Comparison of classification algorithms on ICMPv6-based DDoS attacks detection

Abstract

Computer networks are aimed to be secured from any potential attacks. Intrusion Detection systems (IDS) are a popular software to detect any possible attacks. Among the mechanisms that are used to build accurate IDSs, classification algorithms are extensively used due to their efficiency and auto-learning ability. This paper aims to evaluate classification algorithms for detecting the dangerous and popular IPv6 attacks which are ICMPv6-based DDoS attacks. A comparison between five classification algorithms namely Decision Tree (DT), Support Vector Machine (SVM), Naïve Bayes (NB), K-Nearest Neighbors (KNN) and Neural Networks (NN) were conducted. The comparison was conducted using a publicly available flow-based dataset. The experimental results showed that classifiers have detected most of the included attacks with a range from 73%-85% for the true positive rate. Moreover, KNN classification algorithm has been the fastest algorithm (0.12 seconds) with the best detection accuracy (85.7%) and less false alarms (0.171). However, SVM achieved the lowest detection accuracy (73%) while NN was the slowest algorithm in training the detection model (323 seconds).