Detecting Distributed Denial of Service Attacks in Neighbour Discovery Protocol Using Machine Learning Algorithm Based on Streams Representation

The main protocol of the Internet protocol version 6 suites is the neighbour discovery protocol, which is geared towards substitution of address resolution protocol, router discovery, and function redirection in Internet protocol version 4. Internet protocol version 6 nodes employ neighbour discovery protocol to detect linked hosts and routers in Internet protocol version 6 network without the dependence on dynamic host configuration protocol server, which has earned the neighbour discovery protocol the title of the stateless protocol. The authentication process of the neighbour discovery protocol exhibits weaknesses that make this protocol vulnerable to attacks. Denial of service attacks can be triggered by a malicious host through the introduction of spoofed addresses in neighbour discovery protocol messages. Internet version 6 protocols are not well supported by Network Intrusion Detection System as is the case with Internet Protocol version 4 protocols. Several data mining techniques have been introduced to improve the classification mechanism of Intrusion detection system. In addition, extensive researches indicated that there is no Intrusion Detection system for Internet Protocol version 6 using advanced machine-learning techniques toward distributed denial of service attacks. This paper aims to detect Distributed Denial of Service attacks of the Neighbour Discovery protocol using machine-learning techniques, due to the severity of the attacks and the importance of Neighbour Discovery protocol in Internet Protocol version 6. Decision tree algorithm and Random Forest Algorithm showed high accuracy results in comparison to the other benchmarked algorithms.