Detecting Distributed Denial of Service Attacks in Neighbour Discovery Protocol Using Machine Learning Algorithm Based on Streams Representation

  • Abeer Abdullah Alsadhan
  • Abir Hussain
  • Thar Baker
  • Omar Alfandi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10956)


The main protocol of the Internet protocol version 6 suites is the neighbour discovery protocol, which is geared towards substitution of address resolution protocol, router discovery, and function redirection in Internet protocol version 4. Internet protocol version 6 nodes employ neighbour discovery protocol to detect linked hosts and routers in Internet protocol version 6 network without the dependence on dynamic host configuration protocol server, which has earned the neighbour discovery protocol the title of the stateless protocol. The authentication process of the neighbour discovery protocol exhibits weaknesses that make this protocol vulnerable to attacks. Denial of service attacks can be triggered by a malicious host through the introduction of spoofed addresses in neighbour discovery protocol messages. Internet version 6 protocols are not well supported by Network Intrusion Detection System as is the case with Internet Protocol version 4 protocols. Several data mining techniques have been introduced to improve the classification mechanism of Intrusion detection system. In addition, extensive researches indicated that there is no Intrusion Detection system for Internet Protocol version 6 using advanced machine-learning techniques toward distributed denial of service attacks. This paper aims to detect Distributed Denial of Service attacks of the Neighbour Discovery protocol using machine-learning techniques, due to the severity of the attacks and the importance of Neighbour Discovery protocol in Internet Protocol version 6. Decision tree algorithm and Random Forest Algorithm showed high accuracy results in comparison to the other benchmarked algorithms.


