Labelled Dataset on Distributed Denial-of-Service (DDoS) Attacks Based on Internet Control Message Protocol Version 6 (ICMPv6)

Abstract

The most dangerous attack against IPv6 networks today is a distributed denial-of-service (DDoS) attack using Internet Control Message Protocol version 6 (ICMPv6) messages. Many ICMPv6-DDoS attack detection mechanisms rely on self-created datasets because very few suitable ICMPv6-DDoS attack datasets are publicly available due to privacy and security concerns. When implemented in a real network, however, a detection system that relies on a dataset with incorrect packet or flow representation and contains unqualified features generates a large number of false alerts. The goal of this work is to create a comprehensive ICMPv6-DDoS attack dataset that can be used for tuning, benchmarking, and evaluating any detection systems designed to detect ICMPv6-DDoS attacks. The proposed datasets met the criteria for a good dataset, ensuring their usefulness to other researchers. A GNS3 network simulation tool is used to simulate an IPv6 network and generate ICMPv6 traffic for the dataset. The generated traffic contains both normal and abnormal ICMPv6 traffic, with the abnormal traffic containing ten different ICMPv6-DDoS attacks based on RA and NS message flooding. Five classifiers were chosen, varying in terms of type, classification performance, and the number of features used, and the results were as follows: decision tree 80%, support vector machine 78%, naïve Bayes 80%, k-nearest neighbours 81%, and neural networks 81%. The proposed dataset has been shown to accurately represent attack traffic in tests, with a high detection accuracy and a low false-positive rate.