Skip to main content
SpringerLink
Log in

Detecting Neighbor Discovery Protocol-Based Flooding Attack Using Machine Learning Techniques

  • Conference paper
  • First Online:
Advances in Machine Learning and Signal Processing

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 387))

Abstract

Neighbor Discovery Protocol (NDP) is stateless and lacks of authentication which exposes it to flooding attacks. Securing NDP is critical due to the large deployment of open network. Commonly existing solutions for securing NDP violate its design principle in terms of overhead and complexity. Other solutions suffer from high false positive alerts which affects solution trustiness. This paper aims to investigate the use of machine learning mechanism for detecting NDP flooding attacks. It was found that the advantage of using machine learning is that the detection can be done without relying on attack signatures they can learn broader definitions of attack attributes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Postel J (1981) Internet protocol: DARPA Internet program protocol specification. RFC 791, September

    Google Scholar 

  2. Huston G (2015) GeoHuston. http://www.potaroo.net/tools/ipv4/index.html

  3. Deering S, Hinden R (1998) Internet protocol, Version 6 (IPv6) specification, RFC 2460, December

    Google Scholar 

  4. Narten T, Nordmark E, Simpson W, Sliman H (2007) Neighbor Discovery for IP version 6 (IPv6). RFC 4861 September

    Google Scholar 

  5. Bhattacharyya DK, Kalita JK (2013) Network anomaly detection: a machine learning perspective. CRC Press

    Google Scholar 

  6. Narten T, Thomson S, Jinmei T (2007) IPv6 stateless address autoconfiguration

    Google Scholar 

  7. Kent S, Seo K (2005) Security architecture for the internet protocol, RFC4301, December

    Google Scholar 

  8. Frankel S, Graveman R, Pearce J, Rooks M (2010) Guidelines for the secure deployment of IPv6, vol 800. NIST Special Publication

    Google Scholar 

  9. Conta A, Gupta M (2006) Internet control message protocol (icmpv6) for the internet protocol version 6 (ipv6) specification

    Google Scholar 

  10. Allen J, Christie A, Fithen W (2000) State of the practice of intrusion detection technologies

    Google Scholar 

  11. Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy (SP). IEEE

    Google Scholar 

  12. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv (CSUR) 41(3):15

    Google Scholar 

  13. Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (IDPS). National Institute of Standards and Technology (NIST), Feb 2007

    Google Scholar 

  14. Sasha, Beetle (2000) A strict anomaly detection model for IDS. Phrack Magazine Volume 0xa Issue 0x38, May1

    Google Scholar 

  15. Najjar F, Kadhum M, El-Taj H (2015) Neighbor discovery protocol anomaly detection using finite state machine and strict anomaly detection, Proceedings of the 4th International Conference on Internet Applications, Protocols and Services (NETAPPS2015), 978-967-0910-06-2

    Google Scholar 

  16. Nikander P, Kempf J, Nordmark E (2004) IPv6 Neighbor Discovery (ND) trust models and threats, RFC 3756, May

    Google Scholar 

  17. Gashinsky I, Jaeggli J, Kumari W (2012) Operational neighbor discovery problems. No. RFC 6583

    Google Scholar 

  18. Najjar F, El-Taj H (2015) Ipv6 change threats behavior.‏ Int J Adv Comput Sci Appl 6(1)

    Google Scholar 

  19. Jankiewicz E, Loughney J, Narten T (2011) Ipv6 node requirements. No. RFC 6434

    Google Scholar 

  20. Bouras C, Karaliotas A, Ganos P (2003) The deployment of IPv6 in an IPv4 world and transition strategies. Internet Res 13(2):86–93

    Google Scholar 

  21. Kempf E, Sommerfeld J, Zill B, Arkko B, Nikander P (2005) Secure neighbor discovery (SEND). No. RFC 3971

    Google Scholar 

  22. Bagnulo M, Arkko J (2006) Cryptographically Generated Addresses (CGA) Extension Field Format. RFC 4581, October

    Google Scholar 

  23. Hassan R, Ahmed AS, Osman NE (2014) Enhancing security for IPV6 neighbor discovery protocol using cryptography. Am J Appl Sci 11(9):1472

    Google Scholar 

  24. Shah JL, Parvez J (2015) Optimizing security and address configuration in IPv6 SLAAC. Proc Comput Sci 54:177–185

    Google Scholar 

  25. Beck F, Cholez T, Festor O, Chrisment I (2007) Monitoring the neighbor discovery protocol. In: The second international workshop on IPv6 Today-Technology and Deployment-IPv6TD 2007

