Detecting Neighbor Discovery Protocol-Based Flooding Attack Using Machine Learning Techniques

Najjar, Firas; Kadhum, Mohammed M.; El-Taj, Homam

doi:10.1007/978-3-319-32213-1_12

Cited by 8 publications

(5 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In addition, the classifier's ability to learn and build the model mainly depends upon the feature set and the solution to class imbalance factors existing in the dataset. The models such as [48], [62], and [70] lack features selection schemes needed to validate the relevance of the features in generating the datasets. Table 4 gives an insight into the scope of detection that is covered by each ML-based IDS model for ICMPv6-based DoS and DDoS attacks.…”

Section: Discussionmentioning

confidence: 99%

“…Najjar et al [62] used a strict anomaly detection approach introduced by Sasha and Beetle [63] to detect violations in normal RS and NS packets flow. A feature set containing eight features is used to distinguish between normal or anomaly flow against the protocol constant values defined in [RFC 4861 and RFC 4862] for NDP messages.…”

Section: B Single Classifier-based Ids 1) Packet Features-based Idssmentioning

confidence: 99%

“…DA as the only metric for performance evaluation of the MLbased IDS may mislead the researcher with a high percentage in the case of a binary class dataset, as in [62]. Classifier such as NB, that outputs negative class, may give 99% DA even though binary class dataset with a positive class contains 1% instances only.…”

Section: F a Sole Performance Evaluation Metric With Binary Class Damentioning

confidence: 99%

See 2 more Smart Citations

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

2020

View full text Add to dashboard Cite

Although the launch of Internet Protocol version six (IPv6) addressed the issue of IPv4's address depletion, but also mandated the use of Internet Control Message Protocol version six (ICMPv6) messages in newly introduced features such as the Neighbor Discovery Protocol (NDP). This has exacerbated existing network attacks including ICMPv6-based Denial of Service (DoS) attacks and its variant form Distributed Denial of Service (DDoS) attack. Intrusion Detection Systems (IDS) aimed at tackling security issues raised by ICMPv6-based DoS and DDoS attacks have been reviewed by researchers and a general classification of existing IDSs was proposed as anomaly-based and signature-based. However, it is incredibly hard to see the overall picture of IDSs based on Machine Learning (ML) techniques with such a classification, as there is a lack of a more detailed view of the ML approach, classifiers, feature selection techniques, datasets, and different evaluation metrics. Nevertheless, recent developments in this relatively new field have not been covered such as ML-based IDSs using flow-based traffic representation. Therefore, this paper specifically reviews and classifies IDSs based on ML techniques to detect ICMPv6-based DoS and DDoS attacks as single and hybrid classifiers. In addition, blockchain applicability in Collaborative IDS (CIDS) architecture based on the ensemble framework has been proposed as a solution to one of the open challenges for ICMPv6-based DoS and DDoS attacks detection problem. Moreover, this review also provides a classification of ICMPv6 vulnerabilities to DoS and DDoS attacks which would provide a reference resource for future researchers in this domain. To the best of the author's knowledge, this is the first review paper specifically focusing on IDSs based on ML techniques in this domain, as well as blockchain applicability as a possible research direction has been proposed to attract researcher's focus on building ensemble learning-based IDS models.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: B Single Classifier-based Ids 1) Packet Features-based Idssmentioning

confidence: 99%

Section: F a Sole Performance Evaluation Metric With Binary Class Damentioning

confidence: 99%

See 1 more Smart Citation

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

2020

View full text Add to dashboard Cite

show abstract

“…The addresses are fabricated with the subnet prefix and packets are continuously being sent to the victims in such type of attack. After sending neighbor solicitation packets, these addresses are resolved by the last hop router (Najjar et al, 2016). From the last hop router, the neighbor discovery service is not obtained by a legitimate host attempting to enter the network as it will be already busy with sending other solicitations.…”

Section: Neighbor Discovery Dos Attackmentioning

confidence: 99%

Impacts Evaluation of DoS Attacks Over IPv6 Neighbor Discovery Protocol

Ahmed

Hassan

Othman

et al. 2019

Journal of Computer Science

View full text Add to dashboard Cite

The Neighbor Discovery Protocol (NDP) is one of the main protocols in the Internet Protocol version 6 (IPv6) suite. It provides many basic functions for the normal operations of IPv6 in a Local Area Network (LAN), such as address auto-configuration and address resolution. However, NDP has several vulnerabilities that can be used by malicious nodes to launch attacks, because NDP messages are easily spoofed. Surrounding this problem many solutions have been proposed for securing NDP but these solutions either proposed new protocols that need to be supported by all nodes or built mechanisms that require the cooperation of all nodes. In this paper we overview NDP vulnerabilities and available solutions to overcome their impacts on IPv6 network. In addition a research test bed setup to implement these vulnerabilities was introduced. Moreover attacks that prove these vulnerabilities are implemented on different types of operating systems, Windows and Linux platforms. Three network metrics throughput, delay and resources consumption have been chosen to investigate, analyze and evaluate the impacts of NDP related attacks on IPv6 link-local communication. Overall, the results had shown that performance of Linux based operating system is better than Windows based operating system.

show abstract

“…There are two categories of NDP functionalities, which involve host-to-host and host-to-router functionalities [9]. Host-host functionalities determine direct host reachability, IP destination address of the datagram, Duplicate Address Detection (DAD), and Neighbor Unreachability Detection (NUD) or determination based on the address resolution, if a selected address is already present in the link-local network, as a basis for determining the next hop.…”

Section: ) Router Solicitationmentioning

confidence: 99%

Denial of Service Attack over Secure Neighbor Discovery (SeND)

Ahmed¹,

Hassan²,

Othman³

2018

Int. J. Adv. Sci. Eng. Inf. Technol.

View full text Add to dashboard Cite

IPv6, the Internet Protocol suite version 6, uses a Neighbor Discovery Protocol (NDP). NDP mainly replaces router discovery and the Address Resolution Protocol (ARP) and after that redirects the functions used in IPv4, i.e. the Internet Protocol suite version 4. The NDP system is a stateless protocol since it does not need the dynamic host's configuration protocol server to enable the various IPv6 nodes for determining the connected hosts along with the IPv6 network routers. To add layers of protection to NDP, the SeND (Secure Neighbor Discovery) extension was developed, which provides router authorization, proof of address ownership, and message protection for the protocol. SeND employs CGAs (Cryptographically Generated Addresses) and X.509 certificates. Despite its many advantages, deploying SeND is not easy, and it is still vulnerable to specific DoS (Denial-of-Service) attacks. The components of SeND and its responses to NDP threats are further elaborated in this paper. Also, an overview of the implementation of SeND, its limitations, existing vulnerabilities, and current deployment challenges are also presented. Furthermore, to test the performance of SeND under a DoS attack, a test bed was implemented, and the results discussed.

show abstract

Detecting Neighbor Discovery Protocol-Based Flooding Attack Using Machine Learning Techniques

Cited by 8 publications

References 31 publications

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

Impacts Evaluation of DoS Attacks Over IPv6 Neighbor Discovery Protocol

Denial of Service Attack over Secure Neighbor Discovery (SeND)

Contact Info

Product

Resources

About