Abstract

The transition from IPv4 to IPv6 introduces new security risks, particularly through tunneling mechanisms that encapsulate IPv6 traffic within IPv4 headers. Conventional Network Intrusion Detection Systems (NIDS) often fail to detect threats hidden in tunneled or multi-layered packets due to limited protocol awareness and high resource consumption. This paper proposes a lightweight, modular Java-based NIDS that employs a Field Portioning Approach (FPA) for efficient, rule-based anomaly detection in IPv6 tunneling environments. The system architecture integrates real-time packet capture, selective decapsulation, field extraction, and context-aware signature matching. Experimental evaluations conducted in a controlled testbed with enterprise and IoT-like devices, where tunneling attacks such as Denial6, NDPExhaust26, and THCSyn6 were launched alongside benign traffic, confirm that the proposed NIDS achieves detection rates exceeding 98% for most tunneling attack types. Its performance is equivalent to Snort enhanced with adaptive FPA, but with significantly lower CPU and memory usage. The Java-based system also maintains low detection latency, demonstrating suitability for resource-constrained environments such as IoT gateways. The main contribution of this work lies in introducing a selective and context-aware field portioning mechanism tailored for tunneled traffic, enabling lightweight yet accurate detection. The results confirm the effectiveness of the Field Portioning Approach in strengthening security for modern, heterogeneous network infrastructures during the IPv6 transition.

This work is licensed under a Creative Commons Attribution 4.0 License.