Deep learning approach for detecting router advertisement flooding-based DDoS attacks

The proliferation of connected devices under the Internet of things makes the adoption of Internet protocol version 6 (IPv6) is occurring faster and become more needed. It was designed and engineered to provide a much larger address space than its predecessor and provides better security. However, some newly introduced protocols in IPv6, such as neighbor discovery protocol (NDP), open up new vulnerabilities. NDP plays a vital role in IPv6 link-local communication. However, NDP is stateless and lacks messages authentication which exposes it to different types of attacks such as router advertisement (RA) flooding distributed denial of service attack. To address these issues, this paper proposes an approach based on deep learning to detect this kind of attack. In the proposed approach, two feature ranking algorithms, namely (1) one-rule and (2) Chi-squared are used to select the significant features that contribute to detect RA flooding attacks. The selected features are then used to feed Recurrent Neural Network which is used as the prediction model. The performance of the proposed approach is evaluated using a simulated IPv6 dataset and achieves an exceptional performance with 99.6% detection accuracy and a very low false-positive rate of 0.3%. In addition, the results reveal that the proposed approach outperforms the well-known state-of-the-art approach in terms of detection accuracy and false-positive rate.