{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,21]],"date-time":"2025-12-21T06:24:33Z","timestamp":1766298273985,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":33,"publisher":"Springer Singapore","isbn-type":[{"type":"print","value":"9789811680588"},{"type":"electronic","value":"9789811680595"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-981-16-8059-5_25","type":"book-chapter","created":{"date-parts":[[2021,12,2]],"date-time":"2021-12-02T13:03:12Z","timestamp":1638450192000},"page":"401-416","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Propose a Flow-Based Approach for Detecting Abnormal Behavior in Neighbor Discovery Protocol (NDP)"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2307-6302","authenticated-orcid":false,"given":"Abdullah Ahmed","family":"Bahashwan","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7026-6408","authenticated-orcid":false,"given":"Mohammed","family":"Anbar","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4378-1954","authenticated-orcid":false,"given":"Selvakumar","family":"Manickam","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2275-3201","authenticated-orcid":false,"given":"Iznan Husainy","family":"Hasbullah","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5901-3509","authenticated-orcid":false,"given":"Mohammad A.","family":"Aladaileh","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,1,1]]},"reference":[{"issue":"1","key":"25_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s12046-019-1244-4","volume":"45","author":"A Al-Ani","year":"2020","unstructured":"Al-Ani, A., Anbar, M., Al-Ani, A.K., Hasbullah, I.H.: DHCPv6Auth: a mechanism to improve DHCPv6 authentication and privacy. S\u0101dhan\u0101 45(1), 1\u201311 (2020). https:\/\/doi.org\/10.1007\/s12046-019-1244-4","journal-title":"S\u0101dhan\u0101"},{"key":"25_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.13052\/2245-1439.811","volume":"8","author":"AAO Bahashwan","year":"2019","unstructured":"Bahashwan, A.A.O., Manickam, S.: A brief review of messaging protocol standards for internet of things (IoT). J. Cyber Secur. Mob. 8, 1\u201314 (2019). https:\/\/doi.org\/10.13052\/2245-1439.811","journal-title":"J. Cyber Secur. Mob."},{"key":"25_CR3","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"705","DOI":"10.1007\/978-3-030-33582-3_66","volume-title":"Emerging Trends in Intelligent Computing and Informatics","author":"AA Bahashwan","year":"2020","unstructured":"Bahashwan, A.A., Anbar, M., Abdullah, N.: New architecture design of cloud computing using software defined networking and network function virtualization technology. In: Saeed, F., Mohammed, F., Gazem, N. (eds.) IRICT 2019. AISC, vol. 1073, pp. 705\u2013713. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-33582-3_66"},{"key":"25_CR4","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-981-15-6048-4_30","volume-title":"Advances on Smart and Soft Computing","author":"AA Bahashwan","year":"2021","unstructured":"Bahashwan, A.A., Anbar, M., Abdullah, N., Al-Hadhrami, T., Hanshi, S.M.: Review on common IoT communication technologies for both long-range network (LPWAN) and short-range network. In: Saeed, F., Al-Hadhrami, T., Mohammed, F., Mohammed, E. (eds.) Advances on Smart and Soft Computing. AISC, vol. 1188, pp. 341\u2013353. Springer, Singapore (2021). https:\/\/doi.org\/10.1007\/978-981-15-6048-4_30"},{"issue":"2","key":"25_CR5","doi-asserted-by":"publisher","first-page":"201","DOI":"10.1007\/s12559-017-9519-8","volume":"10","author":"M Anbar","year":"2018","unstructured":"Anbar, M., Abdullah, R., Al-Tamimi, B.N., Hussain, A.: A machine learning approach to detect router advertisement flooding attacks in next-generation IPv6 networks. Cogn. Comput. 10(2), 201\u2013214 (2018)","journal-title":"Cogn. Comput."