This document provides a review of machine and deep learning techniques for detecting internet protocol version six (IPv6) attacks, specifically distributed denial of service (DDoS) attacks. It begins with an introduction on the growth of IPv6 usage and its vulnerabilities. It then compares this review to previous related works and provides overviews of IPv6, DDoS attacks, and intrusion detection systems. The review discusses machine learning techniques including naive Bayes, decision trees, and neural networks that have been used in intrusion detection systems. It also discusses deep learning techniques and provides a qualitative comparison of machine and deep learning approaches.
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...IDES Editor
The development of Internet protocols are greatly
needed as the network security becomes one of the most
important issues. This brings the need to develop IPv4 into
IPv6 in order to proceed towards increasing the network
capacity.
Now Intruders are considered as one of the most serious
threats to the internet security. Data mining techniques have
been successfully utilized in many applications. Many
research projects have applied data mining techniques to
intrusion detection. Furthermore different types of data
mining algorithms are very much useful to intrusion detection
such as Classification, Link Analysis and Sequence Analysis.
Moreover, one of the major challenges in securing fast
networks is the online detection of suspicious anomalies in
network traffic pattern. Most of the current security solutions
failed to perform the security task in online mode because of
the time needed to capture the packets and making decision
about it.
Practically, this study provides alliterative survey for the
enhancement associated with IPv6 in terms of its security
related functions. It is worthy mentioned that this study is
concurred with the data mining approaches that have been
used to detect intrusions.
DEH-DoSv6: A defendable security model against IPv6 extension headers denial ...journalBEEI
With the rapid depletion of IPv4 protocol in these recent years, the IETF introduced IPv6 as a solution to address the exhaustion, however, as a new protocol exists, new characteristics have been introduced and new threats have been discovered. Extension Headers are the new characteristics of IPv6 that have an emerging and re-emerging security threats that is needed to be taken into consideration during the full migration to the IPv6 network. This study revealed that up to this moment, the popular vendors are still vulnerable and doesn’t have any default protection to deal with extension headers’ Denial of Service Attack (DoS). Also, this study leads to the development of new security model which creates a new solution to address the emerging threats of IPv6 extension headers’ Denial of Service Attack. Moreover, the results of this study show that our proposed security model is more effective in terms of neutralizing the unwanted traffic causing evasion attack by filtering, rate-limiting and discarding the malformed packets of prohibited extension headers’ payload versus the traditional router protection.
Denial of service attack: an analysis to IPv6 extension headers security nig...IJECEIAES
Dealing with scarcity issues of internet protocol version 4 (IPv4), internet engineering task force (IETF) developed internet protocol version 6 (IPv6) to support the needs of IP addresses for future use of the internet, however, one challenge that must be faced while transitioning to IPv6 is in the area of security. IPv6 is a new protocol that has many new probabilities for attackers to exploit the protocol stack and one of them is through IPv6 extension headers. Mishandling of extension headers are the security nightmares for network administrators, allowing for new security threats that will cause denial of service (DoS). As a result, the mishandling of IPv6 extension Headers creates new attack vectors that could lead to DoS–which can be exploited for different purposes, such as creating covert channels, fragmentation attacks, and routing header 0 attacks. Furthermore, this paper becomes proof of concepts that even to this day our well-known network devices are still exploitable by these attack vectors.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
IS THERE A TROJAN! : LITERATURE SURVEY AND CRITICAL EVALUATION OF THE LATEST ...IJCI JOURNAL
IoT as a domain has grown so much in the last few years that it rivals that of the mobile network
environments in terms of data volumes as well as cybersecurity threats. The confidentiality and privacy of
data within IoT environments have become very important areas of security research within the last few
years. More and more security experts are interested in designing robust IDS systems to protect IoT
environments as a supplement to the more traditional security methods. Given that IoT devices are
resource-constrained and have a heterogeneous protocol stack, most traditional intrusion detection
approaches don’t work well within these schematic boundaries. This has led security researchers to
innovate at the intersection of Machine Learning and IDS to solve the shortcomings of non-learning based
IDS systems in the IoT ecosystem.
