Skip to main content
SpringerLink
Log in

A Machine Learning Approach to Detect Router Advertisement Flooding Attacks in Next-Generation IPv6 Networks

  • Published:
Cognitive Computation Aims and scope Submit manuscript

Abstract

Router advertisement (RA) flooding attack aims to exhaust all node resources, such as CPU and memory, attached to routers on the same link. A biologically inspired machine learning-based approach is proposed in this study to detect RA flooding attacks. The proposed technique exploits information gain ratio (IGR) and principal component analysis (PCA) for feature selection and a support vector machine (SVM)-based predictor model, which can also detect input traffic anomaly. A real benchmark dataset obtained from National Advanced IPv6 Center of Excellence laboratory is used to evaluate the proposed technique. The evaluation process is conducted with two experiments. The first experiment investigates the effect of IGR and PCA feature selection methods to identify the most contributed features for the SVM training model. The second experiment evaluates the capability of SVM to detect RA flooding attacks. The results show that the proposed technique demonstrates excellent detection accuracy and is thus an effective choice for detecting RA flooding attacks. The main contribution of this study is identification of a set of new features that are related to RA flooding attack by utilizing IGR and PCA algorithms. The proposed technique in this paper can effectively detect the presence of RA flooding attack in IPv6 network.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Barbhuiya FA, Bansal G, Kumar N, Biswas S, Nandi S. Detection of neighbor discovery protocol based attacks in ipv6 network. Netw Sci 2013;2(3-4):91–113.

    Article  Google Scholar 

  2. Goel JN, Mehtre B. Stack overflow based defense for ipv6 router advertisement flooding (dos) attack. Proceedings of 3rd international conference on advanced computing, networking and informatics. New Delhi: Springer; 2016. p. 299–308.

  3. Caicedo CE, Joshi JB, Tuladhar SR. Ipv6 security challenges. Computer 2009;42(2):36–42.

    Article  Google Scholar 

  4. Narten T, Simpson WA, Nordmark E, Soliman H. Neighbor discovery for ip version 6 (ipv6), Tech. Rep. 2461, 2007, obsoleted by RFC 4861, upyeard by RFC 4311. [Online]. Available: http://www.ietf.org/rfc/rfc2461.txt.

  5. Finlayson R, Mann T, Mogul J, Theimer M. A reverse address resolution protocol, Tech. Rep., 1984, rFC-903, JUN. [Online]. Available: http://www.ietf.org/rfc/rfc903.txt.

  6. Hendriks L, Sperotto A, Pras A. Characterizing the ipv6 security landscape by large-scale measurements. IFIP international conference on autonomous infrastructure, management and security. Cham: Springer; 2015. p. 145–149.

  7. Barbhuiya FA, Biswas S, Nandi S. Detection of neighbor solicitation and advertisement spoofing in ipv6 neighbor discovery protocol. Proceedings of the 4th international conference on Security of information and networks. New York: ACM; 2011. p. 111–118.

  8. Xu X, Wang X. An adaptive network intrusion detection method based on pca and support vector machines. Advanced data mining and applications. Berlin: Springer; 2005. p. 696–703.

  9. De la Hoz E, De La Hoz E, Ortiz A, Ortega J, Prieto B. Pca filtering and probabilistic som for network intrusion detection. Neurocomputing 2015;164:71–81.

    Article  Google Scholar 

  10. Bamakan SMH, Wang H, Yingjie T, Shi Y. An effective intrusion detection framework based on mclp/svm optimized by time-varying chaos particle swarm optimization. Neurocomputing 2016;199:90–102.

    Article  Google Scholar 

  11. Shyu M-L, Chen S-C, Sarinnapakorn K, Chang L. A novel anomaly detection scheme based on principal component classifier. 3rd IEEE international conference on data mining; 2003. p. 353–365.

  12. Yang X, Ma T, Shi Y. Typical dos/ddos threats under ipv6. International multi-conference on computing in the global information technology. Guadeloupe: IEEE; 2007. p. 55–55.

  13. Anbar M, Abdullah R, Saad RMA, Alomari E, Alsaleem S. Review of security vulnerabilities in the IPv6 neighbor discovery protocol. Singapore: Springer Singapore, 2016, pp. 603–612. [Online]. Available: https://doi.org/10.1007/978-981-10-0557-2_59 .

