Please use this identifier to cite or link to this item: http://hdl.handle.net/1893/26343
Appears in Collections:Computing Science and Mathematics Journal Articles
Peer Review Status: Refereed
Title: A Machine Learning Approach to Detect Router Advertisement Flooding Attacks in Next-Generation IPv6 Networks (Forthcoming/Available Online)
Authors: Anbar, Mohammed
Abdullah, Rosni
Al-Tamimi, Bassam Naji
Hussain, Amir
Contact Email: ahu@cs.stir.ac.uk
Keywords: RA flooding attack
Network security
IGR
PCA
SVM
IPv6 security
Issue Date: 23-Oct-2017
Citation: Anbar M, Abdullah R, Al-Tamimi BN & Hussain A (2017) A Machine Learning Approach to Detect Router Advertisement Flooding Attacks in Next-Generation IPv6 Networks (Forthcoming/Available Online), Cognitive Computation.
Abstract: Router advertisement (RA) flooding attack aims to exhaust all node resources, such as CPU and memory, attached to routers on the same link. A biologically inspired machine learning-based approach is proposed in this study to detect RA flooding attacks. The proposed technique exploits information gain ratio (IGR) and principal component analysis (PCA) for feature selection and a support vector machine (SVM)-based predictor model, which can also detect input traffic anomaly. A real benchmark dataset obtained from National Advanced IPv6 Center of Excellence laboratory is used to evaluate the proposed technique. The evaluation process is conducted with two experiments. The first experiment investigates the effect of IGR and PCA feature selection methods to identify the most contributed features for the SVM training model. The second experiment evaluates the capability of SVM to detect RA flooding attacks. The results show that the proposed technique demonstrates excellent detection accuracy and is thus an effective choice for detecting RA flooding attacks. The main contribution of this study is identification of a set of new features that are related to RA flooding attack by utilizing IGR and PCA algorithms. The proposed technique in this paper can effectively detect the presence of RA flooding attack in IPv6 network.
DOI Link: http://dx.doi.org/10.1007/s12559-017-9519-8
Rights: This item has been embargoed for a period. During the embargo please use the Request a Copy feature at the foot of the Repository record to request a copy directly from the author. You can only request a copy if you wish to use this work for your own research or private study.

Files in This Item:
File Description SizeFormat 
paper.pdf774.97 kBAdobe PDFUnder Embargo until 24/10/2019     Request a copy

Note: If any of the files in this item are currently embargoed, you can request a copy directly from the author by clicking the padlock icon above. However, this facility is dependent on the depositor still being contactable at their original email address.



This item is protected by original copyright



Items in the Repository are protected by copyright, with all rights reserved, unless otherwise indicated.

If you believe that any material held in STORRE infringes copyright, please contact library@stir.ac.uk providing details and we will remove the Work from public display in STORRE and investigate your claim.