},{"issue":"12","key":"25_CR6","doi-asserted-by":"publisher","first-page":"3815","DOI":"10.1007\/s00521-017-2967-y","volume":"30","author":"RM Saad","year":"2018","unstructured":"Saad, R.M., Anbar, M., Manickam, S.: Rule-based detection technique for ICMPv6 anomalous behaviour. Neural Comput. Appl. 30(12), 3815\u20133824 (2018)","journal-title":"Neural Comput. Appl."},{"key":"25_CR7","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/978-981-15-2693-0_11","volume-title":"Advances in Cyber Security","author":"AA Bahashwan","year":"2020","unstructured":"Bahashwan, A.A., Anbar, M., Hanshi, S.M.: Overview of IPv6 based DDoS and DoS attacks detection mechanisms. In: Anbar, M., Abdullah, N., Manickam, S. (eds.) ACeS 2019. CCIS, vol. 1132, pp. 153\u2013167. Springer, Singapore (2020). https:\/\/doi.org\/10.1007\/978-981-15-2693-0_11"},{"issue":"11","key":"25_CR8","doi-asserted-by":"publisher","first-page":"11306","DOI":"10.1166\/asl.2017.10272","volume":"23","author":"M Anbar","year":"2017","unstructured":"Anbar, M., Abdullah, R., Saad, R., Hasbullah, I.H.: Review of preventive security mechanisms for neighbour discovery protocol. Adv. Sci. Lett. 23(11), 11306\u201311310 (2017)","journal-title":"Adv. Sci. Lett."},{"key":"25_CR9","series-title":"Lecture Notes in Electrical Engineering","doi-asserted-by":"publisher","first-page":"347","DOI":"10.1007\/978-981-13-2622-6_34","volume-title":"Computational Science and Technology","author":"OE Elejla","year":"2019","unstructured":"Elejla, O.E., Belaton, B., Anbar, M., Alabsi, B., Al-Ani, A.K.: Comparison of classification algorithms on ICMPv6-based DDoS attacks detection. In: Computational Science and Technology. LNEE, vol. 481, pp. 347\u2013357. Springer, Singapore (2019). https:\/\/doi.org\/10.1007\/978-981-13-2622-6_34"},{"key":"25_CR10","doi-asserted-by":"publisher","first-page":"170529","DOI":"10.1109\/ACCESS.2020.3022963","volume":"8","author":"M Tayyab","year":"2020","unstructured":"Tayyab, M., Belaton, B., Anbar, M.: ICMPv6-based DoS and DDoS attacks detection using machine learning techniques, open challenges, and blockchain applicability: a review. IEEE Access 8, 170529\u2013170547 (2020)","journal-title":"IEEE Access"},{"key":"25_CR11","doi-asserted-by":"publisher","first-page":"27122","DOI":"10.1109\/ACCESS.2020.2970787","volume":"8","author":"AK Al-Ani","year":"2020","unstructured":"Al-Ani, A.K., Anbar, M., Al-Ani, A., Ibrahim, D.R.: Match-prevention technique against denial-of-service attack on address resolution and duplicate address detection processes in IPv6 link-local network. IEEE Access 8, 27122\u201327138 (2020)","journal-title":"IEEE Access"},{"key":"25_CR12","series-title":"Lecture Notes in Electrical Engineering","doi-asserted-by":"publisher","first-page":"305","DOI":"10.1007\/978-981-13-2622-6_30","volume-title":"Computational Science and Technology","author":"AK Al-Ani","year":"2019","unstructured":"Al-Ani, A.K., Anbar, M., Manickam, S., Al-Ani, A., Leau, Y.-B.: Preventing denial of service attacks on address resolution in IPv6 link-local network: AR-match security technique. In: Computational Science and Technology. LNEE, vol. 481, pp. 305\u2013314. Springer, Singapore (2019). https:\/\/doi.org\/10.1007\/978-981-13-2622-6_30"},{"issue":"4","key":"25_CR13","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1080\/02564602.2016.1192964","volume":"34","author":"OE Elejla","year":"2017","unstructured":"Elejla, O.E., Anbar, M., Belaton, B.: ICMPv6-based DoS and DDoS attacks and defense mechanisms. IETE Tech. Rev. 34(4), 390\u2013407 (2017)","journal-title":"IETE Tech. Rev."