AI/ML Based Detection and Categorization of Covert Communication in IPv6 Network

TL;DR

This paper develops and evaluates machine learning models, including neural networks and decision trees, to detect covert communication in IPv6 networks, achieving over 90% accuracy and exploring generative AI for model improvement.

Contribution

It introduces a comprehensive approach combining realistic covert communication injection, diverse ML models, dataset augmentation, and generative AI techniques for IPv6 covert communication detection.

Findings

Detection accuracy over 90% with various ML models

Analysis of IPv6 packet structure and covert injection methods

Use of generative AI for model refinement

Abstract

The flexibility and complexity of IPv6 extension headers allow attackers to create covert channels or bypass security mechanisms, leading to potential data breaches or system compromises. The mature development of machine learning has become the primary detection technology option used to mitigate covert communication threats. However, the complexity of detecting covert communication, evolving injection techniques, and scarcity of data make building machine-learning models challenging. In previous related research, machine learning has shown good performance in detecting covert communications, but oversimplified attack scenario assumptions cannot represent the complexity of modern covert technologies and make it easier for machine learning models to detect covert communications. To bridge this gap, in this study, we analyzed the packet structure and network traffic behavior of IPv6, used encryption algorithms, and performed covert communication injection without changing network packet behavior to get closer to real attack scenarios. In addition to analyzing and injecting methods for covert communications, this study also uses comprehensive machine learning techniques to train the model proposed in this study to detect threats, including traditional decision trees such as random forests and gradient boosting, as well as complex neural network architectures such as CNNs and LSTMs, to achieve detection accuracy of over 90\%. This study details the methods used for dataset augmentation and the comparative performance of the applied models, reinforcing insights into the adaptability and resilience of the machine learning application in IPv6 covert communication. We further introduce a Generative AI-driven script refinement framework, leveraging prompt engineering as a preliminary exploration of how generative agents can assist in covert communication detection and model enhancement.