Machine learning Denial of service IPV6 


  1. 1.
    Abouabdalla, O., El-Taj, H., Manasrah, A., Ramadass, S.: False positive reduction in intrusion detection system: a survey. In: 2nd IEEE International Conference on Broadband Network & Multimedia Technology, 2009, IC-BNMT 2009, pp. 463–466. IEEE, October 2009Google Scholar
  2. 2.
    Agrawal, S., Agrawal, J.: Survey on anomaly detection using data mining techniques. Procedia Comput. Sci. 60, 708–713 (2015)CrossRefGoogle Scholar
  3. 3.
    Alaidaros, H., Mahmuddin, M., Al-Mazari, A.: An overview of flow-based and packet-based intrusion detection performance in high speed networks (2011)Google Scholar
  4. 4.
    Alharby, A., Imai, H.: IDS false alarm reduction using continuous and discontinuous patterns. In: Ioannidis, J., Keromytis, A., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 192–205. Springer, Heidelberg (2005). Scholar
  5. 5.
    Asokan, N., Niemi, V., Nyberg, K.: Man-in-the-middle in tunnelled authentication protocols. In: Christianson, B., Crispo, B., Malcolm, James A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 28–41. Springer, Heidelberg (2005). Scholar
  6. 6.
    Bahl, S., Sharma, S.K.: Improving classification accuracy of intrusion detection system using feature subset selection. In: 2015 Fifth International Conference on Advanced Computing & Communication Technologies, pp. 431–436. IEEE, February 2015Google Scholar
  7. 7.
    Banerjee, U., Arya, K.V.: Experimental study and analysis of security threats in compromised networks. In: Sengupta, S., Das, K., Khan, G. (eds.) Emerging Trends in Computing and Communication. LNEE, vol. 298, pp. 53–60. Springer, New Delhi (2014). Scholar
  8. 8.
    Barbará, D.: Special issue on data mining for intrusion detection and threat analysis. ACM SIGMOD Rec. 30(4), 4 (2001)CrossRefGoogle Scholar
  9. 9.
    Bishop, C.M.: Pattern Recognition and Machine Learning. Springer, New York (2006)zbMATHGoogle Scholar
  10. 10.
    Caicedo, C.E., Joshi, J.B., Tuladhar, S.R.: IPv6 security challenges. IEEE Comput. 42(2), 36–42 (2009)CrossRefGoogle Scholar
  11. 11.
    Campbell, P., Calvert, B., Boswell, S.: Security and Guide to Network Security Fundamentals. Thomson Course Technology, Boston (2003)Google Scholar
  12. 12.
    Chan, A.P., Ng, W.W., Yeung, D.S., Tsang, C.C.: Refinement of rule-based intrusion detection system for denial of service attacks by support vector machine. In: Proceedings of 2004 International Conference on Machine Learning and Cybernetics, 2004, vol. 7, pp. 4252–4256. IEEE, August 2004Google Scholar
  13. 13.
    Choudhary, A.R., Sekelsky, A.: Securing IPv6 network infrastructure: a new security model. In: 2010 IEEE International Conference on Technologies for Homeland Security (HST), 8–10 November 2010, USA. SEGMA Technol. Inc., Silver Spring, MD, Technologies for Homeland Security (HST), pp. 500–506. IEEE (2010)Google Scholar
  14. 14.
    Cisco: IPv6 security brief, White paper c11-678658, CISCO (2011)Google Scholar
  15. 15.
    Electronic Design: What’s The Difference Between IPv4 and IPv6? p. 2 (2012).
  16. 16.
    Elejla, O.E., Belaton, B., Anbar, M., Alnajjar, A.: Intrusion detection systems of ICMPv6-based DDoS attacks. Neural Comput. Appl. 30, 1–12 (2016)Google Scholar
  17. 17.
    Forouzan, B.: TCP/IP Protocol Suite, 3rd edn. McGraw-Hill Higher Education, New Delhi (2006)Google Scholar
  18. 18.
    Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., Vázquez, E.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28(1), 18–28 (2009)CrossRefGoogle Scholar
  19. 19.
  20. 20.
    Gont, F.: Implementation Advice for IPv6 Router Advertisement Guard (RA-Guard) (No. RFC 7113) (2014)Google Scholar
  21. 21.
    Hogg, S., Karpenko, J., Miller, D., Vyncke, E.: IPv6 Security: Information Assurance for the Next-generation Internet Protocol. Cisco Press, USA (2009)Google Scholar
  22. 22.
    Kruegel, C., Mutz, D., Robertson, W., Valeur, F.: Bayesian event classification for intrusion detection. In: Computer Security Applications Conference, 2003. Proceedings. 19th Annual, pp. 14–23. IEEE, December 2003Google Scholar
  23. 23.
    Kumar, A.S., Karthik, M.G., Tech, M.: An efficient detection of DDoS flooding attacks: a survey. Int. J. Sci. Eng. Technol. Res. (IJSETR) 5(7), 2401–2405 (2016)Google Scholar
  24. 24.
    Kumar, M.A., Hemalatha, M., Nagaraj, P., Karthikeyan, S.: A new way towards security in TCP/IP protocol suite. pp. 46–50 (2010)Google Scholar
  25. 25.
    Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches, and Challenges, vol. 5. Springer Science & Business Media (2006)Google Scholar
  26. 26.
    Laskov, P., Düssel, P., Schäfer, C., Rieck, K.: Learning intrusion detection: supervised or unsupervised? In: Roli, F., Vitulano, S. (eds.) ICIAP 2005. LNCS, vol. 3617, pp. 50–57. Springer, Heidelberg (2005). Scholar
  27. 27.
    Liao, Y., Vemuri, V.R.: Use of k-nearest neighbor classifier for intrusion detection. Comput. Secur. 21(5), 439–448 (2002)CrossRefGoogle Scholar
  28. 28.
    McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(4), 262–294 (2000)CrossRefGoogle Scholar
  29. 29.
    Moravejosharieh, A., Modares, H., Salleh, R.: Overview of mobile IPv6 security. In: 2012 Third International Conference on Intelligent Systems, Modelling and Simulation (ISMS), pp. 584–587. IEEE, February 2012Google Scholar
  30. 30.
    Najjar, F., Kadhum, M.M.: Reliable behavioral dataset for IPv6 neighbor discovery protocol investigation. In: 2015 5th International Conference on IT Convergence and Security (ICITCS), pp. 1–5. IEEE, August 2015Google Scholar
  31. 31.
    Narten, T., Simpson, W.A., Nordmark, E., Soliman, H.: Neighbor discovery for IP version 6 (IPv6) (2007)Google Scholar
  32. 32.
    Popoviciu, C.: Deploying IPv6 networks. Pearson Education India (2006)Google Scholar
  33. 33.
    Saad, R.M., Ramadass, S., Manickam, S.: A study on detecting ICMPv6 flooding attack based on IDS. Aust. J. Basic Appl. Sci. 7(2), 175–181 (2013)Google Scholar
  34. 34.
    Salih, A., Ma, X., Peytchev, E.: New intelligent heuristic algorithm to mitigate security vulnerabilities in IPv6. Int. J. Inf. Secur. (IJIS), 4 (2015).
  35. 35.
    Satrya, G.B., Chandra, R.L., Yulianto, F.A.: The detection of DDOS flooding attack using hybrid analysis in IPv6 networks. In: 2015 3rd International Conference on Information and Communication Technology (ICoICT), pp. 240–244. IEEE, May 2015Google Scholar
  36. 36.
    Stolfo, J., Fan, W., Lee, W., Prodromidis, A., Chan, P.K.: Cost-based modeling and evaluation for data mining with application to fraud and intrusion detection. Results JAM Proj. Salvatore (2000)Google Scholar
  37. 37.
    Szigeti, S., Risztics, P.: Will IPv6 bring better security? In: Euromicro Conference, 2004, Proceedings. 30th, pp. 532–537. IEEE, September 2004Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Department of Computer ScienceLiverpool John Moores UniversityLiverpoolUK
  2. 2.College of Technological InnovationZayed UniversityAbu DhabiUAE

Personalised recommendations