A hybrid framework for detecting structured query language injection attacks...IJECEIAES
Almost every web-based application is managed and operated through a number of websites, each of which is vulnerable to cyber-attacks that are mounted across the same networks used by the applications, with much less risk to the attacker than physical attacks. Such web-based attacks make use of a range of modern techniques-such as structured query language injection (SQLi), cross-site scripting, and data tampering-to achieve their aims. Among them, SQLi is the most popular and vulnerable attack, which can be performed in one of two ways; either by an outsider of an organization (known as the outside attacker) or by an insider with a good knowledge of the system with proper administrative rights (known as the inside attacker). An inside attacker, in contrast to an outsider, can take down the system easily and pose a significant challenge to any organization, and therefore needs to be identified in advance to mitigate the possible consequences. Blockchain-based technique is an efficient approach to detect and mitigate SQLi attacks and is widely used these days. Thus, in this study, a hybrid method is proposed that combines a SQL query matching technique (SQLMT) and a standard blockchain framework to detect SQLi attacks created by insiders. The results obtained by the proposed hybrid method through computational experiments are further validated using standard web validation tools.
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...IDES Editor
The development of Internet protocols are greatly
needed as the network security becomes one of the most
important issues. This brings the need to develop IPv4 into
IPv6 in order to proceed towards increasing the network
capacity.
Now Intruders are considered as one of the most serious
threats to the internet security. Data mining techniques have
been successfully utilized in many applications. Many
research projects have applied data mining techniques to
intrusion detection. Furthermore different types of data
mining algorithms are very much useful to intrusion detection
such as Classification, Link Analysis and Sequence Analysis.
Moreover, one of the major challenges in securing fast
networks is the online detection of suspicious anomalies in
network traffic pattern. Most of the current security solutions
failed to perform the security task in online mode because of
the time needed to capture the packets and making decision
about it.
Practically, this study provides alliterative survey for the
enhancement associated with IPv6 in terms of its security
related functions. It is worthy mentioned that this study is
concurred with the data mining approaches that have been
used to detect intrusions.
DEH-DoSv6: A defendable security model against IPv6 extension headers denial ...journalBEEI
With the rapid depletion of IPv4 protocol in these recent years, the IETF introduced IPv6 as a solution to address the exhaustion, however, as a new protocol exists, new characteristics have been introduced and new threats have been discovered. Extension Headers are the new characteristics of IPv6 that have an emerging and re-emerging security threats that is needed to be taken into consideration during the full migration to the IPv6 network. This study revealed that up to this moment, the popular vendors are still vulnerable and doesn’t have any default protection to deal with extension headers’ Denial of Service Attack (DoS). Also, this study leads to the development of new security model which creates a new solution to address the emerging threats of IPv6 extension headers’ Denial of Service Attack. Moreover, the results of this study show that our proposed security model is more effective in terms of neutralizing the unwanted traffic causing evasion attack by filtering, rate-limiting and discarding the malformed packets of prohibited extension headers’ payload versus the traditional router protection.
Denial of service attack: an analysis to IPv6 extension headers security nig...IJECEIAES
Dealing with scarcity issues of internet protocol version 4 (IPv4), internet engineering task force (IETF) developed internet protocol version 6 (IPv6) to support the needs of IP addresses for future use of the internet, however, one challenge that must be faced while transitioning to IPv6 is in the area of security. IPv6 is a new protocol that has many new probabilities for attackers to exploit the protocol stack and one of them is through IPv6 extension headers. Mishandling of extension headers are the security nightmares for network administrators, allowing for new security threats that will cause denial of service (DoS). As a result, the mishandling of IPv6 extension Headers creates new attack vectors that could lead to DoS–which can be exploited for different purposes, such as creating covert channels, fragmentation attacks, and routing header 0 attacks. Furthermore, this paper becomes proof of concepts that even to this day our well-known network devices are still exploitable by these attack vectors.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
Feature Selection using the Concept of Peafowl Mating in IDSIJCNCJournal
Cloud computing has high applicability as an Internet based service that relies on sharing computing resources. Cloud computing provides services that are Infrastructure based, Platform based and Software based. The popularity of this technology is due to its superb performance, high level of computing ability, low cost of services, scalability, availability and flexibility. The obtainability and openness of data in cloud environment make it vulnerable to the world of cyber-attacks. To detect the attacks Intrusion Detection System is used, that can identify the attacks and ensure information security. Such a coherent and proficient Intrusion Detection System is proposed in this paper to achieve higher certainty levels regarding safety in cloud environment. In this paper, the mating behavior of peafowl is incorporated into an optimization algorithm which in turn is used as a feature selection algorithm. The algorithm is used to reduce the huge size of cloud data so that the IDS can work efficiently on the cloud to detect intrusions. The proposed model has been experimented with NSL-KDD dataset as well as Kyoto dataset and have proved to be a better as well as an efficient IDS.
