenses, such as Secure Neighbor Discovery (SEND) or machine learning-based detection models, have significant computational overheads and cannot be adapted to resource-constrained networks, creating a gap in the overall security of IPv6. To address this problem, this research paper suggests a lightweight, flow-based detection framework that integrates an entropy-based analysis with rule-based thresholds to detect NS and NA flooding attacks. The system gathers traffic into flows, entropy checks on key fields such as source Internet Protocol (IP) and network prefix, and alerts on anomalies when the traffic moves out of the normal operation range. It had the average precision of 0.91, average recall of 0.88, and F1-score of 0.87, but with minimal overhead and highly deployable in both enterprise and IoT networks.
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Uncontrolled Keywords: | IPv6, NDP Table Exhaustion, NS Flooding, NA Flooding, Anomaly Detection, Entropy-Based Detection, Flow Based Analysis |
| Subjects: | T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5101-6720 Telecommunication. Including telegraphy, telephone, radio, radar, television |
| Divisions: | Faculty of Computing and Informatics (FCI) |
| Depositing User: | Ms Suzilawati Abu Samah |
| Date Deposited: | 20 Apr 2026 04:05 |
| Last Modified: | 20 Apr 2026 04:05 |
| URII: | http://shdl.mmu.edu.my/id/eprint/15781 |
Downloads
Downloads per month over past year
Edit (login required) |
