Wireless Communications and Mobile Computing

Research Article

Labelled Dataset on Distributed Denial-of-Service (DDoS) Attacks Based on Internet Control Message Protocol Version 6 (ICMPv6)

Table 2

Comparison of existing IPv6 datasets.


No.	Datasets	Description	Disadvantages

1	MAWI [37]	The daily effects of normal IPv6 traffic. Intended for nonsecurity purposes. Publicly available online. Packet-based representation.	Cannot be used for detection systems evaluation. Only comprises normal IPv6 traffic. Traffic representation based on ten features.
2	CAIDA [32]	Includes a few IPv6 attacks type. The traffic is unlabelled. Publicly available online. Packet-based representation.	Cannot be used for detection systems evaluation. Source and destination IP addresses features are removed. Utilizes limited features.
3	Zulkiflee et al. [41]	Only three types of IPv6 attacks were included. THC Toolkit utilized to perform attacks. Packet-based representation.	Does not cover all potential ICMPv6 DDoS attacks. Not available online. Traffic representation based on six features.
4	Najjar and Kadhum [31]	Uses GNS3 tool to a create dataset on a virtual network. Comprises three IPv6 attack types. Normal and abnormal (attacks) traffic are labelled. Packet-based representation.	Does not cover all potential ICMPv6 DDoS attacks. Not available online. Traffic representation based on seven features.
5	Saad et al. [34]	Includes ICMPv6 echo request message DoS attack packets. Created based on a real network. Packet-based representation.	Does not cover all potential ICMPv6 DoS attacks. Not available online. Traffic representation based on eight features
5	Omer et al. [17]	The source of normal traffic is a real-life network. Achieved the requirements of a good dataset. Represented features for ICMPv6 DDoS attacks.	Contains a few package details. Unable to detect attacks that rely on package payload. Preprocessing for flow construct is needed. Only contain a set of 11 traffic flows.