  14. Hota H, Shrivas AK. Decision tree techniques applied on nsl-kdd data and its comparison with various feature selection techniques. Advanced computing, networking and informatics. Cham: Springer; 2014. p. 205–211.

  15. Viertiö-Oja H, Maja V, Särkelä M, Talja P, Tenkanen N, Tolvanen-Laakso H, Paloheimo M, Vakkuri A, Yli-Hankala A, Meriläinen P. Description of the entropy algorithm as applied in the yearx-ohmeda entropy module. Acta Anaesthesiol Scand 2004;48(2):154–61.

    Article  PubMed  Google Scholar 

  16. Lv JC, Yi Z, Li Y. Non-divergence of stochastic discrete time algorithms for pca neural networks. IEEE transactions on neural networks and learning systems 2015;26(2):394–9.

    Article  PubMed  Google Scholar 

  17. Liu G, Yi Z, Yang S. A hierarchical intrusion detection model based on the pca neural networks. Neurocomputing 2007;70(7):1561–8.

    Article  Google Scholar 

  18. Yang J, Gong L, Tang Y, Yan J, He H, Zhang L, Li G. An improved svm-based cognitive diagnosis algorithm for operation states of distribution grid. Cogn Comput 2015;7(5):582–93.

    Article  Google Scholar 

  19. Wang W, Battiti R. 2005. Identifying intrusions in computer networks based on principal component analysis, Tech. Rep DIT-05-084.

  20. Xu T, He D, Luo Y. Ddos attack detection based on rlt features. 2007 international conference on, computational intelligence and security; 2007. p. 697–701.

  21. Zargar G, Kabiri P. Identification of effective network features for probing attack detection. NDT ’09. First international conference on networked digital technologies, 2009. Ostrava: IEEE; 2009. p. 392–397.

  22. Tanveer M. Robust and sparse linear programming twin support vector machines. Cogn Comput 2015;7(1): 137–49. [Online]. Available: https://doi.org/10.1007/s12559-014-9278-8.

    Article  Google Scholar 

  23. Al-Shaer E. Modeling and verification of firewall and ipsec policies using binary decision diagrams. Automated firewall analytics. Cham: Springer International Publishing; 2014. p. 25–48.

  24. Arkko J, Kempf J, Zill B, Nikander P. SEcure Neighbor Discovery (SEND), RFC 3971 (Proposed Standard), Tech. Rep. 3971, Mar. 2005, upyeard by RFCs 6494, 6495, 6980. [Online]. Available: http://www.ietf.org/rfc/rfc3971.txt.

  25. AlSa’deh A, Meinel C. Secure neighbor discovery: review, challenges, perspectives, and recommendations. IEEE Secur Priv 2012;10(4):26–34.

    Article  Google Scholar 

  26. Beck F, Cholez T, Festor O, Chrisment I. Monitoring the neighbor discovery protocol. ICCGI, 2007. international multi-conference on computing in the global information technology, 2007; 2007. p. 57–57.

  27. Chown T, Venaas S. Rogue ipv6 router advertisement problem statement, Tech. Rep., 2011, rFC-6104, Feb. [Online]. Available: https://tools.ietf.org/html/rfc6104.

  28. Ramachandran V, Nandi S. Detecting arp spoofing: an active technique. International conference on information systems security. Berlin: Springer; 2005. p. 239–250.

  29. Saad RM, Anbar M, Manickam S, Alomari E. An intelligent icmpv6 ddos flooding-attack detection framework (v6iids) using back-propagation neural network. IETE Tech Rev 2015;33:244–55.

    Article  Google Scholar 

  30. Levy-Abegnoli E, Van de Velde G, Popoviciu C, Mohacsi J. Ipv6 router advertisement guard, IETF, Tech. Rep., 2011, rFC-6105, Feb. [Online]. Available: https://tools.ietf.org/html/rfc6105.

  31. Gont F. Implementation advice for ipv6 router advertisement guard (ra-guard), Internet Engineering Task Force (IETF), Tech. Rep., 2014, rFC-7113, Feb. [Online]. Available: https://tools.ietf.org/html/rfc7113.

