Internet of things is a technology that allows communication between devices within a network. Since this technology depends on a network to communicate, the vulnerability of the exposed devices increased significantly. Furthermore, the use of internet protocol version 6 (IPv6) as the successor to internet protocol version 4 (IPv4) as a communication protocol constituted a significant problem for the network. Hence, this protocol was exploitable for flooding attacks in the IPv6 network. As a countermeasure against the flood, this study designed an IPv6 flood attack detection by using epsilon greedy optimized Q learning algorithm. According to the evaluation, the agent with epsilon 0.1 could reach 98% of accuracy and 11,550 rewards compared to the other agents. When compared to control models, the agent is also the most accurate compared to other algorithms followed by neural network (NN), K-nearest neighbors (KNN), decision tree (DT), naive Bayes (NB), and support vector machine (SVM). Besides that, the agent used more than 99% of a single central processing unit (CPU). Hence, the agent will not hinder internet of things (IoT) devices with multiple processors. Thus, we concluded that the proposed agent has high accuracy and feasibility in a single board computer (SBC).
A new approach of scalable traffic capture model with Pi cluster IJECEIAES
The development of the internet of things (IoT), which functions as servers, device monitors, and controllers of several peripherals inside the smart home, eased workload in many sectors. Most devices are accessible through the internet because they communicate with wired or wireless interfaces. However, this feature makes them prone to the risk of being exposed to the public. The exposed devices are an easy target for the third party to launch a flooding attack through the network. This attack overloads the system due to the low processing capability, thereby interrupting any running process and harming the device. Therefore, this study proposed a scalable network capturing model that utilized multiple Raspberry Pi boards in parallel to monitor the network traffics simultaneously. An isolated experiment was used for evaluation by running simultaneous flooding attacks on each device. The result showed that the model consumed 30.44% more memory with 14.66% lower central processing unit (CPU) usage and 3.63% faster execution time. This means that this model is better in terms of performance and effectiveness than the single capture model.
Response time optimization for vulnerability management system by combining ...IJECEIAES
The growth of information and communication technology has made the internet network have many users. On the other side, this increases cybercrime and its risks. One of the main attack targets is network weakness. Therefore, cyber security is required, which first does a network scan to stop the attack. Points of vulnerability on the network can be discovered using scanning techniques. Furthermore, mitigation or recovery measures can be implemented. However, it needs a short response time and high accuracy while scanning to reduce the level of damage caused by cyber-attacks. In this paper, the proposed method improves the performance of a vulnerability management system based on network and port scanning by combining the benchmarking and scenario planning models. On a network scanning to discover open ports on a subnet, Masscan can achieve response times of less than 2 seconds, and on scenario planning for detection on a single host by Nmap can reach less than 4 seconds. It was combining both models obtained an adequate optimization response time. The total response time is less than 6 seconds.
Denial of service attack: an analysis to IPv6 extension headers security nig...IJECEIAES
Dealing with scarcity issues of internet protocol version 4 (IPv4), internet engineering task force (IETF) developed internet protocol version 6 (IPv6) to support the needs of IP addresses for future use of the internet, however, one challenge that must be faced while transitioning to IPv6 is in the area of security. IPv6 is a new protocol that has many new probabilities for attackers to exploit the protocol stack and one of them is through IPv6 extension headers. Mishandling of extension headers are the security nightmares for network administrators, allowing for new security threats that will cause denial of service (DoS). As a result, the mishandling of IPv6 extension Headers creates new attack vectors that could lead to DoS–which can be exploited for different purposes, such as creating covert channels, fragmentation attacks, and routing header 0 attacks. Furthermore, this paper becomes proof of concepts that even to this day our well-known network devices are still exploitable by these attack vectors.
Network Security: Experiment of Network Health Analysis At An ISPCSCJournals
This paper presents the findings of an analysis performed at an internet service provider. Based on netflow data collected and analyzed using nfdump, it helped assess how healthy is the network of an Internet Service Providers (ISP). The findings have been instrumental in reflection about reshaping the network architecture. And they have also demonstrated the need for consistent monitoring system.
Database techniques for resilient network monitoring and inspectionTELKOMNIKA JOURNAL
Network connection logs have long been recognized as integral to proper network security, maintenance, and performance management. This paper provides a development of distributed systems and write optimized databases: However, even a somewhat sizable network will generate large amounts of logs at very high rates. This paper explains why many storage methods are insufficient for providing real-time analysis on sizable datasets and examines database techniques attempt to address this challenge. We argue that sufficient methods include distributing storage, computation, and write optimized datastructures (WOD). Diventi, a project developed by Sandia National Laboratories, is here used to evaluate the potential of WODs to manage large datasets of network connection logs. It can ingest billions of connection logs at rates over 100,000 events per second while allowing most queries to complete in under one second. Storage and computation distribution are then evaluated using Elastic-search, an open-source distributed search and analytics engine. Then, to provide an example application of these databases, we develop a simple analytic which collects statistical information and classifies IP addresses based upon behavior. Finally, we examine the results of running the proposed analytic in real-time upon broconn (now Zeek) flow data collected by Diventi at IEEE/ACM Supercomputing 2019.
A predictive model for network intrusion detection using stacking approach IJECEIAES
This document presents a predictive stacking model for network intrusion detection using two machine learning datasets - UNSW NB-15 and UGR'16. The stacking approach uses logistic regression, K nearest neighbor, decision tree, and random forest classifiers at level 0, with random forest as the meta classifier. Feature selection is performed on UNSW NB-15 to identify the most important 16 features out of 47 using permutation feature importance. Hyperparameters of the classifiers are tuned to improve performance. The stacking model is implemented using the Graphlab Create machine learning platform and evaluated on the two datasets, showing reasonably good results with fewer misclassifications of attack types.
The document discusses using machine learning for efficient attack detection in IoT devices without feature engineering. It proposes a feature-engineering-less machine learning (FEL-ML) process that uses raw packet byte streams as input instead of engineered features. This approach is lighter weight and faster than traditional methods. The FEL-ML model is trained directly on unprocessed packet data to perform malware detection on resource-constrained IoT devices. Prior research that used engineered features or complex deep learning models are not suitable for IoT due to limitations of memory and processing power. The proposed FEL-ML approach aims to enable effective network traffic security for IoT using minimal resources.
EFFICIENT ATTACK DETECTION IN IOT DEVICES USING FEATURE ENGINEERING-LESS MACH...ijcsit
Through the generalization of deep learning, the research community has addressed critical challenges in
the network security domain, like malware identification and anomaly detection. However, they have yet to
discuss deploying them on Internet of Things (IoT) devices for day-to-day operations. IoT devices are often
limited in memory and processing power, rendering the compute-intensive deep learning environment
unusable. This research proposes a way to overcome this barrier by bypassing feature engineering in the
deep learning pipeline and using raw packet data as input. We introduce a feature- engineering-less
machine learning (ML) process to perform malware detection on IoT devices. Our proposed model,”
Feature engineering-less ML (FEL-ML),” is a lighter-weight detection algorithm that expends no extra
computations on “engineered” features. It effectively accelerates the low-powered IoT edge. It is trained
on unprocessed byte-streams of packets. Aside from providing better results, it is quicker than traditional
feature-based methods. FEL-ML facilitates resource-sensitive network traffic security with the added
benefit of eliminating the significant investment by subject matter experts in feature engineering.
A new approach of scalable traffic capture model with Pi cluster IJECEIAES
The development of the internet of things (IoT), which functions as servers, device monitors, and controllers of several peripherals inside the smart home, eased workload in many sectors. Most devices are accessible through the internet because they communicate with wired or wireless interfaces. However, this feature makes them prone to the risk of being exposed to the public. The exposed devices are an easy target for the third party to launch a flooding attack through the network. This attack overloads the system due to the low processing capability, thereby interrupting any running process and harming the device. Therefore, this study proposed a scalable network capturing model that utilized multiple Raspberry Pi boards in parallel to monitor the network traffics simultaneously. An isolated experiment was used for evaluation by running simultaneous flooding attacks on each device. The result showed that the model consumed 30.44% more memory with 14.66% lower central processing unit (CPU) usage and 3.63% faster execution time. This means that this model is better in terms of performance and effectiveness than the single capture model.
Response time optimization for vulnerability management system by combining ...IJECEIAES
The growth of information and communication technology has made the internet network have many users. On the other side, this increases cybercrime and its risks. One of the main attack targets is network weakness. Therefore, cyber security is required, which first does a network scan to stop the attack. Points of vulnerability on the network can be discovered using scanning techniques. Furthermore, mitigation or recovery measures can be implemented. However, it needs a short response time and high accuracy while scanning to reduce the level of damage caused by cyber-attacks. In this paper, the proposed method improves the performance of a vulnerability management system based on network and port scanning by combining the benchmarking and scenario planning models. On a network scanning to discover open ports on a subnet, Masscan can achieve response times of less than 2 seconds, and on scenario planning for detection on a single host by Nmap can reach less than 4 seconds. It was combining both models obtained an adequate optimization response time. The total response time is less than 6 seconds.
Denial of service attack: an analysis to IPv6 extension headers security nig...IJECEIAES
Dealing with scarcity issues of internet protocol version 4 (IPv4), internet engineering task force (IETF) developed internet protocol version 6 (IPv6) to support the needs of IP addresses for future use of the internet, however, one challenge that must be faced while transitioning to IPv6 is in the area of security. IPv6 is a new protocol that has many new probabilities for attackers to exploit the protocol stack and one of them is through IPv6 extension headers. Mishandling of extension headers are the security nightmares for network administrators, allowing for new security threats that will cause denial of service (DoS). As a result, the mishandling of IPv6 extension Headers creates new attack vectors that could lead to DoS–which can be exploited for different purposes, such as creating covert channels, fragmentation attacks, and routing header 0 attacks. Furthermore, this paper becomes proof of concepts that even to this day our well-known network devices are still exploitable by these attack vectors.
Network Security: Experiment of Network Health Analysis At An ISPCSCJournals
This paper presents the findings of an analysis performed at an internet service provider. Based on netflow data collected and analyzed using nfdump, it helped assess how healthy is the network of an Internet Service Providers (ISP). The findings have been instrumental in reflection about reshaping the network architecture. And they have also demonstrated the need for consistent monitoring system.
Database techniques for resilient network monitoring and inspectionTELKOMNIKA JOURNAL
Network connection logs have long been recognized as integral to proper network security, maintenance, and performance management. This paper provides a development of distributed systems and write optimized databases: However, even a somewhat sizable network will generate large amounts of logs at very high rates. This paper explains why many storage methods are insufficient for providing real-time analysis on sizable datasets and examines database techniques attempt to address this challenge. We argue that sufficient methods include distributing storage, computation, and write optimized datastructures (WOD). Diventi, a project developed by Sandia National Laboratories, is here used to evaluate the potential of WODs to manage large datasets of network connection logs. It can ingest billions of connection logs at rates over 100,000 events per second while allowing most queries to complete in under one second. Storage and computation distribution are then evaluated using Elastic-search, an open-source distributed search and analytics engine. Then, to provide an example application of these databases, we develop a simple analytic which collects statistical information and classifies IP addresses based upon behavior. Finally, we examine the results of running the proposed analytic in real-time upon broconn (now Zeek) flow data collected by Diventi at IEEE/ACM Supercomputing 2019.
