Deep-Learning-Based Approach to Detect ICMPv6 Flooding DDoS Attacks on IPv6 Networks

Abstract

Internet Protocol version six (IPv6) is more secure than its forerunner, Internet Protocol version four (IPv4). IPv6 introduces several new protocols, such as the Internet Control Message Protocol version six (ICMPv6), an essential protocol to the IPv6 networks. However, it exposes IPv6 networks to some security threats since ICMPv6 messages are not verified or authenticated, and they are mandatory messages that cannot be blocked or disabled. One of the threats currently facing IPv6 networks is the exploitation of ICMPv6 messages by malicious actors to execute distributed denial of service (DDoS) attacks. Therefore, this paper proposes a deep-learning-based approach to detect ICMPv6 flooding DDoS attacks on IPv6 networks by introducing an ensemble feature selection technique that utilizes chi-square and information gain ratio methods to select significant features for attack detection with high accuracy. In addition, a long short-term memory (LSTM) is employed to train the detection model on the selected features. The proposed approach was evaluated using a synthetic dataset for false-positive rate (FPR), detection accuracy, F-measure, recall, and precision, achieving 0.55%, 98.41%, 98.39%, 97.3%, and 99.4%, respectively. Additionally, the results reveal that the proposed approach outperforms the existing approaches.