nach oben

Neural Computing and Applications

Erschienen in:

04.01.2018 | Original Article

Labeled flow-based dataset of ICMPv6-based DDoS attacks

verfasst von: Omar E. Elejla, Mohammed Anbar, Bahari Belaton, Shady Hamouda

Erschienen in: Neural Computing and Applications | Ausgabe 8/2019

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

DDoS attacks that depend on Internet Control Message Protocol version 6 (ICMPv6) are one of the most commonly performed IPv6 attacks against today’s IPv6 networks. A few detection systems were proposed to detect these attacks based on self-generated datasets. These datasets used an unsuitable representation that depends on packets format as well as they include non-qualified features which lead to false alerts if the systems are applied in real networks. Moreover, most of the existing datasets are unavailable for other researchers’ usage due to their author’s privacy issues. The objective of this paper is benchmarking datasets of ICMPv6-based DDoS attacks to be used for the tuning, evaluations, and comparisons of any detection system of the attacks. The datasets setup is based on a real IPv6-enabled network topology and ensuring attack exposure. The proposed datasets are considered as the first labeled and publically available flow-based datasets represented using a set of flow-based features of the ICMPv6-based DDoS attacks. The requirements of good datasets have been achieved in the proposed datasets to ensure they are worthy be used by other researchers. Moreover, the datasets and their features proved their abilities to represent the attacks traffics by achieving robust and acceptable high detection accuracies as well as low false positive rate.

Vorheriger Artikel Intelligent tutoring system model based on fuzzy logic and constraint-based student model

Nächster Artikel Automatic clustering and feature selection using gravitational search algorithm and its application to microarray data analysis

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Conta A, Gupta M (2006) Internet control message protocol (icmpv6) for the internet protocol version 6 (ipv6) specification. Request for Comments 4443 [online]. https://tools.ietf.org/html/rfc4443.Last Accessed Aug 2015

Postel J (1981) Rfc 792: Internet control message protocol. Request for Comments 792 [online]. https://tools.ietf.org/html/rfc792.Last Accessed 2016

Elejla OE, Anbar M, Belaton B (2016) Icmpv6-based dos and ddos attacks and defense mechanisms: Review. IETE Tech Rev 34:1–18

Ard JB (2012) Internet protocol version six (ipv6) at uc davis: traffic analysis with a security perspective. University of California, Davis

Weber J, Wegener C, Schwenk J (2013) Ipv6 security test laboratory,” master dissertation Department of Network and Data Security. Ruhr-University Bochum, Bochum

Elejla OE, Belaton B, Anbar M, Alnajjar A (2016) A reference dataset for icmpv6 flooding attacks. J Eng Appl Sci 11(3):476–481

Lakhina A, Crovella M, Diot C (2004) Characterization of network-wide anomalies in traffic flows. In: Proceedings of the 4th ACM SIGCOMM conference on internet measurement, pp 201–206

Sperotto A, Sadre R, Pras A (2008) Anomaly characterization in flow-based traffic time series. In: International workshop on IP operations and management, Springer, Berlin, pp 15–27

Strayer WT, Lapsely D, Walsh R, Livadas C (2008) Botnet detection based on network behavior. In: Lee W, Wang C, Dagon D (eds) Botnet detection. Advances in Information Security, vol 36. Springer, New York, pp 1–24

10.

Sheikhan M, Jadidi Z (2014) Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network. Neural Comput Appl 24(3–4):599–611CrossRef

11.

Sperotto A (2010) Flow-based intrusion detection. Ph.D. thesis Centre for Telematics and Information Technology. University of Twente, Enschede

12.

Winter P, Hermann E, Zeilinger M (2011) Inductive intrusion detection in flow-based network data using one-class support vector machines. In: 4th IFIP international conference on IEEE new technologies, mobility and security (NTMS), pp 1–5

13.

Jacobson V, Craig Leres S (2016) Mccanne. Tcpdump. http://www.tcpdump.org, Accessed 2016

14.

Chappell L, Combs G (2010) Wireshark network analysis: The official wireshark certified network analyst study guide. https://www.wireshark.org/, Accessed 2016

15.

Nsl-Kdd (1998) Dataset for network –based intrusion detection systems. http://iscx.info/NSL-KDD/ Accessed 2016

16.

Lippmann R, Haines JW, Fried DJ, Korba J, Das K (2000) The 1999 darpa off-line intrusion detection evaluation. Comput Netw 34(4):579–595CrossRef

17.

U. O. California, Kdd cup (1999). http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html, Accessed 2016

18.