A predictive model for network intrusion detection using stacking approach IJECEIAES
This document presents a predictive stacking model for network intrusion detection using two machine learning datasets - UNSW NB-15 and UGR'16. The stacking approach uses logistic regression, K nearest neighbor, decision tree, and random forest classifiers at level 0, with random forest as the meta classifier. Feature selection is performed on UNSW NB-15 to identify the most important 16 features out of 47 using permutation feature importance. Hyperparameters of the classifiers are tuned to improve performance. The stacking model is implemented using the Graphlab Create machine learning platform and evaluated on the two datasets, showing reasonably good results with fewer misclassifications of attack types.
The document discusses using machine learning for efficient attack detection in IoT devices without feature engineering. It proposes a feature-engineering-less machine learning (FEL-ML) process that uses raw packet byte streams as input instead of engineered features. This approach is lighter weight and faster than traditional methods. The FEL-ML model is trained directly on unprocessed packet data to perform malware detection on resource-constrained IoT devices. Prior research that used engineered features or complex deep learning models are not suitable for IoT due to limitations of memory and processing power. The proposed FEL-ML approach aims to enable effective network traffic security for IoT using minimal resources.
EFFICIENT ATTACK DETECTION IN IOT DEVICES USING FEATURE ENGINEERING-LESS MACH...ijcsit
Through the generalization of deep learning, the research community has addressed critical challenges in
the network security domain, like malware identification and anomaly detection. However, they have yet to
discuss deploying them on Internet of Things (IoT) devices for day-to-day operations. IoT devices are often
limited in memory and processing power, rendering the compute-intensive deep learning environment
unusable. This research proposes a way to overcome this barrier by bypassing feature engineering in the
deep learning pipeline and using raw packet data as input. We introduce a feature- engineering-less
machine learning (ML) process to perform malware detection on IoT devices. Our proposed model,”
Feature engineering-less ML (FEL-ML),” is a lighter-weight detection algorithm that expends no extra
computations on “engineered” features. It effectively accelerates the low-powered IoT edge. It is trained
on unprocessed byte-streams of packets. Aside from providing better results, it is quicker than traditional
feature-based methods. FEL-ML facilitates resource-sensitive network traffic security with the added
benefit of eliminating the significant investment by subject matter experts in feature engineering.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to current tools.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to simplified models currently used. The simulator could help study defenses against problems like IP spoofing, DDoS attacks, and worms.
Collecting and analyzing network-based evidenceCSITiaesprime
Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end users, both personal and business related. Due to the pervasiveness of digital technologies in all aspects of human lives, it is increasingly unlikely that a digital device is involved as goal, medium or simply ‘witness’ of a criminal event. Forensic investigations include collection, recovery, analysis, and presentation of information stored on network devices and related to network crimes. These activities often involve wide range of analysis tools and application of different methods. This work presents methods that helps digital investigators to correlate and present information acquired from forensic data, with the aim to get a more valuable reconstructions of events or action to reach case conclusions. Main aim of network forensic is to gather evidence. Additionally, the evidence obtained during the investigation must be produced through a rigorous investigation procedure in a legal context.
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
EFFICIENT DEFENSE SYSTEM FOR IP SPOOFING IN NETWORKScscpconf
In this age of gigabit Ethernet and broadband internet, network security has been the top
priority for most of the researchers. Technology advancements have advantages as well as
disadvantages. Most of the communication of present world, the e-world, takes place online,
through the internet. Thus the context of network intrusions and attacks to hack into servers also
came into existence. A technique to perform this activity is made possible by preventing the
discovery of the sender’s identity through IP Spoofing [7]. Many popular internet sites have
been hacked and attackers try to forge or spoof the source addresses in IP packets. Using
spoofing detection technique, the user can retrieve the list of IP addresses and able to identify
the malicious IP addresses.Hence mechanisms must be designed to prevent hacking. This paper
proposes a novel technique to detect IP spoofing based on traffic verification and filtering
As the enormous use of internet increases day by day so as security concern is also raise day by day over
the internet. In this paper we discuss the network security and its related threats and also study the types of
protocols and few issues related to protocols in computer networks. We also simulate the design of 5 node
wired network scenario, its packet drop rate analysis through TCP protocol using NS2 as a simulator.
Analyzed the performance of 5-node network when the packet is drop down by graphical method also
called as Xgraph when rate parameter is in mb and also analyzed the performance of same network by
changing the value of rate parameter at same time so no packets would drop down at same time and also
analyzed the performance by Xgraph method.
Experimental analysis of intrusion detection systems using machine learning a...IJECEIAES
Since the invention of the internet for military and academic research purposes, it has evolved to meet the demands of the increasing number of users on the network, who have their scope beyond military and academics. As the scope of the network expanded maintaining its security became a matter of increasing importance. With various users and interconnections of more diversified networks, the internet needs to be maintained as securely as possible for the transmission of sensitive information to be one hundred per cent safe; several anomalies may intrude on private networks. Several research works have been released around network security and this research seeks to add to the already existing body of knowledge by expounding on these attacks, proffering efficient measures to detect network intrusions, and introducing an ensemble classifier: a combination of 3 different machine learning algorithms. An ensemble classifier is used for detecting remote to local (R2L) attacks, which showed the lowest level of accuracy when the network dataset is tested using single machine learning models but the ensemble classifier gives an overall efficiency of 99.8%.
The Impact on Security due to the Vulnerabilities Existing in the network a S...IJAEMSJORNAL
Software Defined Networking, the emerging technology is taking the network sector to a new variant. Networking sector completely focused on hardware infrastructure is now moving towards software programming. Due to an exponential growth in the number of user and the amount of information over wires, there arises a great risk with the existing IP Network architecture. Software Defined Networking paves a platform identifying a feasible solution to the problem by virtualization. Software Defined Networking provides a viable path in virtualization and managing the network resources in an “On Demand Manner”. This study is focused on the drawbacks of the existing technology and a fine grained introduction to Software Defined Networking. Further adding to the above topic, this study also passes over the current steps taken in the industrial sector in implementing Software Defined Networking. This study makes a walkthrough about the security features of Software Defined Networking, its advantages, limitations and further scope in identifying the loopholes in the security.
NETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATIONIJITE
There is a gap between the network security graduate and the professional life. In this paper we discussed the different types of network intrusion dataset and then we highlighted the fact that any student can easily create a network intrusion dataset that is representative of the network they are in. Intrusions can be in form of anomaly or network signature; the students cannot grasp all types but they have to have the ability to detect malicious packets within his network.
Network Intrusion Datasets Used In Network Security EducationIJITE
This document discusses network intrusion datasets used in network security education. It summarizes various existing network intrusion datasets like DARPA 1998-1999, KDD Cup 99, Indian River State College dataset, and Kyoto 2006+ and highlights limitations of each. It then proposes a methodology to create a new educational network intrusion dataset by combining corpus linguistics methodology with network security models. The methodology includes collecting a balanced and representative dataset from real networks, analyzing and labeling the data, and using it to train classifiers for intrusion detection.
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...IJECEIAES
This research demonstrates the revealing of an advanced encryption standard (AES) encryption device key. The encryption device is applied to an ATMEGA328P microcontroller. The said microcontroller is a device commonly used in the internet of things (IoT). We measured power consumption when the encryption process is taking place. The message sent to the encryption device is randomly generated, but the key used has a fixed value. The novelty of this research is the creation of a systematic and optimal circuit in carrying the differential power analysis or difference of means (DPA/DoM) technique, so the technique can be applied in key revealing on a microcontroller device by using 500 traces in 120 seconds.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
Quantum Cryptography Approach for Resolving Cyber Threatsijtsrd
The research work focused on the future of the internet security transaction without allowing unauthorized user from accessing the secret document. The system was implemented with python flask framework been the lightest micro framework. The quantum key distribution generator model used is the BB84. Users can create account one the sender and other receiver then peered together in single communication channel. The sender attach file and send it in an encrypted manner to be received by receiver on presenting the same quantum key used for encrypting it. Once the eavesdropper click the link of the protocol, an alarm is raised and the system quantum key is change instantly and committed into the database. The other application is the Quantum Simulator, this application is used for generating a simulation for a quantum cryptography. Madubuezi Christian Okoronkwo | Onwuzo J. C | Gregory E. Anichebe "Quantum Cryptography Approach for Resolving Cyber Threats" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-6 , October 2021, URL: https://www.ijtsrd.com/papers/ijtsrd46458.pdf Paper URL : https://www.ijtsrd.com/computer-science/artificial-intelligence/46458/quantum-cryptography-approach-for-resolving-cyber-threats/madubuezi-christian-okoronkwo
A comprehensive study of distributed Denial-of-Service attack with the detect...IJECEIAES
With the dramatic evolution in networks nowadays, an equivalent growth of challenges has been depicted toward implementing and deployment of such networks. One of the serious challenges is the security where wide range of attacks would threat these networks. Denial-of-Service (DoS) is one of the common attacks that targets several types of networks in which a huge amount of information is being flooded into a specific server for the purpose of turning of such server. Many research studies have examined the simulation of networks in order to observe the behavior of DoS. However, the variety of its types hinders the process of configuring the DoS attacks. In particular, the Distributed DoS (DDoS) is considered to be the most challenging threat to various networks. Hence, this paper aims to accommodate a comprehensive simulation in order to figure out and detect DDoS attacks. Using the well-known simulator technique of NS-2, the experiments showed that different types of DDoS have been characterized, examined and detected. This implies the efficacy of the comprehensive simulation proposed by this study.
IRJET - Detecting and Securing of IP Spoofing Attack by using SDNIRJET Journal
This document discusses detecting and preventing IP spoofing attacks using software-defined networking (SDN). It begins with an abstract that outlines using SDN architecture to implement controls for IP spoofing through an algorithm to manage flows of unused IP addresses via the shortest path. It then discusses how IP spoofing works by creating packets with fake source IP addresses. The proposed approach uses SDN destination networking to associate source networks with cryptographic keys added to packets for authentication by routers. This provides incentives for internet service providers to implement spoofing prevention. Evaluation shows the proposed approach improves performance metrics like IP address usage, intrusion detection, secure data transmission, and synchronization compared to existing methods.
