ICMPv6 Echo Request Ddos Attack Detection Framework Using Backpropagation Neural Network

Thumbnail Image
Date
2016-03
Authors
Mohammed Ahmed Saad, Redhwan
Journal Title
Journal ISSN
Volume Title
Publisher
Universiti Sains Malaysia
Abstract
The rapid growth of the Internet in the last few years have exposed the limitation of address space in the current Internet protocol (IP) namely IPv4, due to the increasing consumption of IP addresses. The IPv6 has been developed to provide sufficient address space. It ships with a new protocol. i.e., the Internet Control Message Protocol version 6 (ICMPv6), this protocol is a mandatory protocol in IPv6 networks unlike in IPv4, in which ICMP can be blocked or dropped. ICMPv6 opens the door for attackers to attack IPv6 networks. The most frequent types of attack in IPv6 networks at the network layer is an ICMPv6 DDoS flooding attack. One of the main problem in ICMPv6 DDoS flooding attacks is accuracy detection, which suffers from a high false alarm rate. Thus, protecting infrastructure service is a critical issue that urgently needs to be addressed. The aim of this thesis is to propose a framework for detecting ICMPv6 DoS/DDoS flooding attacks, which consists of four stages to achieve the research objectives, which are: (1) Data collection and preprocessing that aims to filter out the ICMPv6 packets and filtering dataset from any redundant data to reduce traffic volume, thus increasing the accuracy detection rate. (2) Network traffic analysis that contributes on selecting the most important features for detecting ICMPv6 DDoS flooding attack. (3) Anomaly-based detection that intends to aggregate IP packets and detect anomaly packets by proposing rulesbased method with threshold technique. (4) Verification of ICMPv6 flooding detection that aims to verify the detection of ICMPv6 flooding attack behaviour by using artificial neural network technique. Since, this thesis consider the necessity for detecting anomaly-based attack that can detect the malicious traffic and improve the Internet security. The major contribution of this thesis is to provide a framework that responds to detect ICMPv6 echo request flooding attack. The result as well as its quantitative evaluation, clearly shows that the proposed v6IDSF can detect ICMPv6 DDoS flooding attacks, with accuracies of 88.9% in terms of DDoS anomaly detection and 98.3% in terms of ICMPv6 flooding attacks detection respectively. The accuracy of the proposed framework is compared with the most sufficient approach available in literatures using real traffic dataset. All this would help to improve the Internet security.
Description
Keywords
Internet
Citation
URI
http://hdl.handle.net/123456789/3583
Collections
Pusat IPv6 Termaju Negara - Tesis