Machine learning and data mining for IPv6 network defence

Michael Weisman, P. Ritchey, G. Shearer, E. Colbert, E. Dauber, L. Knachel, D. Sullivan, T. Parker, R. Greenstadt

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    In future battles, the warfighter will of necessity require more and more networked devices to perform a broad range of tasks. It has been predicted that by the year 2020, there will be 20 billion Internet-of-Things (IoT) devices (and more than 6.2 billion today) (N. Dragoni, 2017). IPv4 addresses are 32 bit and IPv6 addresses are 128 bit. All of the 232 ≈4.3 billion IPv4 addresses have already been exhausted, and except for the possible transfer from one device to another, and with the end-to-end design paradigm of IPv6, all new IoT devices will need an IPv6 address. Because of the huge number of potential IPv6 addresses (2128 ≈ 3.4 ×1038), probing every address is not possible. The only way determine IPv6 addresses is by watching traffic. In this paper, we will apply data mining and machine learning techniques to better understand the challenges of IPv6 security. We perform semi-supervised learning techniques such as augmenting k-means clustering with sparse labels to understand the distribution of IPv4 addresses, and explore whether or not clustering of IPv6 addresses is possible. We also will measure the performance of IPv4 anomaly detection algorithms and look to apply these algorithms with modifications to IPv6 data. Finally, we explore domain adaptation and transfer learning from IPv4 to IPv6 and ask how easily can we adapt a system trained for IPv4 to IPv6 and what changes do we need to make? If we include additional IPv6 training data, how do things change?.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018
    EditorsJohn S. Hurley, Jim Q. Chen
    PublisherAcademic Conferences and Publishing International Limited
    Pages681-687
    Number of pages7
    ISBN (Electronic)9781911218746
    StatePublished - Jan 1 2018
    Event13th International Conference on Cyber Warfare and Security, ICCWS 2018 - Washington, United States
    Duration: Mar 8 2018Mar 9 2018

    Publication series

    NameProceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018
    Volume2018-March

    Conference

    Conference13th International Conference on Cyber Warfare and Security, ICCWS 2018
    CountryUnited States
    CityWashington
    Period3/8/183/9/18

      Fingerprint

    Keywords

    • Data mining
    • IPv6
    • Internet of things
    • Machine learning

    ASJC Scopus subject areas

    • Computer Science Applications
    • Computer Networks and Communications
    • Safety, Risk, Reliability and Quality

    Cite this

    Weisman, M., Ritchey, P., Shearer, G., Colbert, E., Dauber, E., Knachel, L., Sullivan, D., Parker, T., & Greenstadt, R. (2018). Machine learning and data mining for IPv6 network defence. In J. S. Hurley, & J. Q. Chen (Eds.), Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018 (pp. 681-687). (Proceedings of the 13th International Conference on Cyber Warfare and Security, ICCWS 2018; Vol. 2018-March). Academic Conferences and Publishing International Limited.