LAUSR

DDoS attacks that depend on Internet Control Message Protocol version 6 (ICMPv6) are one of the most commonly performed IPv6 attacks against today’s IPv6 networks. A few detection systems were proposed to detect these attacks based on self-generated datasets. These datasets used an unsuitable representation that depends on packets format as well as they include non-qualified features which lead to false alerts if the systems are applied in real networks. Moreover, most of the existing datasets are unavailable for other researchers’ usage due to their author’s privacy issues. The objective of this paper is benchmarking datasets of ICMPv6-based DDoS attacks to be used for the tuning, evaluations, and comparisons of any detection system of the attacks. The datasets setup is based on a real IPv6-enabled network topology and ensuring attack exposure. The proposed datasets are considered as the first labeled and publically available flow-based datasets represented using a set of flow-based features of the ICMPv6-based DDoS attacks. The requirements of good datasets have been achieved in the proposed datasets to ensure they are worthy be used by other researchers. Moreover, the datasets and their features proved their abilities to represent the attacks traffics by achieving robust and acceptable high detection accuracies as well as low false positive rate.