Machine Learning and Data Mining for IPv6 Network Defence

In future battles, the warfighter will of necessity require more and more networked devices to perform a broad range of tasks. It has been predicted that by the year 2020, there will be 20 billion Internet-of-Things (IoT) devices (and more than 6.2 billion today) (N. Dragoni, 2017). IPv4 addresses are 32 bit and IPv6 addresses are 128 bit. All of the 232 approximate to 4.3 billion IPv4 addresses have already been exhausted, and except for the possible transfer from one device to another, and with the end-to-end design paradigm of IPv6, all new IoT devices will need an IPv6 address. Because of the huge number of potential IPv6 addresses (2128 approximate to 3.4 x1038), probing every address is not possible. The only way determine IPv6 addresses is by watching traffic. In this paper, we will apply data mining and machine learning techniques to better understand the challenges of IPv6 security. We perform semi-supervised learning techniques such as augmenting k-means clustering with sparse labels to understand the distribution of IPv4 addresses, and explore whether or not clustering of IPv6 addresses is possible. We also will measure the performance of IPv4 anomaly detection algorithms and look to apply these algorithms with modifications to IPv6 data. Finally, we explore domain adaptation and transfer learning from IPv4 to IPv6 and ask how easily can we adapt a system trained for IPv4 to IPv6 and what changes do we need to make? If we include additional IPv6 training data, how do things change?