Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation

Viet  Anh Phan; Jan Jerabek

doi:10.5220/0013556100003979

Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation

Viet Anh Phan, Jan Jerabek

2025

Abstract

Adopting a dual approach, this paper presents a framework that integrates two complementary components: CovertGen6, a novel tool for generating realistic IPv6 covert channel attack packets, and a framework of detection system based on multiple machine learning models. CovertGen6 outperforms existing tools by producing diverse, evasive attack scenarios that are captured by Wireshark and converted into CSV datasets for analysis. These authentic datasets are then used to train and evaluate machine learning models for detecting IPv6 covert channels, with the Random Forest classifier achieving a binary classification AuC of 0.985 and a multi-label classification F1-score of 90.3%. Additionally, the explainable AI technique is incorporated to transparently interpret model decisions and pinpoint the specific header fields used for covert injections. This dual approach bridges the gap between theoretical research and practical network security, laying a robust foundation for intrusion detection systems in IPv6 networks.

Download

Paper Citation

in Harvard Style

Phan V. and Jerabek J. (2025). Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 666-675. DOI: 10.5220/0013556100003979

in Bibtex Style

@conference{secrypt25,
author={Viet Phan and Jan Jerabek},
title={Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={666-675},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013556100003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation
SN - 978-989-758-760-3
AU - Phan V.
AU - Jerabek J.
PY - 2025
SP - 666
EP - 675
DO - 10.5220/0013556100003979
PB - SciTePress