Detail publikačního výsledku

Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation

PHAN, V.; JEŘÁBEK, J.

Originální název

Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation

Anglický název

Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation

Druh

Stať ve sborníku v databázi WoS či Scopus

Originální abstrakt

Adopting a dual approach, this paper presents a framework that integrates two complementary components: CovertGen6, a novel tool for generating realistic IPv6 covert channel attack packets, and a framework of detection system based on multiple machine learning models. CovertGen6 outperforms existing tools by producing diverse, evasive attack scenarios that are captured by Wireshark and converted into CSV datasets for analysis. These authentic datasets are then used to train and evaluate machine learning models for detecting IPv6 covert channels, with the Random Forest classifier achieving a binary classification AuC of 0.985 and a multi-label classification F1-score of 90.3\%. Additionally, the explainable AI technique is incorporated to transparently interpret model decisions and pinpoint the specific header fields used for covert injections. This dual approach bridges the gap between theoretical research and practical network security, laying a robust foundation for intrusion detection systems in IPv6 networks.

Anglický abstrakt

Adopting a dual approach, this paper presents a framework that integrates two complementary components: CovertGen6, a novel tool for generating realistic IPv6 covert channel attack packets, and a framework of detection system based on multiple machine learning models. CovertGen6 outperforms existing tools by producing diverse, evasive attack scenarios that are captured by Wireshark and converted into CSV datasets for analysis. These authentic datasets are then used to train and evaluate machine learning models for detecting IPv6 covert channels, with the Random Forest classifier achieving a binary classification AuC of 0.985 and a multi-label classification F1-score of 90.3\%. Additionally, the explainable AI technique is incorporated to transparently interpret model decisions and pinpoint the specific header fields used for covert injections. This dual approach bridges the gap between theoretical research and practical network security, laying a robust foundation for intrusion detection systems in IPv6 networks.

Klíčová slova

IPv6; Covert Channel; Dataset; Machine Learning; Intrusion Detection; Explainable AI

Klíčová slova v angličtině

IPv6; Covert Channel; Dataset; Machine Learning; Intrusion Detection; Explainable AI

Autoři

PHAN, V.; JEŘÁBEK, J.

Vydáno

11.06.2025

Nakladatel

SciTePress

Místo

Bilbao, Spain

ISBN

978-989-758-760-3

Kniha

Proceedings of the International Conference on Security and Cryptography

Edice

1

Strany od

666

Strany do

675

Strany počet

10

URL

https://www.scitepress.org/Papers/2025/135561/135561.pdf

BibTex

@inproceedings{BUT198552,
  author="Viet Anh {Phan} and Jan {Jeřábek}",
  title="Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation",
  booktitle="Proceedings of the International Conference on Security and Cryptography",
  year="2025",
  series="1",
  pages="666--675",
  publisher="SciTePress",
  address="Bilbao, Spain",
  doi="10.5220/0013556100003979",
  isbn="978-989-758-760-3",
  url="https://www.scitepress.org/Papers/2025/135561/135561.pdf"
}