Flow-Based IDS for ICMPv6-Based DDoS Attacks Detection

Elejla, Omar E.; Anbar, Mohammed; Belaton, Bahari; Alijla, Basem O.

doi:10.1007/s13369-018-3149-7

Cited by 30 publications

(30 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Next, locally weighted learning, discussed in sub-section D, is used to classify NDP messages. The work of Elejla et al, [17] is used as a benchmark, by adopting their flow-based data representation, model development method and evaluation metrics. Figure 4: Flowchart of the proposed model.…”

Section: Methodsmentioning

confidence: 99%

“…Consequently, this saturates the victim's network bandwidth, which leads to the unavailability of the network to its legitimate users [4]. Deploying a Network IDS (NIDS) at the default gateway of IPv6 network tends to curb DDoS attacks [17] as it captures packets passing through the network, and analyses them for the purpose of detecting DDoS attacks. The method of representation of the network traffic determines the performance of NIDS.…”

Section: ) Ndp-based Ddos Attacksmentioning

confidence: 99%

“…IDS can be categorized, based on its location for sourcing data, as Host-Based (HIDS) or Network-Based (NIDS). In addition, IDS can be categorized based on its detection mechanism as Signature-based (SIDS), Anomaly-based (AIDS), and Stateful Protocol Analysis [17], as shown in Figure 3. Anomaly-based IDS can be further be categorized as Rulebased IDS, and Artificial Intelligence-based [20].…”

Section: Intrusion Detection Systems For Ndp Ddosmentioning

confidence: 99%

“…The LWL-DT model also had the highest false positive ratio of 0.013%. A closely related work of [17], reported an overall accuracy of 85.3% at its best, having also used flow-based representation of packets but different sets of features and dataset. Comparatively, all developed IDSs are capable of detecting DDoS and replayed attacks based on NDP-based network traffic as well in the detection of anomalies.…”

Section: B Comparative Analysis Of the Modelsmentioning

confidence: 99%

See 3 more Smart Citations

Locally weighted classifiers for detection of neighbor discovery protocol distributed denial‐of‐service and replayed attacks

Alsadhan

Hussain

Liatsis

et al. 2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

Section: Methodsmentioning

confidence: 99%

Section: ) Ndp-based Ddos Attacksmentioning

confidence: 99%

Section: Intrusion Detection Systems For Ndp Ddosmentioning

confidence: 99%

Section: B Comparative Analysis Of the Modelsmentioning

confidence: 99%

See 2 more Smart Citations

Locally weighted classifiers for detection of neighbor discovery protocol distributed denial‐of‐service and replayed attacks

Alsadhan

Hussain

Liatsis

et al. 2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…The result of experiments shows that with 0.26 RMSE, the model offered a high DA of 98.3 percent. However, the key drawback of the model is the sole detection of the ICMPv6 Echo-Request flooding attack [52]. Moreover, the size of the datasets of 2000 ICMPv6 Echo-Request packets cannot reflect the actual behavior of the DDoS attack [53].…”

Section: Consmentioning

confidence: 99%

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

2020

Self Cite

View full text Add to dashboard Cite

Although the launch of Internet Protocol version six (IPv6) addressed the issue of IPv4's address depletion, but also mandated the use of Internet Control Message Protocol version six (ICMPv6) messages in newly introduced features such as the Neighbor Discovery Protocol (NDP). This has exacerbated existing network attacks including ICMPv6-based Denial of Service (DoS) attacks and its variant form Distributed Denial of Service (DDoS) attack. Intrusion Detection Systems (IDS) aimed at tackling security issues raised by ICMPv6-based DoS and DDoS attacks have been reviewed by researchers and a general classification of existing IDSs was proposed as anomaly-based and signature-based. However, it is incredibly hard to see the overall picture of IDSs based on Machine Learning (ML) techniques with such a classification, as there is a lack of a more detailed view of the ML approach, classifiers, feature selection techniques, datasets, and different evaluation metrics. Nevertheless, recent developments in this relatively new field have not been covered such as ML-based IDSs using flow-based traffic representation. Therefore, this paper specifically reviews and classifies IDSs based on ML techniques to detect ICMPv6-based DoS and DDoS attacks as single and hybrid classifiers. In addition, blockchain applicability in Collaborative IDS (CIDS) architecture based on the ensemble framework has been proposed as a solution to one of the open challenges for ICMPv6-based DoS and DDoS attacks detection problem. Moreover, this review also provides a classification of ICMPv6 vulnerabilities to DoS and DDoS attacks which would provide a reference resource for future researchers in this domain. To the best of the author's knowledge, this is the first review paper specifically focusing on IDSs based on ML techniques in this domain, as well as blockchain applicability as a possible research direction has been proposed to attract researcher's focus on building ensemble learning-based IDS models.

show abstract

IPv6 addressing with hidden duplicate address detection to mitigate denial of service attacks in the internet of drone

Kumar,

Pragya

2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryThe fusion of drones with the Internet, termed the Internet of Drones (IoD), resembles the Internet of Things (IoT) paradigm. In IoD, drones necessitate unique identifiers similar to IPv6 addresses. This paper presents a novel approach for securing the duplicate address detection (DAD) process in the IoD environment. This paper focuses on addressing the security challenges posed by malicious drones in the DAD process. The proposed solution introduces a hidden DAD (H‐DAD) process, to mitigate attacks on the DAD process. In this scheme, drones transmit a transformed portion of their interface identifier (IID) while concealing the full IID, thus thwarting potential disruptions by malicious entities. We evaluated the effectiveness of the H‐DAD scheme through experimental analysis using Python with SimPy, comparing it with the Improved DAD, Secure DAD, and Standard DAD schemes. Our results demonstrate a notable improvement, with the Hidden DAD scheme achieving a 100% address success rate under attack. Moreover, it exhibits approximately 5% and 12% lower overhead and energy consumption, respectively, compared to the other schemes.

show abstract

Flow-Based IDS for ICMPv6-Based DDoS Attacks Detection

Cited by 30 publications

References 27 publications

Locally weighted classifiers for detection of neighbor discovery protocol distributed denial‐of‐service and replayed attacks

Locally weighted classifiers for detection of neighbor discovery protocol distributed denial‐of‐service and replayed attacks

ICMPv6-Based DoS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review

IPv6 addressing with hidden duplicate address detection to mitigate denial of service attacks in the internet of drone

Contact Info

Product

Resources

About