},{"key":"25_CR14","series-title":"Lecture Notes in Electrical Engineering","doi-asserted-by":"publisher","first-page":"315","DOI":"10.1007\/978-981-13-2622-6_31","volume-title":"Computational Science and Technology","author":"SBI Shah","year":"2019","unstructured":"Shah, S.B.I., Anbar, M., Al-Ani, A., Al-Ani, A.K.: Hybridizing entropy based mechanism with adaptive threshold algorithm to detect RA flooding attack in IPv6 networks. In: Computational Science and Technology. LNEE, vol. 481, pp. 315\u2013323. Springer, Singapore (2019). https:\/\/doi.org\/10.1007\/978-981-13-2622-6_31"},{"key":"25_CR15","doi-asserted-by":"publisher","first-page":"45512","DOI":"10.1109\/ACCESS.2021.3066630","volume":"9","author":"AA Bahashwan","year":"2021","unstructured":"Bahashwan, A.A., Anbar, M., Hasbullah, I.H., Alashhab, Z.R., Bin-Salem, A.: Flow-based approach to detect abnormal behavior in neighbor discovery protocol (NDP). IEEE Access 9, 45512\u201345526 (2021). https:\/\/doi.org\/10.1109\/ACCESS.2021.3066630","journal-title":"IEEE Access"},{"key":"25_CR16","series-title":"Lecture Notes in Electrical Engineering","doi-asserted-by":"publisher","first-page":"603","DOI":"10.1007\/978-981-10-0557-2_59","volume-title":"Information Science and Applications (ICISA) 2016","author":"M Anbar","year":"2016","unstructured":"Anbar, M., Abdullah, R., Saad, R.M.A., Alomari, E., Alsaleem, S.: Review of security vulnerabilities in the IPv6 neighbor discovery protocol. In: Information Science and Applications (ICISA) 2016. LNEE, vol. 376, pp. 603\u2013612. Springer, Singapore (2016). https:\/\/doi.org\/10.1007\/978-981-10-0557-2_59"},{"issue":"8","key":"25_CR17","doi-asserted-by":"publisher","first-page":"3629","DOI":"10.1007\/s00521-017-3319-7","volume":"31","author":"OE Elejla","year":"2018","unstructured":"Elejla, O.E., Anbar, M., Belaton, B., Hamouda, S.: Labeled flow-based dataset of ICMPv6-based DDoS attacks. Neural Comput. Appl. 31(8), 3629\u20133646 (2018). https:\/\/doi.org\/10.1007\/s00521-017-3319-7","journal-title":"Neural Comput. Appl."},{"issue":"12","key":"25_CR18","doi-asserted-by":"publisher","first-page":"7757","DOI":"10.1007\/s13369-018-3149-7","volume":"43","author":"OE Elejla","year":"2018","unstructured":"Elejla, O.E., Anbar, M., Belaton, B., Alijla, B.O.: Flow-based IDS for ICMPv6-based DDoS attacks detection. Arab. J. Sci. Eng. 43(12), 7757\u20137775 (2018). https:\/\/doi.org\/10.1007\/s13369-018-3149-7","journal-title":"Arab. J. Sci. Eng."},{"doi-asserted-by":"crossref","unstructured":"Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP flow information export (IPFIX), RFC 3917,10.17487\/RFC3917, October 2004. https:\/\/www.rfc-editor.org\/rfc\/pdfrfc\/rfc3917.txt.pdf","key":"25_CR19","DOI":"10.17487\/rfc3917"},{"doi-asserted-by":"crossref","unstructured":"Beck, F., Cholez, T., Festor, O., Chrisment, I.: Monitoring the neighbor discovery protocol. In: 2007 International Multi-Conference on Computing in the Global Information Technology (ICCGI 2007), p. 57. IEEE (2007)","key":"25_CR20","DOI":"10.1109\/ICCGI.2007.39"},{"unstructured":"Lecigne, C.: NDPWatch, Ethernet\/IPv6 address pairings monitor. http:\/\/ndpwatch.sourceforge.net\/. Accessed 11 May 2021","key":"25_CR21"},{"unstructured":"Morse, J.: Router Advert MONitoring Daemon. http:\/\/ramond.sourceforge.net\/. Accessed 11 May 2021","key":"25_CR22"},{"key":"25_CR23","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31, 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"unstructured":"Roesch, M.: Snort: lightweight intrusion detection for networks. In: Lisa, vol. 99, no. 1, pp. 229\u2013238 (1999)","key":"25_CR24"},{"unstructured":"Suricata: Suricata-open source IDS\/IPS\/NSM engine. https:\/\/suricata-ids.org. Accessed 02 Apr 2021","key":"25_CR25"},{"doi-asserted-by":"crossref","unstructured":"Barbhuiya, F.A., Biswas, S., Nandi, S.: Detection of neighbor solicitation and advertisement spoofing in IPv6 neighbor discovery protocol. In: