Locally weighted classifiers for detection of neighbor discovery protocol distributed denial‐of‐service and replayed attacks

The Internet of Thing (IoT) requires more IP addresses than Internet Protocol version 4 can offer. To solve this problem, Internet Protocol version 6 was developed to expand the availability of address spaces. Moreover, it supports hierarchical address allocation methods, which can facilitate route aggregation, thus limiting expansion of routing tables. An important feature of the Internet Protocol version 6 (IPv6) suites is the Neighbour Discovery Protocol (NDP), which is geared towards substitution of the Address Resolution Protocol in router discovery, and function redirection in Internet Protocol version 4. However, NDP is vulnerable to Denial of Service (DoS) attacks. In this contribution, we present a novel detection method for Distributed Denial of Service (DDoS) attacks, launched using NDP in IPv6. The proposed system uses flow-based network representation, instead of packet-based. It exploits the advantages of Locally Weighted Learning techniques, with three different machine learning models as its base learners. Simulation studies demonstrate that the intrusion detection method does not suffer from overfitting issues, offers lower computation costs and complexity, while exhibiting high accuracy rates. In summary, the proposed system uses 6 features, extracted from our bespoke dataset and is capable of detecting DDoS attacks with 99% accuracy and replayed attacks with an accuracy of 91.17%, offering a marked improvement in detection performance over state-of-the-art approaches.