Detecting NDP Distributed Denial of Service Attacks Using Machine Learning Algorithm Based on Flow-Based Representation

the rapid growth of the Internet usage has caused problem on Internet protocol address space. To solve the space issue of Internet Protocol version 4 addresses, Internet Protocol version 6 was created to expand the availability of address spaces. Internet Protocol version 6 is designed to overcome the main limitations of Internet Protocol version 4 including the lack of security and the exhaustion of Internet Protocol address space. Internet Protocol version 6 protocols are not well supported by Network Intrusion Detection System, as is the case with Internet Protocol version 4 protocols. Several data mining techniques have been introduced to improve the classification mechanism of Intrusion detection system. In addition, extensive researches indicated that there is no Intrusion Detection systems for Internet Protocol version 6 using advanced machine-learning techniques to ward distributed denial of service attacks. With the increasing adoption of Internet Protocol version 6, Internet Protocol version 6-unique security issues become more urgent to address. Unlike Internet Protocol version 4, Internet Protocol version 6 relies on Internet Control Message Protocol version 6 in neighbor discovery. This means that blocking Internet Control Message Protocol version 6 traffic to reduce the possibility of using it as an attack tool, is not a viable option in most scenarios. One of the security threats posed by Internet Control Message Protocol version 6 is its possible use in Denial of Service attacks. This paper introduces a machine-learning based system to detect Distributed Denial of Service attacks that employ Neighbor Discovery protocol by using Machine learning techniques, due to the severity of the attacks and the importance of Neighbor Discovery protocol in Internet Protocol version 6. Decision tree algorithm and Random Forest Algorithm have given the highest accuracy result in comparison to the other algorithms.