Alsadhan, A (2020) DETECTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN IPV6 BY USING ARTIFICIAL INTELLIGENCE TECHNIQUES. Doctoral thesis, Liverpool John Moores University.
|
Text
2019Abeerphd.pdf - Published Version Download (3MB) | Preview |
Abstract
ABSTRACT The fast growth of the Internet usage has caused problem on Internet protocol address space. To solve this problem, Internet Protocol version 6 (IPv6) was created to expand the availability of address spaces. An important part of the IPv6 suites is the Neighbour Discovery Protocol (NDP), which is geared towards substitution of Address Resolution Protocol in router discovery, and function redirection in Internet Protocol version 4 (IPv4). NDP includes the routing function which is determines which route a data packet will follow to arrive at its intended destination, and the address function which assigns unique addresses to each and every device connected to a network for identification purposes. NDP messages are broadly categorized into five types and each message type carries out distinct tasks, these messages are: Router Solicitation (RS), Neighbour Solicitation (NS), Router Advertisement (RA), Neighbour Advertisement (NA), and Redirect. NDP security vulnerabilities is openness of a network of computer, wherein there exists a lack of trust among users. Typically, huge numbers of NDP messages can be used to flood a network, resulting in disconnecting of the connected devices. Due to the limitations of existing defence mechanisms, NDP are still prone to network-based attacks and these vulnerabilities must be considered while creating an IPv6 network. In this thesis, we present a novel detection method for DDoS and Replayed attacks that are launched using NDP in IPv6. This detection method is a stream-based network representation, instead of packet-based representation. The proposed detection method makes use of Locally Weighted Learning machine learning techniques, with three different algorithms as its based learner Bayesian network, Decision tree and Naïve Bayes. LWL-Bayesian Network model achieved the highest detection rate of 96.48%. LWL-Naïve Bayes model is the next best model, with an accuracy rate of 96.024%, while the LWL-Decision Tree model had the lowest overall detection rate of 93%. Comparatively, all developed IDSs are capable of detecting DDoS and Replayed attacks based on NDP-based network traffic as well as the detection of anomalies. They all demonstrated strong predictive ability, however, the LWL-Bayesian Network model proved to have the best overall performance to develop a locally weighted IDS model among the three models. In short, the development of the detection models, has strong predictive capabilities, with high accuracy rate, does not overfit, has low computational costs, and uses less time for model development and attack detection.
Item Type: | Thesis (Doctoral) |
---|---|
Uncontrolled Keywords: | IPv6; Machine Learning; Artificial Intelligence; DDos; Replayed; Attack |
Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science |
Divisions: | Computer Science & Mathematics |
Date Deposited: | 10 Mar 2020 12:47 |
Last Modified: | 03 Jan 2023 14:24 |
DOI or ID number: | 10.24377/LJMU.t.00012389 |
Supervisors: | Hussain, A, Alani, M, Shone, N and Askwith, B |
URI: | https://researchonline.ljmu.ac.uk/id/eprint/12389 |
View Item |