Article Sidebar

Submitted
December 12, 2025
Accepted
January 8, 2026
Published
January 17, 2026
Download
PDF
Statistic
Read Counter : 0 Download : 0

Main Article Content

Abstract

The global transition to IPv6 has introduced new attack surfaces within core network protocols, particularly the Neighbor Discovery Protocol (NDP). One of the most critical yet often overlooked threats is the Neighbor Advertisement (NA) Flood attack. Unlike conventional volumetric DDoS attacks aimed at saturating network bandwidth, NA Flood exploits the Stateless Address Autoconfiguration (SLAAC) mechanism to trigger resource exhaustion on target devices. Investigating such incidents presents unique forensic challenges, as attack traces in volatile memory are often lost when using traditional dead forensics methods. This study implements a real-time forensic investigation approach by integrating Live Forensics methods with the Digital Forensic Framework for Reviewing and Investigating Cyber Attack (D4I). This method is applied to acquire crucial volatile artifacts during the attack and reconstruct the modus operandi through Cyber Kill Chain (CKC) mapping and Chain of Artifacts (CoA) construction. Experimental results demonstrate that NA Flood attacks possess dangerous asymmetric characteristics: generating low network traffic (4.71 Mbps) while causing a CPU surge of up to 50% and a memory increase of 89.5 MB on the target server. The novelty of this study lies in the integration of Live Forensics with the D4I framework to acquire volatile data in real-time and systematically transform raw artifacts into a comprehensive forensic conclusion. This approach successfully reconstructs the 5W1H (Who, What, Where, When, Why, How) elements of the incident and visualizes the shift of the point of failure from the network infrastructure to the endpoint, offering a robust model for investigating protocol-based resource exhaustion attacks.

Keywords

IPv6 Neighbor Advertisement Flood Live Forensics D4I Framework Forensic Investigation Network Forensics IPv6 Security

Article Details

License

Copyright (c) 2026 Frendi Yusroni Romadhona, Ahmad Luthfi

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

How to Cite
Romadhona, F. Y., & Luthfi, A. (2026). Real-time Forensic Reconstruction of IPv6 NA Flood Attacks: A D4I Approach. Jurnal Sains, Nalar, Dan Aplikasi Teknologi Informasi, 5(1), 45–53. https://doi.org/10.20885/snati.v5.i1.45526
Download Citation
Endnote/Zotero/Mendeley (RIS)
BibTeX

References

  1. K. Nikolina, “Overview of the progress of IPv6 adoption in Croatia,” in 2022 45th Jubilee International Convention on Information, Communication and Electronic Technology (MIPRO), Opatija, Croatia: IEEE, May 2022, pp. 405–408. doi: 10.23919/MIPRO55190.2022.9803479. DOI: https://doi.org/10.23919/MIPRO55190.2022.9803479
  2. Google, “IPv6 Adoption Statistics,” May 2025, [Online]. Available: https://www.google.com/intl/en/ipv6/statistics.html
  3. G. Huston, “IPv6 Capability Metrics: World,” May 2025, [Online]. Available: https://stats.labs.apnic.net/ipv6/XA
  4. T. Narten, E. Nordmark, W. Simpson, and H. Soliman, “Neighbor Discovery for IP version 6 (IPv6),” RFC Editor, RFC4861, Sept. 2007. doi: 10.17487/rfc4861. DOI: https://doi.org/10.17487/rfc4861
  5. S. Praptodiyono, Moh. Jauhari, R. Fahrizal, I. H. Hasbullah, A. Osman, and S. Ul Rehman, “Integration of Firewall and IDS on Securing Mobile IPv6,” in 2020 2nd International Conference on Industrial Electrical and Electronics (ICIEE), Lombok, Indonesia: IEEE, Oct. 2020, pp. 163–168. doi: 10.1109/ICIEE49813.2020.9277354. DOI: https://doi.org/10.1109/ICIEE49813.2020.9277354
  6. W. Hui, Y. Sun, J. Liu, and K. Lu, “DDoS/DoS Attacks and Safety Analysis of IPv6 Campus Network: Security Research under IPv6 Campus Network,” in 2011 International Conference on Internet Technology and Applications, Wuhan, China: IEEE, Aug. 2011, pp. 1–4. doi: 10.1109/ITAP.2011.6006421. DOI: https://doi.org/10.1109/ITAP.2011.6006421
  7. S. Manickam et al., “Labelled Dataset on Distributed Denial-of-Service (DDoS) Attacks Based on Internet Control Message Protocol Version 6 (ICMPv6),” Wirel. Commun. Mob. Comput., vol. 2022, pp. 1–13, Apr. 2022, doi: 10.1155/2022/8060333. DOI: https://doi.org/10.1155/2022/8060333
  8. M. Tayyab, B. Belaton, and M. Anbar, “ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review,” IEEE Access, vol. 8, pp. 170529–170547, 2020, doi: 10.1109/ACCESS.2020.3022963. DOI: https://doi.org/10.1109/ACCESS.2020.3022963
  9. O. E. Elejla, M. Anbar, S. Hamouda, B. Belaton, T. A. Al-Amiedy, and I. H. Hasbullah, “Flow-Based IDS Features Enrichment for ICMPv6-DDoS Attacks Detection,” Symmetry, vol. 14, no. 12, p. 2556, 2022, doi: 10.3390/sym14122556. DOI: https://doi.org/10.3390/sym14122556
  10. R. Sood and P. Lim, “CYBER FORENSIC MANUAL FOR DENIAL-OF- SERVICE ATTACK.” ResearchGate, Dec. 11, 2023. [Online]. Available: https://www.researchgate.net/publication/376692478 DOI: https://doi.org/10.2139/ssrn.4660684
  11. M. Alim, I. Riadi, and Y. Prayudi, “Live Forensics Method for Analysis Denial of Service (DOS) Attack on Routerboard,” Int. J. Comput. Appl., vol. 180, no. 35, pp. 23–30, Apr. 2018, doi: 10.5120/ijca2018916879. DOI: https://doi.org/10.5120/ijca2018916879
  12. A. Dimitriadis, N. Ivezic, B. Kulvatunyou, and I. Mavridis, “D4I - Digital forensics framework for reviewing and investigating cyber attacks,” Array, vol. 5, p. 100015, Mar. 2020, doi: 10.1016/j.array.2019.100015. DOI: https://doi.org/10.1016/j.array.2019.100015
  13. A. Alzaqebah, I. Aljarah, and O. Al-Kadi, “A hierarchical intrusion detection system based on extreme learning machine and nature-inspired optimization,” Comput. Secur., vol. 124, p. 102957, Jan. 2023, doi: 10.1016/j.cose.2022.102957. DOI: https://doi.org/10.1016/j.cose.2022.102957
  14. O. R. Prayogo and I. Riadi, “Router Forensic Analysis against Distributed Denial of Service (DDoS) Attacks,” Int. J. Comput. Appl., vol. 175, no. 39, pp. 19–25, 2020, doi: 10.5120/ijca2020920944. DOI: https://doi.org/10.5120/ijca2020920944
  15. D. Brezinski and T. Killalea, “Guidelines for Evidence Collection and Archiving,” RFC Editor, RFC3227, Feb. 2002. doi: 10.17487/rfc3227. DOI: https://doi.org/10.17487/rfc3227
  16. R. Nurdin, “Investigasi Forensika Digital WhatsApp Scam Dengan Menggunakan Framework D4I,” JATISI J. Tek. Inform. Dan Sist. Inf., vol. 11, no. 1, pp. 158–166, 2024, doi: 10.35957/jatisi.v11i1.6616.