NDP-FD6:一种IPv6网络NDP洪泛行为多分类检测框架  

作　　者：夏文豪 张连成[3] 郭毅[3] 张宏涛[2] 林斌 Xia Wenhao;Zhang Liancheng;Guo Yi;Zhang Hongtao;Lin Bin(School of Cyber Science&Engineering,Zhengzhou University,Zhengzhou 450001,China;Network Management Center,Zhengzhou University,Zhengzhou 450001,China;College of Cyberspace Security,Information Engineering University,Zhengzhou 450002,China)

机构地区：[1]郑州大学网络空间安全学院,郑州450001 [2]郑州大学网络管理中心,郑州450001 [3]信息工程大学网络空间安全学院,郑州450002

出　　处：《计算机应用研究》2024年第10期3141-3148,共8页Application Research of Computers

基　　金：河南省重点研发与推广专项(科技攻关)资助项目(232102210135,212102310989);河南省高等学校重点科研资助项目(22A520044)。

摘　　要：当前NDP洪泛行为检测研究主要集中于RA和NS洪泛行为的检测,对于NDP协议中其他报文洪泛行为的检测能力不足。此外,传统阈值规则检测方法存在动态性差、准确率低的问题,而基于人工智能的检测方法大多只能进行二分类检测,缺乏多分类检测能力。为此,提出一种针对NDP协议洪泛行为的多分类检测框架,并提出基于时间间隔特征的NDP协议洪泛行为检测方法。通过流量收集、数据处理等过程构建了首个用于NDP洪泛检测的多分类数据集,并对比使用了5种机器学习和5种深度学习算法来训练检测模型。实验结果表明,利用机器学习中XGBoost算法的检测准确率可达99.18%,深度学习中的Transformer算法的检测准确率可达98.45%。与现有检测方法相比准确率更高,同时该检测框架可以检测出NDP协议5种报文的9类洪泛行为,并可对洪泛行为进行多分类划分。Current researches on NDP flooding behavior detection mainly focus on detecting RA flooding and NS flooding behaviors,and there is insufficient flooding detection for other messages of the NDP protocol.Moreover,traditional threshold rule detection methods suffer from poor dynamics and low accuracy,while most of the AI-based detection methods can only perform binary classification detection,and there are still challenges in performing multi-classification detection.In short,there is a lack of corresponding research in multi-classification flooding detection of all messages of NDP protocol.Therefore,this paper proposed a multi-classification detection framework for NDP protocol flooding behaviors,and proposed a flooding behavior detection method for NDP protocol based on time interval characteristics.The framework constructed the first multi-classification dataset for NDP flooding detection through the processes of traffic collection and data processing,it compared and used 5 machine learning and 5 deep learning algorithms to train the detection model.The experimental results show that the detection accuracy of the XGBOOST algorithm in machine learning can reach 99.18%,and the detection accuracy of the Transformer algorithm in deep learning can reach 98.45%.Compared with the existing detection methods,the accuracy is higher.Meanwhile,the detection framework can detect 9 types of flooding behaviors for all 5 types of messages of NDP protocol and classify the flooding behaviors into multiple types.

关 键 词：IPV6 NDP 洪泛检测 DDOS 机器学习 深度学习 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]