{"title":"基于神经网络算法的邻居发现协议异常检测系统","authors":"","doi":"10.1007/s10207-024-00815-1","DOIUrl":null,"url":null,"abstract":"<h3>Abstract</h3> <p>The exponential increase in Internet-facing devices in the last decade has resulted in IP address exhaustion due to the limitations of the existing IPv4 address space. Therefore, the Internet Engineering Task Force engineered a new version of the Internet protocol known as Internet Protocol Version 6 (IPv6) to resolve the issue. However, IPv6 is highly dependent on the neighbor discovery protocol (NDP), which, unfortunately, has well-known vulnerabilities in its underlying messaging protocol, the Internet Control Message Protocol version 6. So, the NDP flaws leave the IPv6 network open to many security threats and attacks, including man-in-the-middle, spoofing, and denial-of-service attacks, which are the most annoying attack at the network layer. Unfortunately, one of the critical issues plaguing the existing anomaly-based detection system is the effectiveness of detecting NDP-based DDoS attacks, which requires urgent attention. This paper suggests a system to find network traffic patterns that are not normal that are caused by NDP-based attacks. It does this by teaching neural networks how to recognize network attack patterns using the backpropagation algorithm. The proposed system is a big step forward from where the field is now because it uses a complex neural network algorithm to create an NDP anomaly-based detection system. Using a real dataset to test the proposed system’s performance shows that it can find NDP anomalies with a 99.95% success rate, a 99.92% precision rate, a 99.98% recall rate, an F1-Score of 99.98%, and a 0.040% false positive rate. Also, the proposed approach shows better results compared to other existing approaches.</p>","PeriodicalId":50316,"journal":{"name":"International Journal of Information Security","volume":"117 1","pages":""},"PeriodicalIF":2.4000,"publicationDate":"2024-02-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Neighbor discovery protocol anomaly-based detection system using neural network algorithm\",\"authors\":\"\",\"doi\":\"10.1007/s10207-024-00815-1\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<h3>Abstract</h3> <p>The exponential increase in Internet-facing devices in the last decade has resulted in IP address exhaustion due to the limitations of the existing IPv4 address space. Therefore, the Internet Engineering Task Force engineered a new version of the Internet protocol known as Internet Protocol Version 6 (IPv6) to resolve the issue. However, IPv6 is highly dependent on the neighbor discovery protocol (NDP), which, unfortunately, has well-known vulnerabilities in its underlying messaging protocol, the Internet Control Message Protocol version 6. So, the NDP flaws leave the IPv6 network open to many security threats and attacks, including man-in-the-middle, spoofing, and denial-of-service attacks, which are the most annoying attack at the network layer. Unfortunately, one of the critical issues plaguing the existing anomaly-based detection system is the effectiveness of detecting NDP-based DDoS attacks, which requires urgent attention. This paper suggests a system to find network traffic patterns that are not normal that are caused by NDP-based attacks. It does this by teaching neural networks how to recognize network attack patterns using the backpropagation algorithm. The proposed system is a big step forward from where the field is now because it uses a complex neural network algorithm to create an NDP anomaly-based detection system. Using a real dataset to test the proposed system’s performance shows that it can find NDP anomalies with a 99.95% success rate, a 99.92% precision rate, a 99.98% recall rate, an F1-Score of 99.98%, and a 0.040% false positive rate. Also, the proposed approach shows better results compared to other existing approaches.</p>\",\"PeriodicalId\":50316,\"journal\":{\"name\":\"International Journal of Information Security\",\"volume\":\"117 1\",\"pages\":\"\"},\"PeriodicalIF\":2.4000,\"publicationDate\":\"2024-02-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10207-024-00815-1\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10207-024-00815-1","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Neighbor discovery protocol anomaly-based detection system using neural network algorithm
Abstract
The exponential increase in Internet-facing devices in the last decade has resulted in IP address exhaustion due to the limitations of the existing IPv4 address space. Therefore, the Internet Engineering Task Force engineered a new version of the Internet protocol known as Internet Protocol Version 6 (IPv6) to resolve the issue. However, IPv6 is highly dependent on the neighbor discovery protocol (NDP), which, unfortunately, has well-known vulnerabilities in its underlying messaging protocol, the Internet Control Message Protocol version 6. So, the NDP flaws leave the IPv6 network open to many security threats and attacks, including man-in-the-middle, spoofing, and denial-of-service attacks, which are the most annoying attack at the network layer. Unfortunately, one of the critical issues plaguing the existing anomaly-based detection system is the effectiveness of detecting NDP-based DDoS attacks, which requires urgent attention. This paper suggests a system to find network traffic patterns that are not normal that are caused by NDP-based attacks. It does this by teaching neural networks how to recognize network attack patterns using the backpropagation algorithm. The proposed system is a big step forward from where the field is now because it uses a complex neural network algorithm to create an NDP anomaly-based detection system. Using a real dataset to test the proposed system’s performance shows that it can find NDP anomalies with a 99.95% success rate, a 99.92% precision rate, a 99.98% recall rate, an F1-Score of 99.98%, and a 0.040% false positive rate. Also, the proposed approach shows better results compared to other existing approaches.
期刊介绍:
The International Journal of Information Security is an English language periodical on research in information security which offers prompt publication of important technical work, whether theoretical, applicable, or related to implementation.
Coverage includes system security: intrusion detection, secure end systems, secure operating systems, database security, security infrastructures, security evaluation; network security: Internet security, firewalls, mobile security, security agents, protocols, anti-virus and anti-hacker measures; content protection: watermarking, software protection, tamper resistant software; applications: electronic commerce, government, health, telecommunications, mobility.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