Software engineering based self-checking process for cyber security system in...IJECEIAES
Newly, the cyber security of vehicle ad hoc network (VANET) includes two practicable: vehicle to vehicle (V2V) and Vehicle to Infrastructure (V2I) that have been considered due to importance. It has become possible to keep pace with the development in the world. The people safety is a priority in the development of technology in general and particular in of VANET for police vehicles. In this paper, we propose a software engineering based self-checking process to ensure the high redundancy of the generated keys. These keys are used in underlying cyber security system for VANET. The proposed self-checking process emploies a set of NIST tests including frequency, block and runs as a threshold for accepting the generated keys. The introduced cyber security system includes three levels: Firstly, the registration phase that asks vehicles to register in the system, in which the network excludes the unregistered ones. In this phase, the proposed software engineeringbased self-checking process is adopted. Secondly, the authentication phase that checks of the vehicles after the registration phase. Thirdly, the proposed system that is able to detect the DOS attack. The obtained results show the efficient performance of the proposed system in managing the security of the VANET network. The self-checking process increased the randomness of the generated keys, in which the security factor is increased.
A new algorithm to enhance security against cyber threats for internet of thi...IJECEIAES
One major problem is detecting the unsuitability of traffic caused by a distributed denial of services (DDoS) attack produced by third party nodes, such as smart phones and other handheld Wi-Fi devices. During the transmission between the devices, there are rising in the number of cyber attacks on systems by using negligible packets, which lead to suspension of the services between source and destination, and can find the vulnerabilities on the network. These vulnerable issues have led to a reduction in the reliability of networks and a reduction in consumer confidence. In this paper, we will introduce a new algorithm called rout attack with detection algorithm (RAWD) to reduce the affect of any attack by checking the packet injection, and to avoid number of cyber attacks being received by the destination and transferred through a determined path or alternative path based on the problem. The proposed algorithm will forward the real time traffic to the required destination from a new alternative backup path which is computed by it before the attacked occurred. The results have showed an improvement when the attack occurred and the alternative path has used to make sure the continuity of receiving the data to the main destination without any affection.
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...IDES Editor
The development of Internet protocols are greatly
needed as the network security becomes one of the most
important issues. This brings the need to develop IPv4 into
IPv6 in order to proceed towards increasing the network
capacity.
Now Intruders are considered as one of the most serious
threats to the internet security. Data mining techniques have
been successfully utilized in many applications. Many
research projects have applied data mining techniques to
intrusion detection. Furthermore different types of data
mining algorithms are very much useful to intrusion detection
such as Classification, Link Analysis and Sequence Analysis.
Moreover, one of the major challenges in securing fast
networks is the online detection of suspicious anomalies in
network traffic pattern. Most of the current security solutions
failed to perform the security task in online mode because of
the time needed to capture the packets and making decision
about it.
Practically, this study provides alliterative survey for the
enhancement associated with IPv6 in terms of its security
related functions. It is worthy mentioned that this study is
concurred with the data mining approaches that have been
used to detect intrusions.
The document describes experiments conducted using Cisco Packet Tracer software to simulate and test different computer network topologies. It includes 15 experiments covering topics like connecting devices using hubs and switches, implementing bus, star, ring, tree and hybrid topologies, creating local and wireless networks, and connecting multiple networks using routers. Each experiment lists the aim, steps to set up the topology, and provides a brief explanation of the networking concepts tested.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
More Related Content
Similar to IPv6 flood attack detection based on epsilon greedy optimized Q learning in single board computer
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to current tools.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to simplified models currently used. The simulator could help study defenses against problems like IP spoofing, DDoS attacks, and worms.
Collecting and analyzing network-based evidenceCSITiaesprime
Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end users, both personal and business related. Due to the pervasiveness of digital technologies in all aspects of human lives, it is increasingly unlikely that a digital device is involved as goal, medium or simply ‘witness’ of a criminal event. Forensic investigations include collection, recovery, analysis, and presentation of information stored on network devices and related to network crimes. These activities often involve wide range of analysis tools and application of different methods. This work presents methods that helps digital investigators to correlate and present information acquired from forensic data, with the aim to get a more valuable reconstructions of events or action to reach case conclusions. Main aim of network forensic is to gather evidence. Additionally, the evidence obtained during the investigation must be produced through a rigorous investigation procedure in a legal context.
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
EFFICIENT DEFENSE SYSTEM FOR IP SPOOFING IN NETWORKScscpconf
In this age of gigabit Ethernet and broadband internet, network security has been the top
priority for most of the researchers. Technology advancements have advantages as well as
disadvantages. Most of the communication of present world, the e-world, takes place online,
through the internet. Thus the context of network intrusions and attacks to hack into servers also
came into existence. A technique to perform this activity is made possible by preventing the
discovery of the sender’s identity through IP Spoofing [7]. Many popular internet sites have
been hacked and attackers try to forge or spoof the source addresses in IP packets. Using
spoofing detection technique, the user can retrieve the list of IP addresses and able to identify
the malicious IP addresses.Hence mechanisms must be designed to prevent hacking. This paper
proposes a novel technique to detect IP spoofing based on traffic verification and filtering
As the enormous use of internet increases day by day so as security concern is also raise day by day over
the internet. In this paper we discuss the network security and its related threats and also study the types of
protocols and few issues related to protocols in computer networks. We also simulate the design of 5 node
wired network scenario, its packet drop rate analysis through TCP protocol using NS2 as a simulator.
Analyzed the performance of 5-node network when the packet is drop down by graphical method also
called as Xgraph when rate parameter is in mb and also analyzed the performance of same network by
changing the value of rate parameter at same time so no packets would drop down at same time and also
analyzed the performance by Xgraph method.
Experimental analysis of intrusion detection systems using machine learning a...IJECEIAES
Since the invention of the internet for military and academic research purposes, it has evolved to meet the demands of the increasing number of users on the network, who have their scope beyond military and academics. As the scope of the network expanded maintaining its security became a matter of increasing importance. With various users and interconnections of more diversified networks, the internet needs to be maintained as securely as possible for the transmission of sensitive information to be one hundred per cent safe; several anomalies may intrude on private networks. Several research works have been released around network security and this research seeks to add to the already existing body of knowledge by expounding on these attacks, proffering efficient measures to detect network intrusions, and introducing an ensemble classifier: a combination of 3 different machine learning algorithms. An ensemble classifier is used for detecting remote to local (R2L) attacks, which showed the lowest level of accuracy when the network dataset is tested using single machine learning models but the ensemble classifier gives an overall efficiency of 99.8%.
The Impact on Security due to the Vulnerabilities Existing in the network a S...IJAEMSJORNAL
Software Defined Networking, the emerging technology is taking the network sector to a new variant. Networking sector completely focused on hardware infrastructure is now moving towards software programming. Due to an exponential growth in the number of user and the amount of information over wires, there arises a great risk with the existing IP Network architecture. Software Defined Networking paves a platform identifying a feasible solution to the problem by virtualization. Software Defined Networking provides a viable path in virtualization and managing the network resources in an “On Demand Manner”. This study is focused on the drawbacks of the existing technology and a fine grained introduction to Software Defined Networking. Further adding to the above topic, this study also passes over the current steps taken in the industrial sector in implementing Software Defined Networking. This study makes a walkthrough about the security features of Software Defined Networking, its advantages, limitations and further scope in identifying the loopholes in the security.
NETWORK INTRUSION DATASETS USED IN NETWORK SECURITY EDUCATIONIJITE
There is a gap between the network security graduate and the professional life. In this paper we discussed the different types of network intrusion dataset and then we highlighted the fact that any student can easily create a network intrusion dataset that is representative of the network they are in. Intrusions can be in form of anomaly or network signature; the students cannot grasp all types but they have to have the ability to detect malicious packets within his network.
Network Intrusion Datasets Used In Network Security EducationIJITE
This document discusses network intrusion datasets used in network security education. It summarizes various existing network intrusion datasets like DARPA 1998-1999, KDD Cup 99, Indian River State College dataset, and Kyoto 2006+ and highlights limitations of each. It then proposes a methodology to create a new educational network intrusion dataset by combining corpus linguistics methodology with network security models. The methodology includes collecting a balanced and representative dataset from real networks, analyzing and labeling the data, and using it to train classifiers for intrusion detection.
Revealing AES Encryption Device Key on 328P Microcontrollers with Differentia...IJECEIAES
This research demonstrates the revealing of an advanced encryption standard (AES) encryption device key. The encryption device is applied to an ATMEGA328P microcontroller. The said microcontroller is a device commonly used in the internet of things (IoT). We measured power consumption when the encryption process is taking place. The message sent to the encryption device is randomly generated, but the key used has a fixed value. The novelty of this research is the creation of a systematic and optimal circuit in carrying the differential power analysis or difference of means (DPA/DoM) technique, so the technique can be applied in key revealing on a microcontroller device by using 500 traces in 120 seconds.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
Quantum Cryptography Approach for Resolving Cyber Threatsijtsrd
The research work focused on the future of the internet security transaction without allowing unauthorized user from accessing the secret document. The system was implemented with python flask framework been the lightest micro framework. The quantum key distribution generator model used is the BB84. Users can create account one the sender and other receiver then peered together in single communication channel. The sender attach file and send it in an encrypted manner to be received by receiver on presenting the same quantum key used for encrypting it. Once the eavesdropper click the link of the protocol, an alarm is raised and the system quantum key is change instantly and committed into the database. The other application is the Quantum Simulator, this application is used for generating a simulation for a quantum cryptography. Madubuezi Christian Okoronkwo | Onwuzo J. C | Gregory E. Anichebe "Quantum Cryptography Approach for Resolving Cyber Threats" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-6 , October 2021, URL: https://www.ijtsrd.com/papers/ijtsrd46458.pdf Paper URL : https://www.ijtsrd.com/computer-science/artificial-intelligence/46458/quantum-cryptography-approach-for-resolving-cyber-threats/madubuezi-christian-okoronkwo
A comprehensive study of distributed Denial-of-Service attack with the detect...IJECEIAES
With the dramatic evolution in networks nowadays, an equivalent growth of challenges has been depicted toward implementing and deployment of such networks. One of the serious challenges is the security where wide range of attacks would threat these networks. Denial-of-Service (DoS) is one of the common attacks that targets several types of networks in which a huge amount of information is being flooded into a specific server for the purpose of turning of such server. Many research studies have examined the simulation of networks in order to observe the behavior of DoS. However, the variety of its types hinders the process of configuring the DoS attacks. In particular, the Distributed DoS (DDoS) is considered to be the most challenging threat to various networks. Hence, this paper aims to accommodate a comprehensive simulation in order to figure out and detect DDoS attacks. Using the well-known simulator technique of NS-2, the experiments showed that different types of DDoS have been characterized, examined and detected. This implies the efficacy of the comprehensive simulation proposed by this study.
