Hybridizing entropy based mechanism with adaptive threshold algorithm to detect RA flooding attack in IPv6 networks

Abstract

The implementation of the neighbor discovery protocol has introduced new security vulnerabilities to Internet protocol version 6 (IPv6) networks. One of the most common attacks being attributed to the IPv6 network layer is the denial of service (DoS) router advertisement (RA) flooding attack. An attacker can flood massive amounts of RA packets to the IPv6 multicast address which cause the hosts inside the link-local network to run out of central processing unit resources due to packet processing overhead. This research proposes a hybrid approach of entropy-based technique combined with the adaptive threshold algorithm to detect the aforementioned attack. By dynamically adapting the threshold and choosing the right entropy feature, the proposed technique is able to detect various scenarios of DoS RA flooding attack, including evasion techniques used by attackers. The proposed technique yields 98% detection accuracy according to the experiment conducted.