Proceedings of the 4th International Conference on Security of Information and Networks, pp. 111\u2013118. ACM (2011)","key":"25_CR26","DOI":"10.1145\/2070425.2070444"},{"doi-asserted-by":"crossref","unstructured":"Bansal, G., Kumar, N., Nandi, S., Biswas, S.: Detection of NDP based attacks using MLD. In: Proceedings of the Fifth International Conference on Security of Information and Networks, pp. 163\u2013167. ACM (2012)","key":"25_CR27","DOI":"10.1145\/2388576.2388600"},{"issue":"2","key":"25_CR28","first-page":"778","volume":"6","author":"A Alalousi","year":"2016","unstructured":"Alalousi, A., Razif, R., AbuAlhaj, M., Anbar, M., Nizam, S.: A preliminary performance evaluation of K-means, KNN and EM unsupervised machine learning methods for network flow classification. Int. J. Electr. Comput. Eng. 6(2), 778 (2016)","journal-title":"Int. J. Electr. Comput. Eng."},{"doi-asserted-by":"publisher","unstructured":"Elejla, O.E., Belaton, B., Anbar, M., Smadi, I.M.: A new set of features for detecting router advertisement flooding attacks. In: 2017 Palestinian International Conference on Information and Communication Technology (PICICT), pp. 1\u20135. IEEE (2017). https:\/\/doi.org\/10.1109\/PICICT.2017.19","key":"25_CR29","DOI":"10.1109\/PICICT.2017.19"},{"issue":"46","key":"25_CR30","first-page":"399","volume":"14","author":"M Zulkiflee","year":"2015","unstructured":"Zulkiflee, M., Azmi, M., Ahmad, S., Sahib, S., Ghani, M.: A framework of features selection for ipv6 network attacks detection. WSEAS Trans. Commun. 14(46), 399\u2013408 (2015)","journal-title":"WSEAS Trans. Commun."},{"issue":"1","key":"25_CR31","doi-asserted-by":"publisher","first-page":"373","DOI":"10.32604\/cmc.2021.017972","volume":"69","author":"M Aladaileh","year":"2021","unstructured":"Aladaileh, M., Anbar, M., et al.: Entropy-based approach to detect DDoS attacks on software defined networking controller. Comput. Mater. Continua 69(1), 373\u2013391 (2021)","journal-title":"Comput. Mater. Continua"},{"key":"25_CR32","first-page":"1089","volume":"29","author":"S Bo\u0161njak","year":"2010","unstructured":"Bo\u0161njak, S., Cisar, S.M.: EWMA based threshold algorithm for intrusion detection. Comput. Inf. 29, 1089\u20131101 (2010)","journal-title":"Comput. Inf."},{"doi-asserted-by":"crossref","unstructured":"Al-Adaileh, M.A., Anbar, M., Chong, Y.-W., Al-Ani, A.: Proposed statistical-based approach for detecting distribute denial of service against the controller of software defined network (SADDCS). In: MATEC Web of Conferences, vol. 218, p. 02012. EDP Sciences (2018)","key":"25_CR33","DOI":"10.1051\/matecconf\/201821802012"}],"container-title":["Communications in Computer and Information Science","Advances in Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-16-8059-5_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,2]],"date-time":"2021-12-02T13:16:43Z","timestamp":1638451003000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-16-8059-5_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9789811680588","9789811680595"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-981-16-8059-5_25","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"1 January 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ACeS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Advances in Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Penang","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Malaysia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 August 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"aces2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.aces.usm.my\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"92","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"36","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}