Abstract
Neighbor Discovery Protocol (NDP) is stateless and lacks of authentication which exposes it to flooding attacks. Securing NDP is critical due to the large deployment of open network. Commonly existing solutions for securing NDP violate its design principle in terms of overhead and complexity. Other solutions suffer from high false positive alerts which affects solution trustiness. This paper aims to investigate the use of machine learning mechanism for detecting NDP flooding attacks. It was found that the advantage of using machine learning is that the detection can be done without relying on attack signatures they can learn broader definitions of attack attributes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Postel J (1981) Internet protocol: DARPA Internet program protocol specification. RFC 791, September
Huston G (2015) GeoHuston. http://www.potaroo.net/tools/ipv4/index.html
Deering S, Hinden R (1998) Internet protocol, Version 6 (IPv6) specification, RFC 2460, December
Narten T, Nordmark E, Simpson W, Sliman H (2007) Neighbor Discovery for IP version 6 (IPv6). RFC 4861 September
Bhattacharyya DK, Kalita JK (2013) Network anomaly detection: a machine learning perspective. CRC Press
Narten T, Thomson S, Jinmei T (2007) IPv6 stateless address autoconfiguration
Kent S, Seo K (2005) Security architecture for the internet protocol, RFC4301, December
Frankel S, Graveman R, Pearce J, Rooks M (2010) Guidelines for the secure deployment of IPv6, vol 800. NIST Special Publication
Conta A, Gupta M (2006) Internet control message protocol (icmpv6) for the internet protocol version 6 (ipv6) specification
Allen J, Christie A, Fithen W (2000) State of the practice of intrusion detection technologies
Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on security and privacy (SP). IEEE
Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a survey. ACM Comput Surv (CSUR) 41(3):15
Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (IDPS). National Institute of Standards and Technology (NIST), Feb 2007
Sasha, Beetle (2000) A strict anomaly detection model for IDS. Phrack Magazine Volume 0xa Issue 0x38, May1
Najjar F, Kadhum M, El-Taj H (2015) Neighbor discovery protocol anomaly detection using finite state machine and strict anomaly detection, Proceedings of the 4th International Conference on Internet Applications, Protocols and Services (NETAPPS2015), 978-967-0910-06-2
Nikander P, Kempf J, Nordmark E (2004) IPv6 Neighbor Discovery (ND) trust models and threats, RFC 3756, May
Gashinsky I, Jaeggli J, Kumari W (2012) Operational neighbor discovery problems. No. RFC 6583
Najjar F, El-Taj H (2015) Ipv6 change threats behavior. Int J Adv Comput Sci Appl 6(1)
Jankiewicz E, Loughney J, Narten T (2011) Ipv6 node requirements. No. RFC 6434
Bouras C, Karaliotas A, Ganos P (2003) The deployment of IPv6 in an IPv4 world and transition strategies. Internet Res 13(2):86–93
Kempf E, Sommerfeld J, Zill B, Arkko B, Nikander P (2005) Secure neighbor discovery (SEND). No. RFC 3971
Bagnulo M, Arkko J (2006) Cryptographically Generated Addresses (CGA) Extension Field Format. RFC 4581, October
Hassan R, Ahmed AS, Osman NE (2014) Enhancing security for IPV6 neighbor discovery protocol using cryptography. Am J Appl Sci 11(9):1472
Shah JL, Parvez J (2015) Optimizing security and address configuration in IPv6 SLAAC. Proc Comput Sci 54:177–185
Beck F, Cholez T, Festor O, Chrisment I (2007) Monitoring the neighbor discovery protocol. In: The second international workshop on IPv6 Today-Technology and Deployment-IPv6TD 2007
Barbhuiya FA, Bansal G, Kumar N, Biswas S, Nandi S (2013) De- tection of neighbor discovery protocol based attacks in IPv6 network. Netw Sci 2:91–113
Barbhuiya F, Biswas S, Hubballi N, Nandi S (2011) A host based DES approach for detecting ARP spoofing. In: Symposium on computational intelligence in cyber security. IEEE, pp. 114–121
Bansal G, Kumar N, Nandi S, Biswas S (2012) Detection of NDP based attacks using MLD. In: Proceedings of the fifth international conference on security of information and networks. ACM
Kumar N, Bansal G, Biswas S, Nandi S (2013) Host based IDS for NDP related attacks: NS and NA Spoofing. In: India Conference (INDICON). IEEE, pp 1–6
Najjar F, Kadhum M (2015) Reliable Behavioral Dataset for IPv6 Neighbor Discovery Protocol Investigation. In: International conference on IT convergence and security
Tang J, Alelyani S, Liu H (2014) Feature selection for classification: a review. Data Classif Algorithms Appl 37
Witten IH, Frank E (2005) Data mining: practical machine learning tools and techniques. Morgan Kaufmann
Holte RC (1993) Very simple classification rules perform well on most commonly used datasets. Mach Learn 11(1):63–90
Domingos P, Pazzani M (1997) On the optimality of the simple Bayesian classifier under zero-one loss. Mach Learn 29:103–130
Quinlan JR (2014) C4. 5: programs for machine learning. Elsevier
Fix E, Hodges JL (1951) Discriminatory analysis, nonparametric discrimination. USAF School of Aviation Medicine, Randolph Field, Tex., Project 21-49-004, Rept. 4, Contract AF41(128)-31, February
Chang C-C, Lin (2011) LIBSVM: a library for support vector machines. ACM Trans Intell Syst Technol (TIST) 2(3):27
Hall M et al (2009) The WEKA data mining software: an update. ACM SIGKDD Explor Newsl 11(1):10–18
Acknowledgments
This work was supported by National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Najjar, F., Kadhum, M.M., El-Taj, H. (2016). Detecting Neighbor Discovery Protocol-Based Flooding Attack Using Machine Learning Techniques. In: Soh, P., Woo, W., Sulaiman, H., Othman, M., Saat, M. (eds) Advances in Machine Learning and Signal Processing. Lecture Notes in Electrical Engineering, vol 387. Springer, Cham. https://doi.org/10.1007/978-3-319-32213-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-32213-1_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-32212-4
Online ISBN: 978-3-319-32213-1
eBook Packages: EngineeringEngineering (R0)