IRJET - Detecting and Securing of IP Spoofing Attack by using SDNIRJET Journal
This document discusses detecting and preventing IP spoofing attacks using software-defined networking (SDN). It begins with an abstract that outlines using SDN architecture to implement controls for IP spoofing through an algorithm to manage flows of unused IP addresses via the shortest path. It then discusses how IP spoofing works by creating packets with fake source IP addresses. The proposed approach uses SDN destination networking to associate source networks with cryptographic keys added to packets for authentication by routers. This provides incentives for internet service providers to implement spoofing prevention. Evaluation shows the proposed approach improves performance metrics like IP address usage, intrusion detection, secure data transmission, and synchronization compared to existing methods.
Software engineering based self-checking process for cyber security system in...IJECEIAES
Newly, the cyber security of vehicle ad hoc network (VANET) includes two practicable: vehicle to vehicle (V2V) and Vehicle to Infrastructure (V2I) that have been considered due to importance. It has become possible to keep pace with the development in the world. The people safety is a priority in the development of technology in general and particular in of VANET for police vehicles. In this paper, we propose a software engineering based self-checking process to ensure the high redundancy of the generated keys. These keys are used in underlying cyber security system for VANET. The proposed self-checking process emploies a set of NIST tests including frequency, block and runs as a threshold for accepting the generated keys. The introduced cyber security system includes three levels: Firstly, the registration phase that asks vehicles to register in the system, in which the network excludes the unregistered ones. In this phase, the proposed software engineeringbased self-checking process is adopted. Secondly, the authentication phase that checks of the vehicles after the registration phase. Thirdly, the proposed system that is able to detect the DOS attack. The obtained results show the efficient performance of the proposed system in managing the security of the VANET network. The self-checking process increased the randomness of the generated keys, in which the security factor is increased.
A new algorithm to enhance security against cyber threats for internet of thi...IJECEIAES
One major problem is detecting the unsuitability of traffic caused by a distributed denial of services (DDoS) attack produced by third party nodes, such as smart phones and other handheld Wi-Fi devices. During the transmission between the devices, there are rising in the number of cyber attacks on systems by using negligible packets, which lead to suspension of the services between source and destination, and can find the vulnerabilities on the network. These vulnerable issues have led to a reduction in the reliability of networks and a reduction in consumer confidence. In this paper, we will introduce a new algorithm called rout attack with detection algorithm (RAWD) to reduce the affect of any attack by checking the packet injection, and to avoid number of cyber attacks being received by the destination and transferred through a determined path or alternative path based on the problem. The proposed algorithm will forward the real time traffic to the required destination from a new alternative backup path which is computed by it before the attacked occurred. The results have showed an improvement when the attack occurred and the alternative path has used to make sure the continuity of receiving the data to the main destination without any affection.
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...IDES Editor
The development of Internet protocols are greatly
needed as the network security becomes one of the most
important issues. This brings the need to develop IPv4 into
IPv6 in order to proceed towards increasing the network
capacity.
Now Intruders are considered as one of the most serious
threats to the internet security. Data mining techniques have
been successfully utilized in many applications. Many
research projects have applied data mining techniques to
intrusion detection. Furthermore different types of data
mining algorithms are very much useful to intrusion detection
such as Classification, Link Analysis and Sequence Analysis.
Moreover, one of the major challenges in securing fast
networks is the online detection of suspicious anomalies in
network traffic pattern. Most of the current security solutions
failed to perform the security task in online mode because of
the time needed to capture the packets and making decision
about it.
Practically, this study provides alliterative survey for the
enhancement associated with IPv6 in terms of its security
related functions. It is worthy mentioned that this study is
concurred with the data mining approaches that have been
used to detect intrusions.
The document describes experiments conducted using Cisco Packet Tracer software to simulate and test different computer network topologies. It includes 15 experiments covering topics like connecting devices using hubs and switches, implementing bus, star, ring, tree and hybrid topologies, creating local and wireless networks, and connecting multiple networks using routers. Each experiment lists the aim, steps to set up the topology, and provides a brief explanation of the networking concepts tested.
Similar to IPv6 flood attack detection based on epsilon greedy optimized Q learning in single board computer (20)
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Neural network optimizer of proportional-integral-differential controller par...IJECEIAES
Wide application of proportional-integral-differential (PID)-regulator in industry requires constant improvement of methods of its parameters adjustment. The paper deals with the issues of optimization of PID-regulator parameters with the use of neural network technology methods. A methodology for choosing the architecture (structure) of neural network optimizer is proposed, which consists in determining the number of layers, the number of neurons in each layer, as well as the form and type of activation function. Algorithms of neural network training based on the application of the method of minimizing the mismatch between the regulated value and the target value are developed. The method of back propagation of gradients is proposed to select the optimal training rate of neurons of the neural network. The neural network optimizer, which is a superstructure of the linear PID controller, allows increasing the regulation accuracy from 0.23 to 0.09, thus reducing the power consumption from 65% to 53%. The results of the conducted experiments allow us to conclude that the created neural superstructure may well become a prototype of an automatic voltage regulator (AVR)-type industrial controller for tuning the parameters of the PID controller.
An improved modulation technique suitable for a three level flying capacitor ...IJECEIAES
This research paper introduces an innovative modulation technique for controlling a 3-level flying capacitor multilevel inverter (FCMLI), aiming to streamline the modulation process in contrast to conventional methods. The proposed
simplified modulation technique paves the way for more straightforward and
efficient control of multilevel inverters, enabling their widespread adoption and
integration into modern power electronic systems. Through the amalgamation of
sinusoidal pulse width modulation (SPWM) with a high-frequency square wave
pulse, this controlling technique attains energy equilibrium across the coupling
capacitor. The modulation scheme incorporates a simplified switching pattern
and a decreased count of voltage references, thereby simplifying the control
algorithm.
A review on features and methods of potential fishing zoneIJECEIAES
This review focuses on the importance of identifying potential fishing zones in seawater for sustainable fishing practices. It explores features like sea surface temperature (SST) and sea surface height (SSH), along with classification methods such as classifiers. The features like SST, SSH, and different classifiers used to classify the data, have been figured out in this review study. This study underscores the importance of examining potential fishing zones using advanced analytical techniques. It thoroughly explores the methodologies employed by researchers, covering both past and current approaches. The examination centers on data characteristics and the application of classification algorithms for classification of potential fishing zones. Furthermore, the prediction of potential fishing zones relies significantly on the effectiveness of classification algorithms. Previous research has assessed the performance of models like support vector machines, naïve Bayes, and artificial neural networks (ANN). In the previous result, the results of support vector machine (SVM) were 97.6% more accurate than naive Bayes's 94.2% to classify test data for fisheries classification. By considering the recent works in this area, several recommendations for future works are presented to further improve the performance of the potential fishing zone models, which is important to the fisheries community.
Electrical signal interference minimization using appropriate core material f...IJECEIAES
As demand for smaller, quicker, and more powerful devices rises, Moore's law is strictly followed. The industry has worked hard to make little devices that boost productivity. The goal is to optimize device density. Scientists are reducing connection delays to improve circuit performance. This helped them understand three-dimensional integrated circuit (3D IC) concepts, which stack active devices and create vertical connections to diminish latency and lower interconnects. Electrical involvement is a big worry with 3D integrates circuits. Researchers have developed and tested through silicon via (TSV) and substrates to decrease electrical wave involvement. This study illustrates a novel noise coupling reduction method using several electrical involvement models. A 22% drop in electrical involvement from wave-carrying to victim TSVs introduces this new paradigm and improves system performance even at higher THz frequencies.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
Enhancing battery system identification: nonlinear autoregressive modeling fo...IJECEIAES
Precisely characterizing Li-ion batteries is essential for optimizing their
performance, enhancing safety, and prolonging their lifespan across various
applications, such as electric vehicles and renewable energy systems. This
article introduces an innovative nonlinear methodology for system
identification of a Li-ion battery, employing a nonlinear autoregressive with
exogenous inputs (NARX) model. The proposed approach integrates the
benefits of nonlinear modeling with the adaptability of the NARX structure,
facilitating a more comprehensive representation of the intricate
electrochemical processes within the battery. Experimental data collected
from a Li-ion battery operating under diverse scenarios are employed to
validate the effectiveness of the proposed methodology. The identified
NARX model exhibits superior accuracy in predicting the battery's behavior
compared to traditional linear models. This study underscores the
importance of accounting for nonlinearities in battery modeling, providing
insights into the intricate relationships between state-of-charge, voltage, and
current under dynamic conditions.
Smart grid deployment: from a bibliometric analysis to a surveyIJECEIAES
Smart grids are one of the last decades' innovations in electrical energy.
They bring relevant advantages compared to the traditional grid and
significant interest from the research community. Assessing the field's
evolution is essential to propose guidelines for facing new and future smart
grid challenges. In addition, knowing the main technologies involved in the
deployment of smart grids (SGs) is important to highlight possible
shortcomings that can be mitigated by developing new tools. This paper
contributes to the research trends mentioned above by focusing on two
objectives. First, a bibliometric analysis is presented to give an overview of
the current research level about smart grid deployment. Second, a survey of
the main technological approaches used for smart grid implementation and
their contributions are highlighted. To that effect, we searched the Web of
Science (WoS), and the Scopus databases. We obtained 5,663 documents
from WoS and 7,215 from Scopus on smart grid implementation or
deployment. With the extraction limitation in the Scopus database, 5,872 of
the 7,215 documents were extracted using a multi-step process. These two
datasets have been analyzed using a bibliometric tool called bibliometrix.
The main outputs are presented with some recommendations for future
research.
Use of analytical hierarchy process for selecting and prioritizing islanding ...IJECEIAES
One of the problems that are associated to power systems is islanding
condition, which must be rapidly and properly detected to prevent any
negative consequences on the system's protection, stability, and security.
This paper offers a thorough overview of several islanding detection
strategies, which are divided into two categories: classic approaches,
including local and remote approaches, and modern techniques, including
techniques based on signal processing and computational intelligence.
Additionally, each approach is compared and assessed based on several
factors, including implementation costs, non-detected zones, declining
power quality, and response times using the analytical hierarchy process
(AHP). The multi-criteria decision-making analysis shows that the overall
weight of passive methods (24.7%), active methods (7.8%), hybrid methods
(5.6%), remote methods (14.5%), signal processing-based methods (26.6%),
and computational intelligent-based methods (20.8%) based on the
comparison of all criteria together. Thus, it can be seen from the total weight
that hybrid approaches are the least suitable to be chosen, while signal
processing-based methods are the most appropriate islanding detection
method to be selected and implemented in power system with respect to the
aforementioned factors. Using Expert Choice software, the proposed
hierarchy model is studied and examined.