IS THERE A TROJAN! : LITERATURE SURVEY AND CRITICAL EVALUATION OF THE LATEST ...IJCI JOURNAL
IoT as a domain has grown so much in the last few years that it rivals that of the mobile network
environments in terms of data volumes as well as cybersecurity threats. The confidentiality and privacy of
data within IoT environments have become very important areas of security research within the last few
years. More and more security experts are interested in designing robust IDS systems to protect IoT
environments as a supplement to the more traditional security methods. Given that IoT devices are
resource-constrained and have a heterogeneous protocol stack, most traditional intrusion detection
approaches don’t work well within these schematic boundaries. This has led security researchers to
innovate at the intersection of Machine Learning and IDS to solve the shortcomings of non-learning based
IDS systems in the IoT ecosystem.
A hybrid framework for detecting structured query language injection attacks...IJECEIAES
Almost every web-based application is managed and operated through a number of websites, each of which is vulnerable to cyber-attacks that are mounted across the same networks used by the applications, with much less risk to the attacker than physical attacks. Such web-based attacks make use of a range of modern techniques-such as structured query language injection (SQLi), cross-site scripting, and data tampering-to achieve their aims. Among them, SQLi is the most popular and vulnerable attack, which can be performed in one of two ways; either by an outsider of an organization (known as the outside attacker) or by an insider with a good knowledge of the system with proper administrative rights (known as the inside attacker). An inside attacker, in contrast to an outsider, can take down the system easily and pose a significant challenge to any organization, and therefore needs to be identified in advance to mitigate the possible consequences. Blockchain-based technique is an efficient approach to detect and mitigate SQLi attacks and is widely used these days. Thus, in this study, a hybrid method is proposed that combines a SQL query matching technique (SQLMT) and a standard blockchain framework to detect SQLi attacks created by insiders. The results obtained by the proposed hybrid method through computational experiments are further validated using standard web validation tools.
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
RTL-DL: A HYBRID DEEP LEARNING FRAMEWORK FOR DDOS ATTACK DETECTION IN A BIG D...IJCNCJournal
The document presents a new framework called RTL-DL for detecting DDoS attacks using a hybrid deep learning approach. It aims to address issues with existing datasets like class imbalance and irrelevant features. The proposed model uses random oversampling and TomekLinks under-sampling (RTL) to handle class imbalance in the CICIDS2017 dataset. It also uses an information gain feature selection technique to select important features. The model achieves high performance metrics in detecting DDoS attacks compared to other approaches. It is more computationally efficient due to reduced processing time from using the RTL algorithm. The framework makes an important contribution to addressing DDoS detection challenges in big data environments.
RTL-DL: A Hybrid Deep Learning Framework for DDoS Attack Detection in a Big D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to prevent DDoS attacks. However, their performance is greatly affected by a large class mbalance nature of the training datasets as well as the presence of redundant and irrelevant features in them. This study proposes RTL-DL, a new framework for an effective intrusion detection model based on the random oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3% accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current approaches, the uggested model has demonstrated romising results in identifying network threats in imbalanced data sets.
Challenges and Proposed Solutions for Cloud ForensicIJERA Editor
The document discusses the challenges of cloud forensics. Some key challenges discussed are:
1) Physical inaccessibility of digital evidence stored in the cloud makes evidence collection difficult as investigators do not have direct access to cloud servers.
2) Dynamic IP addresses in the cloud make it challenging to map IP addresses for search warrants as locations cannot be precisely tracked.
3) Volatile cloud data can be lost if storage instances are shutdown, as data only exists in memory and lacks persistence. This poses issues for forensic investigation.