  32. Headquarters A. Ipv6 configuration guide, cisco ios release 12.4, Cisco, Tech. Rep., 2012. [Online]. Available: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/12-4t/ipv6-12-4t-book/ip6-eigrp.html.

  33. Uğuz H. A two-stage feature selection method for text categorization by using information gain, principal component analysis and genetic algorithm. Knowl-Based Syst 2011;24(7):1024–32.

    Article  Google Scholar 

  34. Sharma R, Pachori RB. Classification of epileptic seizures in eeg signals based on phase space representation of intrinsic mode functions. Expert Syst Appl 2015;42(3):1106–17.

    Article  Google Scholar 

  35. Lin S-l, Liu Z. Parameter selection in svm with rbf kernel function. J Zhengzhou Univ Technol 2007;35(2):1–4.

    Google Scholar 

  36. NAv6. 2016. National advanced ipv6 centre, http://www.nav6.usm.my, 2016 online; accessed 1 OCT.

  37. Narayanan HT et al. Seamless decoding of normal and oid compressed snmp pdus-an enhancement to wireshark. Procedia Eng 2012;38:1479–86.

    Article  Google Scholar 

  38. Naik A, Samant L. Correlation review of classification algorithm using data mining tool: weka, rapidminer, tanagra, orange and knime. Procedia Comput Sci 2016;85:662–8.

    Article  Google Scholar 

  39. Livadas C, Walsh R, Lapsley D, Strayer WT. Using machine learning techniques to identify botnet traffic. IEEE conference on local computer networks, Proceedings 2006 31st. Piscataway: IEEE; 2006. p. 967–974.

  40. Elhamahmy M, Elmahdy HN, Saroit IA. A new approach for evaluating intrusion detection system. International Journal of Artificial Intelligent Systems and Machine Learning 2010;11:2.

    Google Scholar 

  41. Gepperth A, Karaoguz C. A bio-inspired incremental learning architecture for applied perceptual problems. Cogn Comput 2016;8(5):924–34. https://doi.org/10.1007/s12559-016-9389-5.

    Article  Google Scholar 

  42. Javed SG, Majid A, Ali S, Kausar N. A bio-inspired parallel-framework based multi-gene genetic programming approach to denoise biomedical images. Cogn Comput 2016;8(4):776–93. [Online]. Available: https://doi.org/10.1007/s12559-016-9416-6.

    Article  Google Scholar 

  43. Wen G, Hou Z, Li H, Li D, Jiang L, Xun E. Ensemble of deep neural networks with probability-based fusion for facial expression recognition, Cogn Comput. 2017. [Online]. Available: https://doi.org/10.1007/s12559-017-9472-6.

  44. Siddique N, Adeli H. Nature-inspired chemical reaction optimisation algorithms, Cogn Comput. 2017. [Online]. Available: https://doi.org/10.1007/s12559-017-9485-1.

Download references

Acknowledgements

The authors are grateful to the anonymous reviewers for their constructive comments and suggestions, which greatly helped improve the quality of the paper. Professor A. Hussain is supported by the UK Engineering and Physical Sciences Research Council (EPSRC) grant no. EP/M026981/1.

Author information

Authors and Affiliations

  1. National Advanced IPv6 Center of Excellence (NAv6), Universiti Sains Malaysia, 11800, Gelugor, Penang, Malaysia

    Mohammed Anbar & Rosni Abdullah

  2. College of Computer Science and Engineering, Taibah University, Al-Madinah Al-Munawarah, Kingdom of Saudi Arabia

    Bassam Naji Al-Tamimi

  3. Institute of Computing Science and Mathematics, School of Natural Sciences, University of Stirling, Stirling, Scotland, UK

    Amir Hussain

Authors
  1. Mohammed Anbar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rosni Abdullah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bassam Naji Al-Tamimi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Amir Hussain
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammed Anbar.

Ethics declarations

Conflict of Interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Anbar, M., Abdullah, R., Al-Tamimi, B.N. et al. A Machine Learning Approach to Detect Router Advertisement Flooding Attacks in Next-Generation IPv6 Networks. Cogn Comput 10, 201–214 (2018). https://doi.org/10.1007/s12559-017-9519-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12559-017-9519-8

Keywords

Search

Navigation