Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment
Advances in Networks
Volume 8, Issue 2, December 2020, Pages: 22-33
Received: Oct. 29, 2020; Accepted: Nov. 9, 2020; Published: Nov. 19, 2020
Views 18      Downloads 9
Adeel Sadiq, School of Science and Technology, Nottingham Trent University, Nottingham, UK
Waleed Bul’ajoul, School of Science and Technology, Nottingham Trent University, Nottingham, UK
Article Tools
Follow on us
This paper presents a comprehensive investigation, backed up by detailed simulations, that the default settings of the software based open source Intrusion Detection and Prevention Systems (IDPs) are not enough to thwart the network attacks in a modern high-speed IPv6-only environment. It aims to solve this problem by improving the processing capabilities of an IDPS in more than one way, with each method being totally independent from the other. The proposed solution can be implemented by any user running an IDPS, without needing escalated privileges. Using and IPv6 packet generator, it is shown that with the increase in IPv6 traffic in a fixed amount of time, the IDPS fails to analyse all the packets and starts dropping them. This phenomenon compromises the core functionality of IDPS which is to stop the unwanted traffic. A hybrid solution has been proposed to increase the performance of the IDPS. Our research involves only the system running an IDPS, with little to no tweaking of the other elements within a network like routers, switches and firewalls. The paper also talks briefly about the current and the future generation of the IDPSs. The simulation with the hybrid solution concludes that the performance is improved to a staggering 200%, approximately, compared to the built-in settings of the IDPS.
Internet Protocol Version 6, Intrusion Detection and Prevention System, Maximum Transmission Unit, Fragmentation and Jumbo Packets, Kernel and Application Buffer, Packet Priority and Niceness
To cite this article
Adeel Sadiq, Waleed Bul’ajoul, Improving Intrusion Detection and Prevention System (IDPS) Performance in an IPv6 Environment, Advances in Networks. Vol. 8, No. 2, 2020, pp. 22-33. doi: 10.11648/
Copyright © 2020 Authors retain the copyright of this article.
This article is an open access article distributed under the Creative Commons Attribution License ( which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
RIPE NCC, 2019. The RIPE NCC has run out of IPv4 Addresses, RIPE NCC [Accessed 1 Aug 2020].
Bly, Jennifer. 2014. Why Is the Transition to IPv6 Taking So Long? Team ARIN [Accessed 1 Aug 2020].
Cisco, 2016. Global – 2021 Forecast Highlights, VNI Complete Forecast Highlights, Cisco [Accessed 1 Aug 2020].
Internet Society, 2018. State of IPv6 Deployment 2018, Internet Society [Accessed 1 Aug 2020].
Deering, S. and Hinden, R. 2017. Internet Protocol, Version 6 (IPv6) Specification, RFC8200, IETF [Accessed 1 Aug 2020].
Mishti D. et al. 2016. International Journal of Applied Information Systems (Foundation of Computer Science), vol. 10, No. 5, pp 18-26.
Chellappan, K. 2015. Layered Defense Approach: Towards Total Network Security, International Journal of Computer Science and Business Informatics, Vol. 15, No. 1, pp. 13-22.
Gehrke, K. 2012. The Unexplored Impact of IPv6 On Intrusion Detection Systems, Master’s Thesis, Naval Postgraduate School.
Bul’ajoul, W. et al. 2013. Network Intrusion Detection Systems in High-Speed Traffic in Computer Networks, IEEE 10th International Conference on e-Business Engineering, pp. 168-175.
Kumar, S. and Kaur, R. 2013. IPv6 Network Security Using Snort, Journal of Engineering, Computers & Applied Sciences (JEC&AS), Volume 2, Issue 8, pp. 17-22.
Schütte, M. 2013. Design and Implementation of an IPv6 Plugin for the Snort Intrusion Detection System, Magdeburger Journal zur Sicherheitsforschung, 2, 409–452.
Bul’ajoul, W. et al. 2015. Improving network intrusion detection system performance through quality of service configuration and parallel technology, Journal of Computer and System Sciences, Volume 81, Issue 6, pp. 981-999.
Elejla, E. et al. 2018. Flow-Based IDS for ICMPv6-Based DDoS Attacks Detection, Arabian Journal for Science and Engineering, 43, pp. 7757–7775.
Bul’ajoul, W. et al. 2019. A New Architecture for Network Intrusion Detection and Prevention, IEEE Access, vol. 7, pp. 18558-18573.
SolarWinds, 2020. Network Traffic Generator and Stress Test, SolarWinds [Accessed 1 Aug 2020].
Snort, 2020. Snort – Network Intrusion Detection and Prevention System, Snort [Accessed 1 Aug 2020].
Albin, E. and Rowe, N. 2012. A realistic experimental comparison of the Suricata and Snort intrusion-detection systems, IEEE 26th International Conference on Advanced Information Networking and Applications (WAINA), pp. 122–127.
Hornig, C. 1984. A Standard for the Transmission of IP Datagrams over Ethernet Networks, RFC894, IETF [Accessed 1 Aug 2020].
AskUbuntu, 2020. Process ‘niceness’ vs. ‘priority’, AskUbuntu [Accessed 1 Aug 2020].
Mishra, C. 2019. A brief guide to priority and nice values in the linux ecosystem, Medium,default%20and%20%2B19%20is%20lowest. [Accessed 1 Aug 2020].
Snort Users Manual. 2020. Snort Users Manual 2.9.16, Snort, [Accessed 1 Aug 2020].
Suricata, 2016. Runmodes – Suricata 4.1.0-dev Documentation, Suricata [Accessed 1 Aug 2020].
Snort 3 User Manual. 2020. Snort 3 User Manual, Snort [Accessed 1 Aug 2020].
Science Publishing Group
1 Rockefeller Plaza,
10th and 11th Floors,
New York, NY 10020
Tel: (001)347-983-5186