ICMPv6_DDOS- Dataset

Published: 20 June 2024| Version 1 | DOI: 10.17632/g583tzgv5s.1
Om Salamkayala


This Dataset was generated through the implementation of a straightforward network design, featuring a Cisco 2901 router, a Cisco 3560 switch, and four Windows systems. Within the network, three Linux operating systems (LPC-0, LPC-1, LPC-2) were installed using VMware, alongside a Windows server system (WVS). Physical connectivity was established through the com 4 port, with individual adapter in VMware tailored to respective individual systems that has individual NIC cards, configured within the Staffordshire University Lab environment using IP version 6 addresses. Configuration of the router and switch was carried out using PuTTY, ensuring seamless network traffic among all devices. To assess network behaviour, both under normal conditions and during an ICMPv6 attack, Wireshark was employed on the WVS system to capture the traffic running the Scapy script from LPC-1 and LPC-2. The normal and the attack traffic for a duration of 4 hrs 45 min approximately amounting to 5.12 GB was captured(500,000 bytes/sec). This traffic was subsequently transformed into an Excel sheet with a size of 186 MB as a sample dataset with file name Labdataset.csv. The proposed Model was employed on this dataset. DDoS attack Topology.jpg file depicts the network architecture utilized to simulate a scenario for launching a DDoS attack and capturing the resulting traffic to generate datasets. The router is configured with the IPv6 address 2001:db8:acad:10::1 on interface Gigabit 0/0 (G0/0), which connects to a Windows Server assigned the address 2001:db8:acad:10::5. Similarly, the other interface of the router, G0/1, is assigned the address 2001:db8:1:20::db8 and is linked to a Switch via Fast Ethernet0/0 (Fe0), with additional connections to LPC-0, LPC-1, and LPC-2 on ports Fe1, Fe2, and Fe3 respectively, each assigned an IPv6 address. All devices in Figure 16, including the Router, Switch, Server, and nodes (LPC-0, LPC-1, LPC-2), are verified to be connected and communicating with each other using the ping command and their respective assigned IP addresses. Wireshark was installed on the Windows Server to capture both normal and attack traffic packets. The DDoS attack is initiated using a Scapy script from LPC-1 and LPC-2, targeting the Windows Server with a high volume of Echo request and Echo reply packets. Periodically, the Windows Server is tested by pinging from LPC-0 to ascertain its availability. If the server is determined to be down due to the attack, evidenced by response timeouts when pinged from LPC-0, the traffic capturing process is halted.


Steps to reproduce

Provided in Description.


Staffordshire University School of Computing


Computer Network, Cybersecurity, Communication Network, Networking, Cyber Attack