Enhancing of single-stage grid-connected photovoltaic system using fuzzy logi...IJECEIAES
The power generated by photovoltaic (PV) systems is influenced by
environmental factors. This variability hampers the control and utilization of
solar cells' peak output. In this study, a single-stage grid-connected PV
system is designed to enhance power quality. Our approach employs fuzzy
logic in the direct power control (DPC) of a three-phase voltage source
inverter (VSI), enabling seamless integration of the PV connected to the
grid. Additionally, a fuzzy logic-based maximum power point tracking
(MPPT) controller is adopted, which outperforms traditional methods like
incremental conductance (INC) in enhancing solar cell efficiency and
minimizing the response time. Moreover, the inverter's real-time active and
reactive power is directly managed to achieve a unity power factor (UPF).
The system's performance is assessed through MATLAB/Simulink
implementation, showing marked improvement over conventional methods,
particularly in steady-state and varying weather conditions. For solar
irradiances of 500 and 1,000 W/m2
, the results show that the proposed
method reduces the total harmonic distortion (THD) of the injected current
to the grid by approximately 46% and 38% compared to conventional
methods, respectively. Furthermore, we compare the simulation results with
IEEE standards to evaluate the system's grid compatibility.
Enhancing photovoltaic system maximum power point tracking with fuzzy logic-b...IJECEIAES
Photovoltaic systems have emerged as a promising energy resource that
caters to the future needs of society, owing to their renewable, inexhaustible,
and cost-free nature. The power output of these systems relies on solar cell
radiation and temperature. In order to mitigate the dependence on
atmospheric conditions and enhance power tracking, a conventional
approach has been improved by integrating various methods. To optimize
the generation of electricity from solar systems, the maximum power point
tracking (MPPT) technique is employed. To overcome limitations such as
steady-state voltage oscillations and improve transient response, two
traditional MPPT methods, namely fuzzy logic controller (FLC) and perturb
and observe (P&O), have been modified. This research paper aims to
simulate and validate the step size of the proposed modified P&O and FLC
techniques within the MPPT algorithm using MATLAB/Simulink for
efficient power tracking in photovoltaic systems.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Remote field-programmable gate array laboratory for signal acquisition and de...IJECEIAES
A remote laboratory utilizing field-programmable gate array (FPGA) technologies enhances students’ learning experience anywhere and anytime in embedded system design. Existing remote laboratories prioritize hardware access and visual feedback for observing board behavior after programming, neglecting comprehensive debugging tools to resolve errors that require internal signal acquisition. This paper proposes a novel remote embeddedsystem design approach targeting FPGA technologies that are fully interactive via a web-based platform. Our solution provides FPGA board access and debugging capabilities beyond the visual feedback provided by existing remote laboratories. We implemented a lab module that allows users to seamlessly incorporate into their FPGA design. The module minimizes hardware resource utilization while enabling the acquisition of a large number of data samples from the signal during the experiments by adaptively compressing the signal prior to data transmission. The results demonstrate an average compression ratio of 2.90 across three benchmark signals, indicating efficient signal acquisition and effective debugging and analysis. This method allows users to acquire more data samples than conventional methods. The proposed lab allows students to remotely test and debug their designs, bridging the gap between theory and practice in embedded system design.
Detecting and resolving feature envy through automated machine learning and m...IJECEIAES
Efficiently identifying and resolving code smells enhances software project quality. This paper presents a novel solution, utilizing automated machine learning (AutoML) techniques, to detect code smells and apply move method refactoring. By evaluating code metrics before and after refactoring, we assessed its impact on coupling, complexity, and cohesion. Key contributions of this research include a unique dataset for code smell classification and the development of models using AutoGluon for optimal performance. Furthermore, the study identifies the top 20 influential features in classifying feature envy, a well-known code smell, stemming from excessive reliance on external classes. We also explored how move method refactoring addresses feature envy, revealing reduced coupling and complexity, and improved cohesion, ultimately enhancing code quality. In summary, this research offers an empirical, data-driven approach, integrating AutoML and move method refactoring to optimize software project quality. Insights gained shed light on the benefits of refactoring on code quality and the significance of specific features in detecting feature envy. Future research can expand to explore additional refactoring techniques and a broader range of code metrics, advancing software engineering practices and standards.
Smart monitoring technique for solar cell systems using internet of things ba...IJECEIAES
Rapidly and remotely monitoring and receiving the solar cell systems status parameters, solar irradiance, temperature, and humidity, are critical issues in enhancement their efficiency. Hence, in the present article an improved smart prototype of internet of things (IoT) technique based on embedded system through NodeMCU ESP8266 (ESP-12E) was carried out experimentally. Three different regions at Egypt; Luxor, Cairo, and El-Beheira cities were chosen to study their solar irradiance profile, temperature, and humidity by the proposed IoT system. The monitoring data of solar irradiance, temperature, and humidity were live visualized directly by Ubidots through hypertext transfer protocol (HTTP) protocol. The measured solar power radiation in Luxor, Cairo, and El-Beheira ranged between 216-1000, 245-958, and 187-692 W/m 2 respectively during the solar day. The accuracy and rapidity of obtaining monitoring results using the proposed IoT system made it a strong candidate for application in monitoring solar cell systems. On the other hand, the obtained solar power radiation results of the three considered regions strongly candidate Luxor and Cairo as suitable places to build up a solar cells system station rather than El-Beheira.
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
We have compiled the most important slides from each speaker's presentation. This year’s compilation, available for free, captures the key insights and contributions shared during the DfMAy 2024 conference.
ACEP Magazine edition 4th launched on 05.06.2024Rahul
This document provides information about the third edition of the magazine "Sthapatya" published by the Association of Civil Engineers (Practicing) Aurangabad. It includes messages from current and past presidents of ACEP, memories and photos from past ACEP events, information on life time achievement awards given by ACEP, and a technical article on concrete maintenance, repairs and strengthening. The document highlights activities of ACEP and provides a technical educational article for members.
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...University of Maribor
Slides from talk presenting:
Aleš Zamuda: Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapter and Networking.
Presentation at IcETRAN 2024 session:
"Inter-Society Networking Panel GRSS/MTT-S/CIS
Panel Session: Promoting Connection and Cooperation"
IEEE Slovenia GRSS
IEEE Serbia and Montenegro MTT-S
IEEE Slovenia CIS
11TH INTERNATIONAL CONFERENCE ON ELECTRICAL, ELECTRONIC AND COMPUTING ENGINEERING
3-6 June 2024, Niš, Serbia
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
IPv6 flood attack detection based on epsilon greedy optimized Q learning in single board computer
1. International Journal of Electrical and Computer Engineering (IJECE)
Vol. 13, No. 5, October 2023, pp. 5782~5791
ISSN: 2088-8708, DOI: 10.11591/ijece.v13i5.pp5782-5791 5782
Journal homepage: http://ijece.iaescore.com
IPv6 flood attack detection based on epsilon greedy optimized
Q learning in single board computer
April Firman Daru1
, Kristoko Dwi Hartomo2
, Hindriyanto Dwi Purnomo2
1
Faculty of Information Technology and Communication, Semarang University, Semarang, Indonesia
2
Faculty of Information Technology, Satya Wacana Christian University, Salatiga, Indonesia
Article Info ABSTRACT
Article history:
Received Sep 13, 2022
Revised Apr 18, 2023
Accepted Apr 24, 2023
Internet of things is a technology that allows communication between devices
within a network. Since this technology depends on a network to
communicate, the vulnerability of the exposed devices increased significantly.
Furthermore, the use of internet protocol version 6 (IPv6) as the successor to
internet protocol version 4 (IPv4) as a communication protocol constituted a
significant problem for the network. Hence, this protocol was exploitable for
flooding attacks in the IPv6 network. As a countermeasure against the flood,
this study designed an IPv6 flood attack detection by using epsilon greedy
optimized Q learning algorithm. According to the evaluation, the agent with
epsilon 0.1 could reach 98% of accuracy and 11,550 rewards compared to the
other agents. When compared to control models, the agent is also the most
accurate compared to other algorithms followed by neural network (NN),
K-nearest neighbors (KNN), decision tree (DT), naive Bayes (NB), and
support vector machine (SVM). Besides that, the agent used more than 99%
of a single central processing unit (CPU). Hence, the agent will not hinder
internet of things (IoT) devices with multiple processors. Thus, we concluded
that the proposed agent has high accuracy and feasibility in a single board
computer (SBC).
Keywords:
Epsilon greedy
Intrusion detection
IPv6 flooding
Off policy Q learning
Reinforcement learning
Single board computer
This is an open access article under the CC BY-SA license.
Corresponding Author:
April Firman Daru
Faculty of Information Technology and Communication, Semarang University
Soekarno-Hatta Street, West Tlogosari, Semarang 50196, Indonesia
Email: firman@usm.ac.id
1. INTRODUCTION
Network intrusions are a part of global network connectivity that occur everywhere and may cause
problems to all connected devices. From year to year, network intrusions are still growing on many sides such
as attack patterns and protocols. Before internet protocol version 6 (IPv6) was introduced, internet protocol
version 4 (IPv4) was often used as a medium to attack a network. But in a recent article, many hackers started
targeting IPv6-connected devices with flooding attacks [1]. Similar to the IPv4 protocol, the IPv6 network
protocol also has weaknesses in terms of security. This protocol could be used for flooding attacks with
different levels of risk [2], [3].
There are many types of intrusion that exist, one of them is known as denial of service. This kind of
intrusion floods spams data in massive numbers to shut down internet of things devices such as IP Cameras or
other types of monitoring devices [4]. Since those devices have lower processing capability, it was easier for
intrusions from outside to knock down the devices [5]–[7]. Another factor that increases the risk of the device
is the unattended mechanism that allows devices to work without human interference [8], [9]. Thus, the security
enhancement for Internet of Things devices became a trend and a challenge for future research [10].
2. Int J Elec & Comp Eng ISSN: 2088-8708
IPv6 flood attack detection based on epsilon greedy optimized Q learning … (April Firman Daru)
5783
Many articles of research focus on IPv6 mitigation on the internet of things (IoT). The development
of IPv6 intrusion detection started from signatures-based until machine learning-based detection. Signature-
based intrusion detection is easier to implement on the internet of things since high processing power is not
required. The devices only need to read the rules and compare the characteristic of the data to determine the
detection. This kind of detection has high accuracy since the model only needs to check the existing signature
with the data [11], [12]. However, there is a problem detecting a complex attack. The signature-based detection
is not well-suited for complex detection, so machine learning is invented to overcome the problem [13], [14].
Machine learning-based detection usually uses a feature classification to detect intrusion into the network
[15]–[17]. For example, IPv6 intrusion detection for router advertisement flooding has an accuracy of up to
98.55%. This model can detect IPv6-based intrusion effectively with a machine learning algorithm [18]. Even
though machine learning-based detection has high detection accuracy, the implementation on the Internet of
Things device was not feasible due to its limitations [19]. Besides that, the supervised learning method in
machine learning only guesses the correct answer based on the trained model. Hence to improve its accuracy,
the researchers must be involved. Incapability to improve its accuracy without human interference is the main
weakness of the supervised learning method in the previous articles of the research [20].
