ICMPv6_DDOS- Dataset

This Dataset was generated through the implementation of a straightforward network design, featuring a Cisco 2901 router, a Cisco 3560 switch, and four Windows systems. Within the network, three Linux operating systems (LPC-0, LPC-1, LPC-2) were installed using VMware, alongside a Windows server system (WVS). Physical connectivity was established through the com 4 port, with individual adapter in VMware tailored to respective individual systems that has individual NIC cards, configured within the Staffordshire University Lab environment using IP version 6 addresses. Configuration of the router and switch was carried out using PuTTY, ensuring seamless network traffic among all devices. To assess network behaviour, both under normal conditions and during an ICMPv6 attack, Wireshark was employed on the WVS system to capture the traffic running the Scapy script from LPC-1 and LPC-2. The normal and the attack traffic for a duration of 4 hrs 45 min approximately amounting to 5.12 GB was captured(500,000 bytes/sec). This traffic was subsequently transformed into an Excel sheet with a size of 186 MB as a sample dataset with file name Labdataset.csv. The proposed Model was employed on this dataset. DDoS attack Topology.jpg file depicts the network architecture utilized to simulate a scenario for launching a DDoS attack and capturing the resulting traffic to generate datasets. The router is configured with the IPv6 address 2001:db8:acad:10::1 on interface Gigabit 0/0 (G0/0), which connects to a Windows Server assigned the address 2001:db8:acad:10::5. Similarly, the other interface of the router, G0/1, is assigned the address 2001:db8:1:20::db8 and is linked to a Switch via Fast Ethernet0/0 (Fe0), with additional connections to LPC-0, LPC-1, and LPC-2 on ports Fe1, Fe2, and Fe3 respectively, each assigned an IPv6 address. All devices in Figure 16, including the Router, Switch, Server, and nodes (LPC-0, LPC-1, LPC-2), are verified to be connected and communicating with each other using the ping command and their respective assigned IP addresses. Wireshark was installed on the Windows Server to capture both normal and attack traffic packets. The DDoS attack is initiated using a Scapy script from LPC-1 and LPC-2, targeting the Windows Server with a high volume of Echo request and Echo reply packets. Periodically, the Windows Server is tested by pinging from LPC-0 to ascertain its availability. If the server is determined to be down due to the attack, evidenced by response timeouts when pinged from LPC-0, the traffic capturing process is halted.

本数据集通过搭建简易网络架构生成，该网络包含一台思科（Cisco）2901路由器、一台思科（Cisco）3560交换机以及四台Windows主机。网络内部署了三台基于威睿（VMware）虚拟化平台的Linux操作系统（LPC-0、LPC-1、LPC-2），以及一台Windows服务器系统（WVS）。物理连接通过COM4端口搭建完成，威睿（VMware）内为每台独立主机配置了专属网络适配器与对应网卡，并在斯塔福德郡大学（Staffordshire University）实验室环境中使用互联网协议第6版（IPv6）地址完成全网络配置。路由器与交换机的配置通过PuTTY工具完成，以保障所有设备间的网络流量顺畅互通。为评估网络在正常工况与ICMPv6攻击下的运行行为，研究人员在WVS系统上部署Wireshark工具，捕获由LPC-1与LPC-2上运行的Scapy脚本生成的流量。本次捕获的正常与攻击流量总时长约4小时45分钟，总数据量达5.12 GB，传输速率约为500,000字节/秒。后续该流量被转换为容量186 MB的Excel格式样本数据集，文件命名为Labdataset.csv。本研究所提出的模型已在该数据集上完成测试与应用。《DDoS Attack Topology.jpg》文件展示了用于模拟DDoS攻击场景、捕获对应流量以生成数据集的网络架构。路由器在千兆以太网接口Gigabit 0/0（G0/0）上配置了IPv6地址2001:db8:acad:10::1，该接口连接了一台IPv6地址为2001:db8:acad:10::5的Windows服务器。同理，路由器的另一接口G0/1配置了IPv6地址2001:db8:1:20::db8，通过快速以太网接口Fast Ethernet0/0（Fe0）与交换机相连；交换机的Fe1、Fe2、Fe3端口分别连接LPC-0、LPC-1与LPC-2，各节点均配置了专属IPv6地址。图16中的所有设备，包括路由器、交换机、服务器与节点（LPC-0、LPC-1、LPC-2），均已通过ping命令与各自分配的IP地址验证了连通性与通信能力。研究人员在Windows服务器上安装Wireshark工具，用于捕获正常与攻击流量数据包。本次DDoS攻击通过LPC-1与LPC-2上运行的Scapy脚本发起，以大量回声请求与回声应答数据包攻击目标Windows服务器。研究人员定期通过LPC-0执行ping操作以测试Windows服务器的可用性。若因攻击导致服务器无响应，表现为LPC-0的ping请求出现超时，则立即停止流量捕获流程。