Rule-based mechanism to detect Denial of Service (DoS) attacks on Duplicate Address Detection process in IPv6 link local communication

Internet Protocol version 6 (IPv6) is currently being deployed progressively around the world and soon will become the de facto IP communication standard. Nevertheless, due to the nature of the protocol design of IPv6, it has brought about various security issues. One of the security issues relates to leveraging the vulnerability that exists in the way Duplicate Address Detection (DAD) process is carried out leading to Denial or Service (DoS) attacks. Such attacks can render the whole network non-functional. Several mechanisms have been introduced to detect this attack. Nevertheless, these mechanisms had some drawbacks. In this paper, we propose a new mechanism that uses rule-based approach that is able to address the shortcomings of existing mechanisms with improved accuracy and performance.