Labeled flow-based dataset of ICMPv6-based DDoS attacks

Elejla, Omar E.; Anbar, Mohammed; Belaton, Bahari; Hamouda, Shady

doi:10.1007/s00521-017-3319-7

Cited by 20 publications

(17 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The monitoring devices capture all inbound and outbound network traffic (including payload and header) without filtration and packet loss. The monitoring devices capture the packets as representing the actual network traffic [33]. The most common network traffic capturing software is TCP-Dump [34] and WireShark [35], which are typically placed at the edge point of the network.…”

Section: ) Packet-based Network Trafficmentioning

confidence: 99%

Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP)

et al. 2021

Self Cite

View full text Add to dashboard Cite

Internet Protocol version six (IPv6) is equipped with new protocols, such as the Neighbor Discovery Protocol (NDP). NDP is a stateless protocol without authentication that makes it vulnerable to many types of attacks, such as Router Advertisement (RA) and Neighbour Solicitation (NS) DoS flooding attacks. In these types of attacks, attackers send an enormous volume of abnormal NDP traffic, which causes congestion that degrades network performance. The expected behavior among these attacks is the existence of NDP traffic abnormalities. Thus, this research aims to propose a flow-based approach to detect abnormal NDP traffic behavior, which is considered an indicator of the presence of NDP-based attacks, such as RA and NS DoS flooding attacks. Also, the proposed approach relies on flow-based network traffic representation and adoption of the Entropy algorithm to detect the randomness in the network traffic. The proposed approach is evaluated in terms of detection accuracy, precision, recall, and F1-Score using a simulated dataset. The experimental result shows that the proposed approach obtained 98.1%, 55%, 100%, and 70.96% for average accuracy, precision, recall, and F1-Score, respectively, in detecting abnormal NDP traffic behavior caused by the RA DoS flooding attack. Meanwhile, the proposed approach obtained 99%, 91.3%, 100%, and 95.45% for average accuracy, precision, recall, and F1-Score, respectively, in detecting the abnormal NDP traffic behavior caused by the NS DoS flooding attack. Also, the proposed approach shows better results compared to other existing approaches.

show abstract

Section: ) Packet-based Network Trafficmentioning

confidence: 99%

Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP)

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…However, their work was proposed and developed based on the unidirectional flow concept and limited the type of network attack to the cyclostationarity-related attack such as SSH scan attack and SPAM attack. Elejla et al [17] also presented a dataset for ICMPv6 DDoS attack detection. The dataset was created and modeled using unidirectional flow features, which replicated the campus network traffic.…”

Section: Traffic Modeling and Its Application In Dataset Genera-mentioning

confidence: 99%

Novel Bi-directional Flow-based Traffic Generation Framework for IDS Evaluation and Exploratory Data Analysis

Wilailux

Ngamsuriyaroj

2021

Journal of Information Processing

View full text Add to dashboard Cite

Flow-based network traffic information has been recently used to detect malicious intrusion. However, several available public flow-based datasets are unidirectional, and bidirectional flow-based datasets are rarely available. In this paper, a novel framework to generate bidirectional flow-based datasets for IDS evaluation is proposed. The generated dataset has the mixed combination of normal background traffic and attack traffic. The background traffic is based on the key traffic feature of the MAWI network traffic traces, and five popular attack traffics are generated based on their statistical traffic features. The generated dataset is characterized using the PCA approach, and we found out that benign and malicious traffic are distinct. With the proposed framework, a dataset of bi-directional flow-based traffic is generated and it would be used for evaluating an effective intrusion detection engine.

show abstract

“…The intrusion dataset containing both normal and malicious network traffic is the essential component that can be used for benchmarking the performance of an IDS. Benchmarking refers to the performance of an IDS using performance evaluation metrics results obtained during experiments after applying various data mining techniques [44]. The intrusion datasets are mostly generated in the following two ways:…”

Section: Datasetmentioning

confidence: 99%

“…Average DA of 99.5% reflected the capability to differentiate between normal and attack data using the datasets containing 250,008 records. Though the authors have claimed high DA, the proposed technique is only limited to floodingbased DoS attacks using RA messages of NDP [44]. In addition, less detail about the experimental environment and attack tools is given.…”

Section: B Single Classifier-based Ids 1) Packet Features-based Idssmentioning

confidence: 99%

“…Although, Elejla et. al [44] prepared two publicly available intrusion detection datasets to evaluate the performance of ML-based IDS models using a flow-based network traffic representation. However, existing datasets lack DDoS attacks based on ICMPv6 error messages, which means that immediate attention needs to be paid to the evaluation and comparison of different ML-based IDS models that have used flow-based network traffic representation.…”

Section: Lack Of Benchmark Datasetmentioning

confidence: 99%

See 1 more Smart Citation

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

2020

Self Cite

View full text Add to dashboard Cite

Although the launch of Internet Protocol version six (IPv6) addressed the issue of IPv4's address depletion, but also mandated the use of Internet Control Message Protocol version six (ICMPv6) messages in newly introduced features such as the Neighbor Discovery Protocol (NDP). This has exacerbated existing network attacks including ICMPv6-based Denial of Service (DoS) attacks and its variant form Distributed Denial of Service (DDoS) attack. Intrusion Detection Systems (IDS) aimed at tackling security issues raised by ICMPv6-based DoS and DDoS attacks have been reviewed by researchers and a general classification of existing IDSs was proposed as anomaly-based and signature-based. However, it is incredibly hard to see the overall picture of IDSs based on Machine Learning (ML) techniques with such a classification, as there is a lack of a more detailed view of the ML approach, classifiers, feature selection techniques, datasets, and different evaluation metrics. Nevertheless, recent developments in this relatively new field have not been covered such as ML-based IDSs using flow-based traffic representation. Therefore, this paper specifically reviews and classifies IDSs based on ML techniques to detect ICMPv6-based DoS and DDoS attacks as single and hybrid classifiers. In addition, blockchain applicability in Collaborative IDS (CIDS) architecture based on the ensemble framework has been proposed as a solution to one of the open challenges for ICMPv6-based DoS and DDoS attacks detection problem. Moreover, this review also provides a classification of ICMPv6 vulnerabilities to DoS and DDoS attacks which would provide a reference resource for future researchers in this domain. To the best of the author's knowledge, this is the first review paper specifically focusing on IDSs based on ML techniques in this domain, as well as blockchain applicability as a possible research direction has been proposed to attract researcher's focus on building ensemble learning-based IDS models.

show abstract

Labeled flow-based dataset of ICMPv6-based DDoS attacks

Cited by 20 publications

References 13 publications

Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP)

Flow-Based Approach to Detect Abnormal Behavior in Neighbor Discovery Protocol (NDP)

Novel Bi-directional Flow-based Traffic Generation Framework for IDS Evaluation and Exploratory Data Analysis

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

Contact Info

Product

Resources

About