Because of this reason, this study tries a different approach to developing intrusion detection with
epsilon greedy optimized Q learning. Unlike the supervised learning method, this method not only guesses the
correct answer but also improves itself in the shape of reward feedback [20]. Q learning itself is a reinforcement
learning method that makes an internet of things device an agent to learn the characteristics of the intrusions
in the IPv6 network. Hence, the device can determine whether the data is an intrusion or neutral. This paper
stated the contributions of the study with the following statements. We proposed a reinforcement learning-
based flooding attack detection model based on the IPv6 package pattern. Unlike the current state-of-the-art
model that cannot improve its accuracy, the proposed model use epsilon greedy optimized
Q learning-based as the self-improving detection model.
2. THE PROPOSED METHOD
2.1. Data gathering
In this section, we explain the proposed method used to solve the problem that exists in the previous
studies. The proposed method consists of several parts such as the data sample for training and testing, the
algorithm, the environment of the agent, and the agent itself. To build an agent that is capable to detect
IPv6-based attacks, this study gathered several intrusion characteristics by capturing live. The setup topology
for data gathering is illustrated in the Figure 1.
Figure 1. Simple IPv6 network topology to capture data
Figure 1 is the process for gathering the required data. To obtain both neutral and intrusion data, this
study used two computers that connected via a wireless network to simulate the flooding attacks. One computer
is given a role as an attacker and equipped with The Hacker’s Choices tools (THC-IPv6) to flood the victim
with IPv6-based data. The used tools in this experiment consist of denial6, flood_unreach6, thcsyn6, nping,
and fping [21]. Meanwhile, the target computer is an internet of things processing board called Raspberry Pi
that is equipped with Wireshark to collect flood data. This study gathered two types of data that consist of
neutral and intrusion data. Each type also consists of two different protocols such as transmission control
protocol (TCP) and internet control message protocol version 6 (ICMPv6). The tools used to gather TCP-based
data such as thc-syn6 (as intrusion sample) and nping (as neutral sample). Meanwhile, denial6 (as intrusion
sample) and fping (as neutral sample) are used to gather ICMPv6-based data.
Table 1 explains the used flooding tools from the THC-IPv6 toolkit in the experiment. The attacks
consist of two protocols, ICMPv6 and TCP where each protocol has five different toolsets used as the dataset
generator. To generate the ICMPv6 dataset, we use fping to generate normal ICMPv6. Meanwhile, we use
denial6 from the THC-IPv6 toolkit with two different packet generation switches (one for hop-by-hop, and one
for large unknown option); flood-unreach6 for flooding the target with unreachable packets; rsmurf6 to smurf
3. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5782-5791
5784
the target (as part of distributed denial-of-service act). For the TCP data, we use nping to generate normal TCP
packets, thc-syn6 with four different switches to attack the target. The first switch for thcsyn6 will generate
TCP-synchronize (TCP-SYN) packets, the second switch generates TCP-acknowledge (TCP-ACK) packets,
the third switch generates TCP-SYN-ACK packets, and the last one generates hop-by-hop router alert TCP
packets.
Table 1. Attacks performed during data gathering
Num Performed THC command Protocol Packet details
Atk 1 fping-6 [target] ICMPv6 Neutral normal packet
Atk 2 denial6 [interface] [target] 1 ICMPv6 Flood attack with large hop-by-hop header
Atk 3 denial6 [interface] [target] 2 ICMPv6 Flood attack with large unknown option header
Atk 4 flood-unreach6 [interface] [target] ICMPv6 Flood target with unreachable ICMPv6 packets
Atk 5 rsmurf6 [interface] [target] ICMPv6 Smurf target in local network
Atk 6 nping-6–tcp [target] TCP Neutral normal packet
Atk 7 thcsyn6 [interface] [target] TCP Flood victim with TCP-SYN
Atk 8 thcsyn6-A [interface] [target] TCP Flood victim with TCP-ACK
Atk 9 thcsyn6-S [interface] [target] TCP Flood victim with TCP-SYN-ACK
Atk 10 thcsyn6-a [interface] [target] TCP Flood victim with hop-by-hop router alert
However, the obtained data from the data-gathering phase contains many unneeded fields. Since not
all fields are required, this study pre-processes the raw dataset into a finer dataset that contains required fields.
In some cases, there is value similarity inside a dataset, this study decided to choose at least one field to be
uniquely allowed in the dataset. Table 2 contains the used fields in the dataset:
Table 2. The packet characteristics for learning target
Feature ICMPv6 TCP
1 Source Addr Source Addr
2 Destination Addr Destination Addr
3 Protocol Protocol
4 Length Length
5 Payload length Payload length
6 Type Window size
7 Data Flags
8 Detection Detection
According to Table 2, the data fields were taken from the header and the payload of the data. In the
header part, there are, source address; destination address; protocol; length; and payload length are used as
unique fields. The header fields between TCP and ICMPv6 are the same since both protocols already have
unique values. The ICMPv6 payload part consists of type and data. Mean-while TCP payload part consists of
window size and flags. The last field labelled detection contains a manually assigned Boolean value to indicate
whether the data is an intrusion or not.
After completing the labelling process, this study continues the next portioning data process. This
study decides on a fair 50:50 portion for both intrusion and neutral packets (not based on the tools used).
Making this fair portioning will help prevent the agent to turn one side only. Besides data row size, this study
also portioned the data rows according to the protocol and its data type. Table 3 explains the portioning of the
data rows according to the protocol and its data type.
Table 3. Dataset sample and compositions
Protocol Tool(s) Row(s) Type
ICMPv6 fping 1,000 Neutral
denial6 case 1 250 Intrusion
denial6 case 2 250 Intrusion
flood-unreach6 250 Intrusion
rsmurf6 250 Intrusion
TCP nping 1,000 Neutral
thcsyn6 no-opt 250 Intrusion
thcsyn6 ACK 250 Intrusion
thcsyn6 SYN-ACK 250 Intrusion
thcsyn6 hop-by-hop 250 Intrusion
Total data rows 4,000 -
4. Int J Elec & Comp Eng ISSN: 2088-8708
IPv6 flood attack detection based on epsilon greedy optimized Q learning … (April Firman Daru)
5785
The ICMPv6 protocol has 1,000 rows of fping data, 250 rows of denial6 test case1 data, 250 rows of
denial 6 test case 2 data, 250 rows of flood_unreach6 data, and 250 rows of rsmurf6 data. Hence the ICMPv6
has 1,000 neutral and 1,000 intrusion data. Meanwhile, the TCP protocol has 1,000 rows of nping data,
250 rows of thcsyn6 without option data, 250 rows of thcsyn6 ACK data, 250 rows of thc-syn6 SYN-ACK
data, and 250 rows of thcsyn6 hop-by-hop data. Similar to the ICMPv6 protocol, TCP has 1,000 neutral and
1,000 intrusion data. Adding various intrusion types to the dataset will increase the agent’s knowledge about
the intrusions. All dataset that contains neutral and intrusion data is stored inside a CSV file for easier access.
Before the training process starts, the agent load and split the dataset into 70:30 stratified training and test data.
The stratifying process during data split has the purpose to balance the number of rows in each data field. At the end
of dataset pre-processing, this study obtained 2,800 rows of training data and 1,200 rows of test data randomized.
2.2. Environment design
After the data pre-processing phase is complete, this study designed an environment for the agent to
learn the data. However, the environment used for intrusion detection is different from publicly available
environments. The problem lies in the numbering system that the environment uses. The publicly available
environments used rational numbers as their states. Thus, the dataset is not compatible with the current
environment. To solve this problem, this study changed the numbering system in the environment with the
whole number system. Besides changing the number system, this study also used number conversion through
truncated decimal converted SHA-1 checksum hash to change any values inside the data set into unique
numbers. Figure 2 illustrated the process of the number conversion of the dataset.
Figure 2. Data to decimal number conversion method
Figure 2 contains a method to convert any data type into unique numbers starting by encoding each
data into a UTF-8 string. The next step is to get the hash result of the string with the SHA-1 algorithm and turn
it into hexadecimal through digest. The decimal value can be obtained by the decimal conversion process of
hexadecimal hash. However, the result of the conversion is too long for the agent to store. Hence, the result
from the previous process is truncated into ten digits. This number is unique and useful to distinguish between
intrusion A and B. By using this method, the environment will accept the truncated decimal data.
The next process is to configure the reward mechanism in the environment. The reward is a feedback
mechanism that reinforcement learning uses to optimize the agent’s decision mechanism. The calculation of
the reward inside the environment uses IF-based rules by matching the detection indicator inside the data set
with the action taken by the agent. From this point, the environment can raise four different detection indicators.
Table 4 contains the reward calculation and detection indicators.
Table 4. Reward calculation and detection indicators
Indicator Detection Agent’s action Rewards
True positive (TP) True True +10
True negative (TN) False False +10
False positive (FP) False True -5
False negative (FN) True False -5
According to Table 4, the agent will receive positive rewards if the agent determines the correct action
and value (true positive (TP) and true negative (TN)). In the study, the environment will return ten points if the
agent determines correctly. Meanwhile, the agent will receive negative rewards if the agent determines the
5. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5782-5791
5786
values incorrectly (false positive (FP), false negative (FN)). The environment will return minus five points and
decrease the accumulated rewards. The accumulated rewards are usable for action decision factors and
performance evaluation at a later stage. The agent will determine the next action according to the accumulated
rewards. Besides that, high reward accumulations mean that the detection has good accuracy.
2.3. Q learning agent
The last step of the environment design phase is to build the agent and its interaction with the
environment. The agent is the main system that determines whether a packet is an intrusion or not in this study.
However, the agent needs to interact with the environment to determine the correct action for each data row in
the dataset. The interaction between agent and environment will produce a state and a reward. The process of
the interaction for agent training and testing is illustrated in Figure 3.