L. B. N. Laboratory (2004) Lbnl/icsi enterprise tracing project. http://www.icir.org/enterprise-tracing/. Accessed 2016

19.

Elejla OE, Jantan AB, Ahmed AA (2014) Three layers approach for network scanning detection. J Theor Appl Inf Technol 70(2):251–264

20.

Wide (2016) Mawi working group traffic archive. http://mawi.wide.ad.jp/mawi/. Accessed 2016

21.

Barrera D, Van Oorschot P (2009) Security visualization tools and ipv6 addresses. In: 6th international workshop on IEEE visualization for cyber security, VizSec 2009. pp 21–26

22.

Caida (2014) The cooperative association for internet data analysis. https://www.caida.org/data/active/ipv6_allpref_topology_dataset.xml. Accessed 25 Feb 2016

23.

Gray MD (2015) Discovery of ipv6 router interface addresses via heuristic methods. Monterey, Naval Postgraduate School, California

24.

Fomenkov M, Claffy K (2011) Internet measurement data management challenges. In: Workshop on research data lifecycle management, Princeton

25.

Zulkiflee M, Haniza N, Shahrin S, Ghani M (2014) A framework of ipv6 network attack dataset construction by using testbed environment. Int Rev Comput Softw (IRECOS) 9(8):1434–1441CrossRef

26.

Zulkiflee MA, Ahmad MSss, Sahib S, Ghani M (2015) A framework of features selection for ipv6 network attacks detection. WSEAS Trans Commun 14(46):399–408

27.

Saad R, Manickam S, Alomari E, Anbar M, Singh P (2014) Design & deployment of testbed based on icmpv6 flooding attack. J Theor Appl Inf Technol 64(3):795–801

28.

Najjar F, Kadhum MM (2015) Reliable behavioral dataset for ipv6 neighbor discovery protocol investigation. In: 5th international conference on, IEEE IT convergence and security (ICITCS), pp 1–5

29.

Elejla OE, Anbar M, Belaton B (2016) Flow-based datasets. https://sites.google.com/site/flowbaseddatasets/. Accessed 2016

30.

Usm (2016) Universiti sain malaysia (usm). https://www.usm.my/index.php/en/. Accessed 2016

31.

Heuse M (2013) Thc ipv6 attack tool kit. http://www.aldeid.com/wiki/THC-IPv6-Attack-Toolkit. Accessed 2015

32.

Gont F (2012) Si6 networks’ ipv6 toolkit. http://www.si6networks.com. Accessed 2015

33.

Grossman J, Marsili B, Goudjil C, Eromenko A (2013) Gns3 graphical network simulator. https://www.gns3.com/. Accessed 23 Jan 2016

34.

Cisco N (2001) Netflow services solutions guide. http://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/netflow/nfwhite.html#wp1030058. Accessed 2016

35.

Baldi M, Baralis EM, Risso FGO (2004) Data mining techniques for effective flow-based analysis of multi-gigabit network traffic

36.

Yu S (2014) Distributed denial of service attack and defense. Springer, BerlinCrossRef

37.

Vykopal J (2010) Flow-based intrusion detection in large and high-speed networks. PhD thesis

38.

Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2012) Nsl-kdd dataset

39.

Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The weka data mining software: an update. ACM SIGKDD Explor Newslett 11(1):10–18CrossRef

40.

Japkowicz N (2000) The class imbalance problem: Significance and strategies. In: Proceedings of the international conference on artificial intelligence, Citeseer

41.

Weiss GM, Provost F (2003) Learning when training data are costly: the effect of class distribution on tree induction. J Artif Intell Res 19:315–354CrossRefMATH

Titel: Labeled flow-based dataset of ICMPv6-based DDoS attacks
verfasst von: Omar E. Elejla
Mohammed Anbar
Bahari Belaton
Shady Hamouda
Publikationsdatum: 04.01.2018
Verlag: Springer London
Erschienen in: Neural Computing and Applications / Ausgabe 8/2019
Print ISSN: 0941-0643
Elektronische ISSN: 1433-3058
DOI: https://doi.org/10.1007/s00521-017-3319-7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 8/2019

Semi-supervised fuzzy neighborhood preserving analysis for feature extraction in hyperspectral remote sensing images

A new hand finger movements’ classification system based on bicoherence analysis of two-channel surface EMG signals

Stem cell motion-tracking by using deep neural networks with multi-output

Intelligent tutoring system model based on fuzzy logic and constraint-based student model

Face recognition using AMVP and WSRC under variable illumination and pose

Optimization of the material handling costs and the machine reliability in cellular manufacturing system using cuckoo search algorithm

Premium Partner