Portal de Periódicos da CAPES

Comparison of Classification Algorithms on ICMPv6-Based DDoS Attacks Detection

2018; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-981-13-2622-6_34

1876-1119

Omar E. Elejla, Bahari Belaton, Mohammed Anbar, Basim Alabsi, Ahmed K. Al-Ani,

Internet Traffic Analysis and Secure E-voting

Computer networks are aimed to be secured from any potential attacks. Intrusion Detection systems (IDS) are a popular software to detect any possible attacks. Among the mechanisms that are used to build accurate IDSs, classification algorithms are extensively used due to their efficiency and auto-learning ability. This paper aims to evaluate classification algorithms for detecting the dangerous and popular IPv6 attacks which are ICMPv6-based DDoS attacks. A comparison between five classification algorithms namely Decision Tree (DT), Support Vector Machine (SVM), Naïve Bayes (NB), K-Nearest Neighbors (KNN) and Neural Networks (NN) were conducted. The comparison was conducted using a publicly available flow-based dataset. The experimental results showed that classifiers have detected most of the included attacks with a range from 73%-85% for the true positive rate. Moreover, KNN classification algorithm has been the fastest algorithm (0.12 seconds) with the best detection accuracy (85.7%) and less false alarms (0.171). However, SVM achieved the lowest detection accuracy (73%) while NN was the slowest algorithm in training the detection model (323 seconds).