Figure 3. Agent algorithm with epsilon greedy and Q learning
According to Figure 3, the interaction starts with the agent loading pre-processed training data and the
environment. After the loading process is complete, the agent chooses the action between random and Q Table
with the epsilon greedy method assistance [22], [23]. The formula used for Epsilon greedy is shown (1):
𝐴𝑡
{𝑅𝑎𝑛𝑑𝑜𝑚𝐴𝑐𝑡𝑖𝑜𝑛(𝐴)𝑤𝑖𝑡ℎ𝑃(𝜖)
𝑚𝑎𝑥 𝑄(𝐴)𝑤𝑖𝑡ℎ𝑃(1−𝜖)
(1)
where 𝐴 is the action taken for the agent, Q is the Q Table, P is the probability of action taken, 𝑡 is the time or
step, and 𝜖 is the value of the probability. Since this method uses probability, the agent will receive an action
from the maximum policy table or random action. Theoretically, forcing the agent to use the maximum policy
inside the Q table more often can increase the accuracy. It means that the learning model needs to explore first
and then exploit the result to achieve the best performance [24], [25]. At this point, the agent already has the
6. Int J Elec & Comp Eng ISSN: 2088-8708
IPv6 flood attack detection based on epsilon greedy optimized Q learning … (April Firman Daru)
5787
dataset and the action. The agent inputs a data row and action into the environment and let the environment
calculate the reward. The environment returns the reward and the state after the process is complete. The agent
receives the state and the reward and evaluates the learning process with the Q learning algorithm. As shown
by (1) is the formula used for Q learning:
𝑄(𝑆𝑡, 𝐴𝑡) ← 𝑄(𝑆𝑡, 𝐴𝑡) + 𝛼[𝑅𝑡+1 + 𝛾. 𝑚𝑎𝑥𝑄(𝑆𝑡+1, 𝑎) − 𝑄(𝑆𝑡, 𝐴𝑡)] (2)
This formula consists of several elements such as reward (R), state (S) dan action (A). Besides that,
this formula also counts 𝑡 as the time step or episode, 𝛼 as the agent’s learning rate, and 𝛾 as the reward discount
rate. These variables are also known as hyperparameters that may affect the learning process if changed. This
function is known as Q-Function or action-value function where the agent can determine the specific action to
take when exploiting the Q Table. Since this algorithm is an off-policy algorithm, the agent cannot decide
between exploration and exploitation explicitly. The agent stores the evaluation result in the coordinate of the
Q Table with the state on X-axis and action on Y-axis. The agent will repeat these steps until the specified
episodes in the training phase. Meanwhile, during the testing phase, the agent only needs to do it once with
Q Table as the action source.
3. METHOD
This section explains the agent’s performance evaluations by following four experiments with
different scenarios. Each scenario has a different epsilon size to evaluate the performance of intrusion detection.
With these scenarios, this study can understand the relationship between exploration and exploitation with
detection results. Table 5 explains the experiment's scenarios.
Table 5. Experiment scenario setup for evaluation
Scenario Epsilon Time Epoch Training Test
1 0.1 10 10 1
2 0.5 10 10 1
3 0.9 10 10 1
4 1.0 10 10 1
According to Table 5, this study uses four different scenarios to evaluate the learning capability of the
agent. Each scenario has a different epsilon configuration but the same training and test episodes. The epsilon
configuration in the table starts from the best-policy action (0.1) to pure random action (1.0). Since the range
is quite wide, this study only chooses the most significant epsilon value (0.1, 0.5, 0.9, 1.0). In the terms of
training and testing epochs, this study will execute the training for ten episodes starting from one. This
experiment uses a shorter period since the dataset contains repeated data and is sufficient to train the agent.
Meanwhile, the testing epoch is only one episode. This phase force the agent to use the best action available in
the table to test the accuracy of the detection. To obtain the accuracy of detection, this study uses a confusion
matrix to populate the detection results. With the help of the confusion matrix, this study can calculate the
accuracy of the detection. Thus, this study can understand better how the agent learns IPv6-based intrusions
[26]. Hence, the equation for the accuracy is in (3),
𝐴𝑐𝑐𝑢𝑟𝑎𝑐𝑦(%) =
(𝑇𝑃+𝑇𝑁)
(𝑇𝑃+𝑇𝑁+𝐹𝑃+𝐹𝑁)
(3)
where TP and TN. These two indicators are indicated that the agent chooses the correct action for the packet.
The sum value of these two indicators is divided by the sum of all indicators (TP, TN, FP, and FN). The result
of division is the accuracy of the detection. A higher value indicates that the agent has a good detection of the
intrusions.
Besides the accuracy benchmark, this study also uses a reward graph to evaluate how well the agent
performs. If the confusion matrix focuses on how good the detection is, then the reward graph shows how good
the agent chooses the correct action for each data. This type of evaluation is not feasible in supervised learning
since the algorithm does not use an agent to do the learning process. As the control for the accuracy evaluation,
this study compares machine learning-based intrusion detection with the agent.
Using a reward graph as the evaluation aspect, this study can compare the agent’s performance to pick
the correct action for each data. If the agent chooses the correct action, then the accumulated rewards will
increase. But if the agent incorrectly chooses the action, the accumulated rewards will decrease. Also, if the
agent has maximum accumulated rewards, it means that it can correctly determine all the test data.
7. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5782-5791
5788
The last aspect of the evaluation is the processing performance of the internet of things device. Since
this study uses Raspberry Pi as the target device, this study also needs to gather performance evidence during
the whole process. Benchmarking the performance of the agent inside the Raspberry Pi device, this study can
understand the impact of reinforcement learning inside an IoT device. In this aspect, the research can gather
the CPU and the memory usage during the training and testing phases.
4. RESULTS AND DISCUSSION
This section elucidates the result of the agent’s evaluation. The results contained a detection summary,
agent’s accuracy and reward graphs, accuracy comparison with different algorithms, and performance
benchmark. The first evaluation is the detection results during experiments, the data stored in a shape of a table
with TP, TN, FP, and FN indicators. The second evaluation is the agent's performance with accuracy and
reward graph. The third evaluation was the comparison result between other classification algorithms. The last
one was the hardware performance benchmark for epsilon greedy optimized Q learning for low-end devices
like single board computer (SBC).
According to Table 6, agent 0.1 correctly determines the test data during the experiment. This agent
did not have a value larger than 0 in false positive and false negative indicators. Unlike agent 0.1, the other
agents did not have zero results in their results. This table showed that a higher epsilon value can lower the
result in true indicators. Hence, the accuracy of the detections should be lower. To prove this statement, this
study calculated Table 6 results into accuracy. Then, compare the accuracy and the rewards side by side for
each agent with different epsilon. Figure 4 shows the comparison result between each agent.
Table 6. Q learning agent’s average detection results
Agent TP TN FP FN
0.1 570 600 0 30
0.5 480 510 90 120
0.9 488 330 270 112
1.0 465 134 123 478
According to Figure 4, the agent with epsilon 0.1 has the highest accuracy and rewards. With average
detection accuracy up to 98% and average rewards of 11,500, this agent outperformed the rest of the agents.
Meanwhile, the result of each agent was: the agent epsilon 0.5 in the second place with the accuracy reached
83% and accumulated reward up to 8,850, in the third place is the agent epsilon 0.9 with accuracy reached 68%
and reward of 6,262, and the last place is the agent without learning reached accuracy up to 50% and reward
2,974.
The next step for the evaluation is to compare with the control model from another machine learning
algorithm. Using the published article as the main reference for comparison, this study put the result of the
comparison side by side. The cited references were using a similar tool to generate the intrusions, but different
in the terms of detection model. Figure 5 showed the comparison between this agent’s accuracy with the model
from the article [27].
Figure 4. Accuracy and reward comparison
between agents
Figure 5. Accuracy comparison between
algorithms
8. Int J Elec & Comp Eng ISSN: 2088-8708
IPv6 flood attack detection based on epsilon greedy optimized Q learning … (April Firman Daru)
5789
Based on the result of Figure 5, this study compared several algorithms like support vector machine
(SVM), naive Bayes (NB), decision tree (DT), k-nearest neighbor (KNN), neural network (NN), and epsilon
greedy optimized Q learning (EG-QL). Compared to other machine learning models, the proposed Q learning
agent has the highest accuracy of 98%. This means that the proposed model has the best performance compared
to other models. Followed by NN with 81.57%, KNN with 81.57%, DT with 80.79%, naïve Bayes with 80.54%,
and SVM up to 78.78%
The last aspect of the evaluation is the performance benchmark for the Raspberry Pi device. In this
part, this study split the performance benchmark into two parts: CPU and memory usage. The CPU usage result
of the agents are illustrated in Figure 6.
Figure 6. Performance benchmark on an SBC
According to Figure 6, all agents utilized more than 99% to process the data in the training and test
phases. The process of the agent is in a single processor, so there are three more processors available for the
operating system to use. If calculated roughly, the agent only used 25% of all processors available in the
Raspberry Pi. Hence, the process itself will not disturb the whole system. According to the result, most agents
have similar memory usage except agent 1.0. The dataset inside the agent caused the high memory usage in
each agent. Besides that, the agent also stored the learning policy (Q Table) inside the agent. Thus, storing the
learning policy also increased the memory usage in every agent (Agent 0.1, 0.5, and 0.9).
The last part of this section discusses the result of the agents’ evaluation and comparison. The
discussion covers the accuracy of the detection agents, the impact of the dataset on training and test processes,
and the performance benchmark in the Raspberry Pi device. In the detection accuracy evaluation phase, this
study compared Q learning agents with each other and the previously available models. The first comparison
found that the best agent has the highest accuracy compared to other agents. In this case, the agent with epsilon
configured to 0.1 has the best accuracy up to 98%. The agent can reach the top accuracy because the agent used
the best policy more often than random action space. Using the best policy as the main source of action can
give the agent more proper choice than depending on the randomization. Thus, the agent can reach maximum
accuracy faster than other agents. Reward evaluation determines how well the agent detects the intrusion.
Similar to the accuracy test, a higher reward is always preferable to others. In this case, the agent with epsilon
0.1 has the highest reward with 11,550. Followed by agent 0.5 with 8,850 rewards, agent 0.9 with 6,262
rewards, and agent 1.0 with 2,974 rewards. Agent 1.0 in the evaluation phase has the lowest rewards since the
agent relies on randomness to detect the intrusions.
The second comparison was the top agent with other machine learning algorithms. According to the
second comparison’s result, the epsilon greedy optimized Q learning agent has the highest accuracy. Then,
followed by NN, KNN, DT, naive Bayes, and SVM. There are several reasons why the agent has the highest
accuracy compared to other models. One of the reasons is also related to the dataset used in the training and
test phases. The dataset used to teach the agents consists of two components: neutral and intrusion data.
No matter what type of attack is inside the dataset, the number is the most important factor. The balanced
number can prevent the agent from siding on the heavier side after the training process. To do that, this study
used stratified data split process to make sure the data is balanced. The next factor is the test data used in the
testing process. Since the agent learned everything in the training process, the agent already has the best policy
for each test data. However, if new unknown data is added to the test data the accuracy could decrease.
9. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5782-5791
5790
The last discussion is the performance benchmark on the Raspberry Pi device. The purpose of the
evaluation is to test the agent’s feasibility in an embedded device. According to the performance benchmark,
the agents used more than 99% in a single processor to run the whole process. From a single processor point
of view, this is a bad practice and not feasible to implement the agent in a real situation. If the agent is installed
on a device with multiple processors, the system still has three more processors available. The last performance
benchmark is memory usage. This aspect evaluated the memory usage of the agents during the whole process.
