Modelling And Analysis Of ICMPv6 DDoS Attacks Based On Petri Networks

With the rapid development of Io T,the number of network traffic and devices is also growing rapidly,which undoubtedly poses a challenge to the security of Io T communication,and the IPv6 protocol is gradually becoming the main communication protocol under Io T.The NDP protocol uses ICMPv6 for address resolution,neighbor unreachability detection and duplicate address detection.However,there are also network security issues with the IPv6 protocol.The security of communications over IPv6 includes not only vulnerabilities in the protocol itself,but also network attacks on the underlying ICMPv6 protocol,such as ICMPv6 DDoS attacks and ICMPv6 protocol type attacks.These attacks interfere with normal network communications and cause network paralysis.The survey also found that domestic and international research on IPv6 network security issues lacks a large number of general and actionable datasets.In this paper,we address the above issues by conducting research on three aspects: dataset collection and processing,construction of an attack Petri net model,and construction of an intrusion detection framework based on SDN architecture.Ultimately,the defense against DDoS attacks is achieved and the normal communication of the network is maintained.The main research contents of this thesis are as follows.(1)Data acquisition and processing.In this paper,we build a network simulation environment,construct an attack platform,use the THc-IPv6 tool to simulate DDoS attacks,and use the Wireshark tool for real-time acquisition,and finally detect and evaluate the data by three classification algorithms.(2)Construction of a Petri net model for attacking and defending against NS DDoS attacks.Through replication of attack behavior and deep learning of attack principles,an attack Petri net model is constructed,and its damage state and vulnerable points are determined through dynamic description and qualitative analysis of the model.Using SDN architecture,a defense Petri net is constructed.(3)Establish an intrusion detection framework based on SDN architecture.Using the characteristics of SDN NC separation,the communication is built on the SDN framework.The abnormal data is detected and classified by Bayesian algorithm,and the controller issues processing rules to protect the security of communication between nodes.The experiments were conducted by collecting attack data and using three classification algorithms,Bayesian,Random Forest and Decision Tree,to detect and classify abnormal data respectively.The experimental results show that the Bayesian algorithm has high efficiency,low false alarm rate and high accuracy in identifying and detecting anomalous data.The attack Petri net model and the defense Petri net model are also used to show the attack and defense behavior and state change.Finally,the SDN architecture is built to handle abnormal data and secure communication through the classification algorithm set by the controller.