    Google Scholar 

  26. Barbhuiya FA, Bansal G, Kumar N, Biswas S, Nandi S (2013) De- tection of neighbor discovery protocol based attacks in IPv6 network. Netw Sci 2:91–113

    Article  Google Scholar 

  27. Barbhuiya F, Biswas S, Hubballi N, Nandi S (2011) A host based DES approach for detecting ARP spoofing. In: Symposium on computational intelligence in cyber security. IEEE, pp. 114–121

    Google Scholar 

  28. Bansal G, Kumar N, Nandi S, Biswas S (2012) Detection of NDP based attacks using MLD. In: Proceedings of the fifth international conference on security of information and networks. ACM

    Google Scholar 

  29. Kumar N, Bansal G, Biswas S, Nandi S (2013) Host based IDS for NDP related attacks: NS and NA Spoofing. In: India Conference (INDICON). IEEE, pp 1–6

    Google Scholar 

  30. Najjar F, Kadhum M (2015) Reliable Behavioral Dataset for IPv6 Neighbor Discovery Protocol Investigation. In: International conference on IT convergence and security

    Google Scholar 

  31. Tang J, Alelyani S, Liu H (2014) Feature selection for classification: a review. Data Classif Algorithms Appl 37‏

    Google Scholar 

  32. Witten IH, Frank E (2005) Data mining: practical machine learning tools and techniques. Morgan Kaufmann

    Google Scholar 

  33. Holte RC (1993) Very simple classification rules perform well on most commonly used datasets. Mach Learn 11(1):63–90

    Google Scholar 

  34. Domingos P, Pazzani M (1997) On the optimality of the simple Bayesian classifier under zero-one loss. Mach Learn 29:103–130

    Article  MATH  Google Scholar 

  35. Quinlan JR (2014) C4. 5: programs for machine learning. Elsevier

    Google Scholar 

  36. Fix E, Hodges JL (1951) Discriminatory analysis, nonparametric discrimination. USAF School of Aviation Medicine, Randolph Field, Tex., Project 21-49-004, Rept. 4, Contract AF41(128)-31, February

    Google Scholar 

  37. Chang C-C, Lin (2011) LIBSVM: a library for support vector machines. ACM Trans Intell Syst Technol (TIST) 2(3):27‏

    Google Scholar 

  38. Hall M et al (2009) The WEKA data mining software: an update. ACM SIGKDD Explor Newsl 11(1):10–18

    Google Scholar 

Download references

Acknowledgments

This work was supported by National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia.

Author information

Authors and Affiliations

  1. National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia (USM), 11800, Pulau Pinang, Malaysia

    Firas Najjar & Mohammad M. Kadhum

  2. Telecommunications Research Lab, School of Computing, Queen’s University, Kingston, ON, K7L 3N6, Canada

    Mohammad M. Kadhum

  3. Community Collage, University of Tabuk, Tabuk, Saudi Arabia

    Homam El-Taj

Authors
  1. Firas Najjar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad M. Kadhum
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Homam El-Taj
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Firas Najjar .

Editor information

Editors and Affiliations

  1. University Teknikal Malaysia Melaka, Durian Tunggal, Melaka, Malaysia

    Ping Jack Soh

  2. Singapore Campus, #05-01 SIT Building, Newcastle University, Singapore, Singapore

    Wai Lok Woo

  3. Universiti Teknikal Malaysia Melaka, Melaka, Malaysia

    Hamzah Asyrani Sulaiman

  4. Universiti Teknikal Malaysia Melaka, Melaka, Malaysia

    Mohd Azlishah Othman

  5. University Teknikal Malaysia Melaka, Durian Tunggal, Melaka, Malaysia

    Mohd Shakir Saat

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Najjar, F., Kadhum, M.M., El-Taj, H. (2016). Detecting Neighbor Discovery Protocol-Based Flooding Attack Using Machine Learning Techniques. In: Soh, P., Woo, W., Sulaiman, H., Othman, M., Saat, M. (eds) Advances in Machine Learning and Signal Processing. Lecture Notes in Electrical Engineering, vol 387. Springer, Cham. https://doi.org/10.1007/978-3-319-32213-1_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-32213-1_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-32212-4

  • Online ISBN: 978-3-319-32213-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation