A Machine Learning Approach to Detect Router Advertisement Flooding Attacks in Next-Generation IPv6 Networks
- 183 Downloads
Router advertisement (RA) flooding attack aims to exhaust all node resources, such as CPU and memory, attached to routers on the same link. A biologically inspired machine learning-based approach is proposed in this study to detect RA flooding attacks. The proposed technique exploits information gain ratio (IGR) and principal component analysis (PCA) for feature selection and a support vector machine (SVM)-based predictor model, which can also detect input traffic anomaly. A real benchmark dataset obtained from National Advanced IPv6 Center of Excellence laboratory is used to evaluate the proposed technique. The evaluation process is conducted with two experiments. The first experiment investigates the effect of IGR and PCA feature selection methods to identify the most contributed features for the SVM training model. The second experiment evaluates the capability of SVM to detect RA flooding attacks. The results show that the proposed technique demonstrates excellent detection accuracy and is thus an effective choice for detecting RA flooding attacks. The main contribution of this study is identification of a set of new features that are related to RA flooding attack by utilizing IGR and PCA algorithms. The proposed technique in this paper can effectively detect the presence of RA flooding attack in IPv6 network.
KeywordsRA flooding attack Network security IGR PCA SVM IPv6 security
The authors are grateful to the anonymous reviewers for their constructive comments and suggestions, which greatly helped improve the quality of the paper. Professor A. Hussain is supported by the UK Engineering and Physical Sciences Research Council (EPSRC) grant no. EP/M026981/1.
Compliance with Ethical Standards
Conflict of Interest
The authors declare that they have no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
- 2.Goel JN, Mehtre B. Stack overflow based defense for ipv6 router advertisement flooding (dos) attack. Proceedings of 3rd international conference on advanced computing, networking and informatics. New Delhi: Springer; 2016. p. 299–308.Google Scholar
- 4.Narten T, Simpson WA, Nordmark E, Soliman H. Neighbor discovery for ip version 6 (ipv6), Tech. Rep. 2461, 2007, obsoleted by RFC 4861, upyeard by RFC 4311. [Online]. Available: http://www.ietf.org/rfc/rfc2461.txt.
- 5.Finlayson R, Mann T, Mogul J, Theimer M. A reverse address resolution protocol, Tech. Rep., 1984, rFC-903, JUN. [Online]. Available: http://www.ietf.org/rfc/rfc903.txt.
- 6.Hendriks L, Sperotto A, Pras A. Characterizing the ipv6 security landscape by large-scale measurements. IFIP international conference on autonomous infrastructure, management and security. Cham: Springer; 2015. p. 145–149.Google Scholar
- 7.Barbhuiya FA, Biswas S, Nandi S. Detection of neighbor solicitation and advertisement spoofing in ipv6 neighbor discovery protocol. Proceedings of the 4th international conference on Security of information and networks. New York: ACM; 2011. p. 111–118.Google Scholar
- 8.Xu X, Wang X. An adaptive network intrusion detection method based on pca and support vector machines. Advanced data mining and applications. Berlin: Springer; 2005. p. 696–703.Google Scholar
- 11.Shyu M-L, Chen S-C, Sarinnapakorn K, Chang L. A novel anomaly detection scheme based on principal component classifier. 3rd IEEE international conference on data mining; 2003. p. 353–365.Google Scholar
- 12.Yang X, Ma T, Shi Y. Typical dos/ddos threats under ipv6. International multi-conference on computing in the global information technology. Guadeloupe: IEEE; 2007. p. 55–55.Google Scholar
- 13.Anbar M, Abdullah R, Saad RMA, Alomari E, Alsaleem S. Review of security vulnerabilities in the IPv6 neighbor discovery protocol. Singapore: Springer Singapore, 2016, pp. 603–612. [Online]. Available: https://doi.org/10.1007/978-981-10-0557-2_59 .
