International Journal of Computer Applications (0975 – 8887) Volume 161 – No 7, March 2017 22 Development of an Improved Intrusion Detection based Secured Robust Header Compression Technique Malachi C. Egbugha I. J. Umoh A. M. S. Tekanyi Electrical and Computer Engineering Department, Ahmadu Bello University, Nigeria Electrical and Computer Engineering Department, Ahmadu Bello University, Nigeria Electrical and Computer Engineering Department, Ahmadu Bello University, Nigeria ABSTRACT This research presents the development of an Improved Intrusion Detection Secured RObust Header Compression (IDSROHC) technique for handling brute force attack. The Secured RObust Header Compression (Secured ROHC) was developed to secure internet protocol version six (IPv6) packets against false initial refresh attack by encrypting the cyclic redundancy check field. However, the CRC is only 3-8 bits long, which implies that a malicious node could still attempt a brute force approach, where it sends fake packets with all possible CRC combinations.An IDSROHC was developed using a modified selective watchdog intrusion detection algorithm. A MATLAB graphical user interface was design to aid presentation. IDSROHC was validated with Secured ROHC using throughput and packet delivery success. The results of this work show that IDSROHC produced 4.97% improvement in throughput and 29% improvement in packet delivery success over Secured ROHC. Keywords IDSROHC, Secured ROH,Brute force-Attack, Throughput, Packet delivery Success 1. INTRODUCTION The desire for industries to move towards an Internet Protocol Version six (IPv6) network architecture has pushed research in the direction of maximizing bandwidth. This is due to increased header size of IPv6 header as compared to the payload .Therefore, reducing the internet protocol header overload sent over the air becomes inevitable [1]. One method of providing increased bandwidth efficiency is the use of IP header compression techniques. Header compression provides more efficient use of bandwidth in a packet switched network by taking advantage of header field redundancies in packets belonging to the same flow [2]. To further increase the bandwidth efficiency, the sliding window can be made adaptive with respect to packets loss [3]. IP Header compression involves a compressor and a decompressor operating according to a well- defined protocol. The compressor compresses the headers with respect to a reference state that it shares in common with the decompressor, while the decompressor uncompresses them to their original state on reception at the destination [4]. Header compression technique falls into two major categories: stateful header compression and stateless header compression.The stateful header compression technique builds hop-by-hop compression per flow and requires state management.These include Van Jacobson Header Compression (VJHC), RObust Header Compression (ROHC) and Internet Protocol Header Compression (IPHC) .Stateless header compressions such as Mobile adhoc network Internet Protocol Header Compression (MIPHC) does not require state management [5]. The ROHC is designed to operate efficiently and robustly over various link technologies with different characteristics [6]. While this exchange leads to efficient bandwidth utilization, there are several potential attack such as False Initialization/Refresh (False IR), False ACKnowledgment (False ACK) and False Negative ACKnowledgment (False NACK) attack that can lead to denial of service (inability to decompress) [1]. In other to solve this problem, research has focused on cryptographic method such as Cyclic Redundancy Check (CRC) encryption [1] [7]. However, due to limited number of bits, a malicious node could still attempt a brute force approach where it sends fake packets with all possible cyclic redundancy check combinations therefore resulting in decryption of the cyclic redundancy check. In any network security plan, if intrusion prevention (encryption, authorization, and authentication) is defeated by attackers, then a second line of defence, intrusion detection comes into prominence [8]. Intrusion detection provides deterrence for an intruder and serves as an alarm mechanism for a computer system or a network to manage a security plan successfully. An Intrusion-Detection System (IDS) is defined as a software or hardware monitoring tool that detects internal or external cyber-attacks. An IDS can observe and investigate system and user activities, recognize patterns of known attacks and identify abnormal network activity. An IDS developed using a modified selective watchdog technique was therefore employed in this research to detect and mitigate brute force attack in a Secured robust header compression network [9]. 2. LITERATURE REVIEW 2.1 RObust Header Compression (ROHC) Scheme IP header compression is the process of reducing protocol header overhead in order to improve bandwidth efficiency while maintaining the end-to-end transparency [10, 11]. IP header compression concept relies on the characteristic that many header fields in consecutive packets belonging to the same packet flow remain a constant or change in predictable manner [11, 12]. VJHC and IPHC protocols were the first IP header compression scheme created. The IPHC scheme was created to extend the work done in VJHC. However, it was not robust enough to support links with high bit error rates, high losses, and long round trip times. High Bit Error Rate (BER) and long Round Trip Time (RTT) are common characteristics of wireless links. Therefore an efficient and robust compression scheme was needed. The ROHC scheme was developed to fulfil these criteria [13, 14]. It is a standard approach suitable for links with significant error rates and long round-trip time [14]. The ROHC scheme uses window based least significant bits encoding for the compression of dynamic fields in the protocol headers. Due to its feedback mechanism, periodic context refreshes and