(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 2, February 2011
Behavioral Analysis on IPv4 Malware in bothIPv4 and IPv6 Network Environment
Zulkiflee M., Faizal M.A., Mohd Fairuz I. O., Nur Azman A., Shahrin S.
Faculty of Information and Communication TechnologyUniversiti Teknikal Malaysia Melaka (UTeM), Malacca, Malaysiazulkiflee@utem.edu.my, email@example.com, firstname.lastname@example.org, email@example.com,firstname.lastname@example.org
- Malware is become an epidemic in computer net-work nowadays. Malware attacks are a significant threat tonetworks. A conducted survey shows malware attacks mayresult a huge financial impact. This scenario has becomeworse when users are migrating to a new environment whichis Internet Protocol Version 6. In this paper, a real Nimdaworm was released on to further understand the worm beha-vior in real network traffic. A controlled environment of bothIPv4 and IPv6 network were deployed as a testbed for thisstudy. The result between these two scenarios will be analyzedand discussed further in term of the worm behavior. The ex-periment result shows that even IPv4 malware still can infectthe IPv6 network environment without any modification. Newdetection techniques need to be proposed to remedy this prob-lem swiftly.
Keywords-IPv6, malware, IDS.
IPv6 is a new network protocols which is meant to over-come IPv4 problems. Many advantages offered by this newprotocol including 1) A large number of address flexibleaddressing scheme 2) Offers packet forwarding more effi-cient 3) Support for secure communication 4) Better sup-port for mobility and many more . Although IPv6 offersa lot of benefits, people are still reluctant to totally migratefrom IPv4 to IPv6 network. This is because even IPv6 havebeen deployed for many years, this protocol is still consi-dered in its infancy . Many researchers have spent ampleof time to enhance the IPv6 services to become at least atpar with IPv4 addresses. Since IPv4 addresses are facingdepletion, migrating to IPv6 is inevitable eventually [3-5].Some studies claimed that IPv6 cause many security issues[6-9]. Unfortunately, researchers pay little attention onIPv6 security issues. Thus, some culprits are reallyeager to fully utilities all the vulnerabilities occur duringthis transition period. Producing malware is one of the mostpopular techniques to be used. Studies show that new agemalwares can survive in new network environment [11,12]. Hence, researchers agree that further studies have to beconducted to remedy the malware infection issues [13-16].Malware is software which rapidly invented to manipu-late vulnerabilities of computer networks. Based on ,250 new malware variants were introduced everyday fromall over the world. These so called new age malwares werenot new genuine ones but rather innovated from the exist-ing malware. These malwares were modified and somemodules were added to it to avoid being detected from theanti-virus software which is using signature patterns todetect malwares.Malware is become an epidemic in computer network nowadays. Malware attacks are a significant threat tonetworks. A conducted survey shows malware attacks mayresult a huge financial impact. This scenario is becom-ing worse when users are migrating to a new environmentwhich is Internet Protocol Version 6.The objectives of this study are to determine whether anIPv6 network is totally safe from attacks which were in-tended for IPv4 network and to identify malware behaviorin different network environments.In the following chapters, we will explain about some re-lated works to this study and followed by the methodologyused in this experimental research. The experimental designwill be explained and some result and analysis will be dis-cussed. Finally, the conclusion for the overall study will bestated in the end of this paper.II.
Malware are represented by several forms namely vi-rus, Trojan, spyware, adware and worms [20, 21]. Each of them has different characteristics to attack their victims.Their method of propagation also varied including sharingmemory sticks, downloading files, peer-to-peer applica-tions, sharing file and many more.
Malware Propagation Methods
Many activities can help these malware propagate moreeasily. Unfortunately, most of end-users are not fully awareof it due to lack of knowledge about this issue. We haveclassified this propagation in two categories namely 1) hu-man intervention and 2) self-propagation.Most of malware are spreading involving human inter-vention. These activities including transferring virus via