- 14.Hota H, Shrivas AK. Decision tree techniques applied on nsl-kdd data and its comparison with various feature selection techniques. Advanced computing, networking and informatics. Cham: Springer; 2014. p. 205–211.Google Scholar
- 19.Wang W, Battiti R. 2005. Identifying intrusions in computer networks based on principal component analysis, Tech. Rep DIT-05-084.Google Scholar
- 20.Xu T, He D, Luo Y. Ddos attack detection based on rlt features. 2007 international conference on, computational intelligence and security; 2007. p. 697–701.Google Scholar
- 21.Zargar G, Kabiri P. Identification of effective network features for probing attack detection. NDT ’09. First international conference on networked digital technologies, 2009. Ostrava: IEEE; 2009. p. 392–397.Google Scholar
- 23.Al-Shaer E. Modeling and verification of firewall and ipsec policies using binary decision diagrams. Automated firewall analytics. Cham: Springer International Publishing; 2014. p. 25–48.Google Scholar
- 24.Arkko J, Kempf J, Zill B, Nikander P. SEcure Neighbor Discovery (SEND), RFC 3971 (Proposed Standard), Tech. Rep. 3971, Mar. 2005, upyeard by RFCs 6494, 6495, 6980. [Online]. Available: http://www.ietf.org/rfc/rfc3971.txt.
- 26.Beck F, Cholez T, Festor O, Chrisment I. Monitoring the neighbor discovery protocol. ICCGI, 2007. international multi-conference on computing in the global information technology, 2007; 2007. p. 57–57.Google Scholar
- 27.Chown T, Venaas S. Rogue ipv6 router advertisement problem statement, Tech. Rep., 2011, rFC-6104, Feb. [Online]. Available: https://tools.ietf.org/html/rfc6104.
- 28.Ramachandran V, Nandi S. Detecting arp spoofing: an active technique. International conference on information systems security. Berlin: Springer; 2005. p. 239–250.Google Scholar
- 30.Levy-Abegnoli E, Van de Velde G, Popoviciu C, Mohacsi J. Ipv6 router advertisement guard, IETF, Tech. Rep., 2011, rFC-6105, Feb. [Online]. Available: https://tools.ietf.org/html/rfc6105.
- 31.Gont F. Implementation advice for ipv6 router advertisement guard (ra-guard), Internet Engineering Task Force (IETF), Tech. Rep., 2014, rFC-7113, Feb. [Online]. Available: https://tools.ietf.org/html/rfc7113.
- 32.Headquarters A. Ipv6 configuration guide, cisco ios release 12.4, Cisco, Tech. Rep., 2012. [Online]. Available: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/12-4t/ipv6-12-4t-book/ip6-eigrp.html.
- 35.Lin S-l, Liu Z. Parameter selection in svm with rbf kernel function. J Zhengzhou Univ Technol 2007;35(2):1–4.Google Scholar
- 36.NAv6. 2016. National advanced ipv6 centre, http://www.nav6.usm.my, 2016 online; accessed 1 OCT.
- 39.Livadas C, Walsh R, Lapsley D, Strayer WT. Using machine learning techniques to identify botnet traffic. IEEE conference on local computer networks, Proceedings 2006 31st. Piscataway: IEEE; 2006. p. 967–974.Google Scholar
- 40.Elhamahmy M, Elmahdy HN, Saroit IA. A new approach for evaluating intrusion detection system. International Journal of Artificial Intelligent Systems and Machine Learning 2010;11:2.Google Scholar
- 43.Wen G, Hou Z, Li H, Li D, Jiang L, Xun E. Ensemble of deep neural networks with probability-based fusion for facial expression recognition, Cogn Comput. 2017. [Online]. Available: https://doi.org/10.1007/s12559-017-9472-6.
- 44.Siddique N, Adeli H. Nature-inspired chemical reaction optimisation algorithms, Cogn Comput. 2017. [Online]. Available: https://doi.org/10.1007/s12559-017-9485-1.