Neighbor discovery protocol anomaly-based detection system using neural network algorithm

The exponential increase in Internet-facing devices in the last decade has resulted in IP address exhaustion due to the limitations of the existing IPv4 address space. Therefore, the Internet Engineering Task Force engineered a new version of the Internet protocol known as Internet Protocol Version 6 (IPv6) to resolve the issue. However, IPv6 is highly dependent on the neighbor discovery protocol (NDP), which, unfortunately, has well-known vulnerabilities in its underlying messaging protocol, the Internet Control Message Protocol version 6. So, the NDP flaws leave the IPv6 network open to many security threats and attacks, including man-in-the-middle, spoofing, and denial-of-service attacks, which are the most annoying attack at the network layer. Unfortunately, one of the critical issues plaguing the existing anomaly-based detection system is the effectiveness of detecting NDP-based DDoS attacks, which requires urgent attention. This paper suggests a system to find network traffic patterns that are not normal that are caused by NDP-based attacks. It does this by teaching neural networks how to recognize network attack patterns using the backpropagation algorithm. The proposed system is a big step forward from where the field is now because it uses a complex neural network algorithm to create an NDP anomaly-based detection system. Using a real dataset to test the proposed system's performance shows that it can find NDP anomalies with a 99.95% success rate, a 99.92% precision rate, a 99.98% recall rate, an F1-Score of 99.98%, and a 0.040% false positive rate. Also, the proposed approach shows better results compared to other existing approaches.