Flow-Representation Approach For ICMPV6-Based DDOS Attacks Detection

Thumbnail Image
Date
2018-04
Authors
Elejla, Omar E. O.
Journal Title
Journal ISSN
Volume Title
Publisher
Universiti Sains Malaysia
Abstract
In addition to the address expandability, IPv6 broughts new functionalities, such as Neighbor Discovery Protocol (NDP) and address auto-configuration scheme, which depends on Internet Control Message Protocol version 6 (ICMPv6) protocol. ICMPv6 is delegated with more responsibilities than Internet Control Message Protocol version 4 (ICMPv4) in IPv4, and it is considered the backbone and the mandatory part in IPv6 native networks. IPv6 is vulnerable to a number of attacks from IPv4, besides new attacks have appeared within its new features. The most popular IPv6 attacks are Denial of Service (DoS) and its distributed version (DDoS) that use ICMPv6 messages. ICMPv6-based DoS & DDoS attacks are one of the major problems of today’s Internet, impacting economic damages in some serious cases. Anomaly Intrusion Detection Systems (AIDSs) have been proposed to address the problem of ICMPv6-based DoS & DDoS attacks. Unfortunately, these AIDSs rely on packet-based representations of the network traffic as their inputs, which fail to capture the nature of the attacks that consist of streams of malicious traffic. Moreover, these AIDS are unable to accurately detect the attacks due to their lack of considerations for the attacks related features and the attacks polymorphic behaviors. In addition, poor quality datasets have been used to train and test the existing AIDS which also impacting their detection accuracy. This research proposes an approach that is able to accurately detect ICMPv6-based DoS & DDoS attacks. The proposed approach uses a flow-based network traffic representation to overcome the limitations of packets-based representation. The flow-based representation constructs the traffic that capture the essential elements in the streams and behaviour of ICMPv6-based DoS & DDoS attacks. In addition, the proposed approach identifies a set of novel relevant features to be used for detecting the attacks as well as enriching these features with behaviour & contextual based features to further improve the attacks detection ability.
Description
Keywords
Flow-representation approach for ICMPV6 , based DDOS attacks detection
Citation
URI
http://hdl.handle.net/123456789/7848
Collections
Pusat Pengajian Sains Komputer - Tesis