The usage of each agent is affected by the dataset used. It means that the more dataset used in the agent, the
more memory will be used. Agent 1.0 is an exception because the agent did not split the data into training and
testing data. Thus, did not increase memory usage. In the terms of feasibility of memory usage, all the agents
can run normally inside the Raspberry Pi without hindering the operating system. It can be concluded that the
proposed algorithm and its agent can determine whether the packet data is an intrusion or not correctly.
Compared to control models from a previously published article, the proposed agent has the best accuracy
among the models. Besides that, the agent has lower system specifications and is feasible on the internet of
things device.
5. CONCLUSION
Network security is a vital aspect of this modern era. Since many devices are connected to the internet,
security protection is a serious concern. One technology that depends on network connectivity is IoT. The IoT
device is connected to the internet and exposed to the invisible risk of attack. Besides that, the use of IPv6 as
the communication protocol also posed an additional risk to the devices. To mitigate this problem, this study
proposed an intrusion detection system using reinforcement learning. According to the evaluation results, the
Q learning detection agent 0.1 outperformed the other agents’ accuracy and rewards. With up to 98% of
accuracy and 11,550 rewards, agent 0.1 has the highest accuracy compared to other agents. If compared to
control models from the published article, the current agent is still in the first place. The current agent has an
accuracy of up to 98%, followed by NN with 81.57%, KNN at 81.57%, DT at 80.79%, NB at 80.54%, and
SVM up to 78.78%. Besides accuracy, the agent is also evaluated for the performance benchmark to test its
feasibility. According to the performance benchmark, the agent has the highest CPU usage with more than 99%
and memory usage up to 9.96%. However, in multi-processor devices, this is not a big problem. Hence, the
agent is feasible to be installed on Raspberry Pi devices only.
ACKNOWLEDGEMENTS
The authors are grateful to the Education and Culture Ministry Republic of Indonesia for supporting
this study through the Grant Research World Class Professor in 2021.
REFERENCES
[1] A. Shiranzaei and R. Z. Khan, “IPv6 security issues - a systematic review,” in Next-Generation Networks, 2018, pp. 41–49,
doi: 10.1007/978-981-10-6005-2_5.
[2] A. A. Bahashwan, M. Anbar, and S. M. Hanshi, “Overview of IPv6 based DDoS and DoS attacks detection mechanisms,” in ACeS
2019: Advances in Cyber Security, 2020, pp. 153–167, doi: 10.1007/978-981-15-2693-0_11.
[3] L. Ubiedo, T. O’Hara, M. J. Erquiaga, and S. Garcia, “Current state of IPv6 security in IoT,” arXiv:2105.02710, May 2021.
[4] I. Butun, P. Osterberg, and H. Song, “Security of the internet of things: Vulnerabilities, attacks, and countermeasures,” IEEE
Communications Surveys & Tutorials, vol. 22, no. 1, pp. 616–644, 2020, doi: 10.1109/COMST.2019.2953364.
[5] M. A. M. Sadeeq, S. R. M. Zeebaree, R. Qashi, S. H. Ahmed, and K. Jacksi, “Internet of things security: a survey,” in
2018 International Conference on Advanced Science and Engineering (ICOASE), Oct. 2018, pp. 162–166,
doi: 10.1109/ICOASE.2018.8548785.
[6] O. Yousuf and R. N. Mir, “A survey on the internet of things security,” Information and Computer Security, vol. 27, no. 2,
pp. 292–323, Jun. 2019, doi: 10.1108/ICS-07-2018-0084.
[7] E. A. Shammar and A. T. Zahary, “The internet of things (IoT): a survey of techniques, operating systems, and trends,” Library Hi
Tech, vol. 38, no. 1, pp. 5–66, Oct. 2019, doi: 10.1108/LHT-12-2018-0200.
[8] R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, “Internet of things (IoT) security: current status, challenges and prospective
measures,” in 2015 10th
International Conference for Internet Technology and Secured Transactions (ICITST), Dec. 2015,
pp. 336–341, doi: 10.1109/ICITST.2015.7412116.
[9] A. Triantafyllou, P. Sarigiannidis, and T. D. Lagkas, “Network protocols, schemes, and mechanisms for internet of things (IoT):
Features, open challenges, and trends,” Wireless Communications and Mobile Computing, vol. 2018, pp. 1–24, Sep. 2018,
doi: 10.1155/2018/5349894.
[10] S. Zeadally and M. Tsikerdekis, “Securing internet of things (IoT) with machine learning,” International Journal of Communication
Systems, vol. 33, no. 1, Jan. 2020, doi: 10.1002/dac.4169.
[11] A. Sforzin, F. G. Marmol, M. Conti, and J.-M. Bohli, “RPiDS: Raspberry Pi IDS - a fruitful intrusion detection system for IoT,” in
2016 IEEE Conferences on Ubiquitous Intelligence and Computing, Advanced and Trusted Computing, Scalable Computing and
Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress
(UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld), Jul. 2016, pp. 440–448, doi: 10.1109/UIC-ATC-ScalCom-CBDCom-IoP-
10. Int J Elec & Comp Eng ISSN: 2088-8708
IPv6 flood attack detection based on epsilon greedy optimized Q learning … (April Firman Daru)
5791
SmartWorld.2016.0080.
[12] T. Sommestad, H. Holm, and D. Steinvall, “Variables influencing the effectiveness of signature-based network intrusion
detection systems,” Information Security Journal: A Global Perspective, vol. 31, no. 6, pp. 711–728, Nov. 2022,
doi: 10.1080/19393555.2021.1975853.
[13] T. Jiang, J. L. Gradus, and A. J. Rosellini, “Supervised machine learning: a brief primer,” Behavior Therapy, vol. 51, no. 5,
pp. 675–687, Sep. 2020, doi: 10.1016/j.beth.2020.05.002.
[14] I. H. Sarker, “Machine learning: algorithms, real-world applications and research directions,” SN Computer Science, vol. 2, no. 3,
May 2021, doi: 10.1007/s42979-021-00592-x.
[15] A. M. Karimi, Q. Niyaz, W. Sun, A. Y. Javaid, and V. K. Devabhaktuni, “Distributed network traffic feature extraction for a real-
time IDS,” in 2016 IEEE International Conference on Electro Information Technology (EIT), May 2016, pp. 0522–0526.
doi: 10.1109/EIT.2016.7535295.
[16] T. Ahmad and M. N. Aziz, “Data preprocessing and feature selection for machine learning intrusion detection systems,” ICIC
Express Letters, vol. 13, no. 2, pp. 93–101, 2019.
[17] H. Malhotra and P. Sharma, “Intrusion detection using machine learning and feature selection,” International Journal of Computer
Network and Information Security, vol. 11, no. 4, pp. 43–52, Apr. 2019, doi: 10.5815/ijcnis.2019.04.06.
[18] M. Anbar, R. Abdullah, B. N. Al-Tamimi, and A. Hussain, “A machine learning approach to detect router advertisement flooding attacks
in next-generation IPv6 networks,” Cognitive Computation, vol. 10, no. 2, pp. 201–214, Apr. 2018, doi: 10.1007/s12559-017-9519-8.
[19] M. Zolanvari, M. A. Teixeira, L. Gupta, K. M. Khan, and R. Jain, “Machine learning-based network vulnerability analysis
of industrial internet of things,” IEEE Internet of Things Journal, vol. 6, no. 4, pp. 6822–6834, Aug. 2019,
doi: 10.1109/JIOT.2019.2912022.
[20] P. Winder, Reinforcement learning: Industrial applications of intelligent agents. O’Reilly Media, 2020.
[21] M. Schrötter, T. Scheffler, and B. Schnor, “Evaluation of intrusion detection systems in IPv6 networks,” in Proceedings of the 16th
International Joint Conference on e-Business and Telecommunications, 2019, pp. 408–416, doi: 10.5220/0007840104080416.
[22] W. Dabney, G. Ostrovski, and A. Barreto, “Temporally-extended ε-greedy exploration,” arXiv:2006.01782, Jun. 2020.
[23] M. Kubat, An introduction to machine learning. Cham: Springer International Publishing, 2017, doi: 10.1007/978-3-319-63913-0.
[24] B. Jang, M. Kim, G. Harerimana, and J. W. Kim, “Q-learning algorithms: A comprehensive classification and applications,” IEEE
Access, vol. 7, pp. 133653–133667, 2019, doi: 10.1109/ACCESS.2019.2941229.
[25] J. Clifton and E. Laber, “Q-learning: theory and applications,” Annual Review of Statistics and Its Application, vol. 7, no. 1,
pp. 279–301, Mar. 2020, doi: 10.1146/annurev-statistics-031219-041220.
[26] A. A. Salih and A. M. Abdulazeez, “Evaluation of classification algorithms for intrusion detection system: a review,” Journal of
Soft Computing and Data Mining, vol. 02, no. 01, Apr. 2021, doi: 10.30880/jscdm.2021.02.01.004.
[27] S. Manickam et al., “Labelled dataset on distributed denial-of-service (DDoS) attacks based on internet control message protocol
version 6 (ICMPv6),” Wireless Communications and Mobile Computing, vol. 2022, pp. 1–13, 2022, doi: 10.1155/2022/8060333.
BIOGRAPHIES OF AUTHORS
April Firman Daru is currently studying for a Doctor of Computer Science at the
Universitas Kristen Satya Wacana (UKSW) Salatiga, Indonesia. Since 2010 until now he has
been a Lecturer in the Informatics Engineering Study Program at the Universitas Semarang
(USM). His research interests are in the fields of internet of things, artificial intelligence, attack
detection and machine learning. He can be contacted at email: firman@usm.ac.id.
Kristoko Dwi Hartomo completed his doctorate in the Doctorate Program of
Computer Science, Science Faculty of Gadjah Mada University in 2017. He has been active in
research since 2008 until now on intrusion detection systems, spatial data processing and remote
sensing. He has published his papers in international journals, has 5 copyrights, and wrote some
reference books on remote sensing data analysis and modelling in Indonesia and English. He
can be contacted at email: kristoko@uksw.edu.
Hindriyanto Dwi Purnomo is an Associate Professor at Department of Information
Technology, Universitas Kristen Satya Wacana, Indonesia. He received his bachelor’s degree
in engineering physics, from Gadjah Mada University, Indonesia, in 2005, Magister of
Information Technology from The University of Melbourne, Australia in 2009 and Doctor of
Philosophy in Industrial and System Engineering from Chung Yuan Christian University,
Taiwan, in 2013. He has received several recognitions and awards for his academic
achievement. He also has published many articles in reputable journals, conferences, and books.
His research interests are in the field of metaheuristics, soft computing, machine learning and
deep learning. He can be contacted at email: hindriyanto.purnomo@uksw.edu.