Skip to main content
Log in

Deep learning approach for detecting router advertisement flooding-based DDoS attacks

  • Original Research
  • Published:
Journal of Ambient Intelligence and Humanized Computing Aims and scope Submit manuscript

    We’re sorry, something doesn't seem to be working properly.

    Please try refreshing the page. If that doesn't work, please contact support so we can address the problem.

Abstract

The proliferation of connected devices under the Internet of things makes the adoption of Internet protocol version 6 (IPv6) is occurring faster and become more needed. It was designed and engineered to provide a much larger address space than its predecessor and provides better security. However, some newly introduced protocols in IPv6, such as neighbor discovery protocol (NDP), open up new vulnerabilities. NDP plays a vital role in IPv6 link-local communication. However, NDP is stateless and lacks messages authentication which exposes it to different types of attacks such as router advertisement (RA) flooding distributed denial of service attack. To address these issues, this paper proposes an approach based on deep learning to detect this kind of attack. In the proposed approach, two feature ranking algorithms, namely (1) one-rule and (2) Chi-squared are used to select the significant features that contribute to detect RA flooding attacks. The selected features are then used to feed Recurrent Neural Network which is used as the prediction model. The performance of the proposed approach is evaluated using a simulated IPv6 dataset and achieves an exceptional performance with 99.6% detection accuracy and a very low false-positive rate of 0.3%. In addition, the results reveal that the proposed approach outperforms the well-known state-of-the-art approach in terms of detection accuracy and false-positive rate.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Explore related subjects

Discover the latest articles, news and stories from top researchers in related subjects.

References

Download references

Acknowledgements

This research was supported by Research University (RU) Grant, Universiti Sains Malaysia (USM) No: 1001.PNAV.8011107

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mohammed Anbar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hasan, A.H., Anbar, M. & Alamiedy, T.A. Deep learning approach for detecting router advertisement flooding-based DDoS attacks. J Ambient Intell Human Comput 14, 7281–7295 (2023). https://doi.org/10.1007/s12652-022-04437-0

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12652-022-04437-0

Keywords

Navigation