Abstract

The ability of an intrusion detection system (IDS) to accurately detect potential attacks is crucial in protecting network resources and data from the attack's destructive effects. Among many techniques available for incorporation into IDS to improve its accuracy, classification algorithms have been demonstrated to produce impressive and efficient results in detecting IPv4-based attacks but have not yet been investigated in IPv6-based attacks. This paper aims to present the result of a comparative analysis on the performance of three classifier algorithms, namely, decision tree, random forest, and k-nearest neighbor (k-NN), to detect an IPv6-based attack, specifically ICMPv6-based DoS flooding. The experimental results showed that there is no single best algorithm that outperforms others in all measured metrics. k-NN has the lowest false-positive outcome while RF has the lowest false-negative (missed attacks) percentage.