The document also examines limitations of current forensic tools for cloud environments and issues of trust when relying on cloud providers' employees to collect forensic data. Overall, the challenges discussed center around the lack
This document proposes an Ensemble Deep Learning based Web Attack Detection System (EDL-WADS) to detect web attacks in IoT networks. It first analyzes URL requests using two feature representation methods to transform them into vectors. It then uses three deep learning models - MRN, LSTM, and CNN - to classify the requests separately. Finally, an ensemble classifier combines the results from the three models to make the final detection decision. The proposed system was evaluated on public and real-world datasets and showed accurate detection of web attacks with low false positive and negative rates compared to other approaches.
EFFECTIVE MALWARE DETECTION APPROACH BASED ON DEEP LEARNING IN CYBER-PHYSICAL...ijcsit
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyberphysical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyber-
physical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Network infrastructures have played important part in most daily communications for business industries,
social networking, government sectors and etc. Despites the advantages that came from such
functionalities, security threats have become a daily struggle. One major security threat is hacking.
Consequently, security experts and researchers have suggested possible security solutions such as
Firewalls, Intrusion Detection Systems (IDS), Intrusion Detection and Prevention Systems (IDP) and
Honeynet. Yet, none of these solutions have proven their ability to completely address hacking. The reason
behind that, there is a few researches that examine the behavior of hackers. This paper formally and
practically examines in details the behavior of hackers and their targeted environments. Moreover, this
paper formally examines the properties of one essential pre-hacking step called scanning and highlights its
importance in developing hacking strategies. Also, it illustrates the properties of hacking that is common in
most hacking strategies to assist security experts and researchers towards minimizing the risk of hack.
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESIJNSA Journal
Network infrastructures have played important part in most daily communications for business industries, social networking, government sectors and etc. Despites the advantages that came from such functionalities, security threats have become a daily struggle. One major security threat is hacking. Consequently, security experts and researchers have suggested possible security solutions such as Firewalls, Intrusion Detection Systems (IDS), Intrusion Detection and Prevention Systems (IDP) and Honeynet. Yet, none of these solutions have proven their ability to completely address hacking. The reason behind that, there is a few researches that examine the behavior of hackers. This paper formally and practically examines in details the behavior of hackers and their targeted environments. Moreover, this paper formally examines the properties of one essential pre-hacking step called scanning and highlights its importance in developing hacking strategies. Also, it illustrates the properties of hacking that is common in most hacking strategies to assist security experts and researchers towards minimizing the risk of hack.
A Review On Data Security In Cloud ComputingYolanda Ivey
This document provides a review of approaches for ensuring data security in cloud computing. It summarizes 31 research papers on this topic published between 2007-2014. The key findings are:
1) The majority of approaches (45%) ensured data security through encryption methods like RSA encryption, merging Playfair and Vigenere ciphers with DES, and using SSL encryption.
2) Other common approaches included proposing guidelines (21%) and frameworks (16%) for data security, and using homomorphic tokens (7%) to enable encrypted data comparisons.
3) The approaches were categorized based on the technique used, with encryption being the most frequent, followed by guidelines, frameworks, homomorphic tokens, and other methods like harmonizing
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...IJNSA Journal
Defending against Distributed Denial of Service (DDoS) in the Internet of Things (IoT) computing environment is a challenging task. DDoS attacks are type of collective attack in which attackers work together to compromise internet security and services. The resource-constrained devices used in IoT deployments have made it even easier for an attacker to break, because of the vast number of vulnerable IoT devices with significant compute power. This paper proposed an ensemble machine learning (ML) model using the bagging technique to detect and prevent DDoS attacks in the IoT computing environment. We carried out an Machine Learning experiment and evaluated our proposed model with the most recent DDoS attacks (CICDoS2019) dataset. We use seven validation metrics (classification accuracy, precision rate, recall rate, f1-score, Matthews Correlation Coefficient, false negative rate and false positive rate) to evaluate the performance of the proposed model. The results obtained in our experiment shows an improved performance with an overall maximum classification accuracy of 99.75%, precision rate of 99.99%, recall rate of 99.76%, f1-score of 99.87%, Matthews Correlation Coefficient of 0.000000214, false negative rate of 0.24% and 4.42% false positive rate.
This document summarizes a survey of cloud-based secure web applications. It begins with an introduction to cloud computing and the security risks of web applications. It then presents two tables: 1) a comparison of related work on web application security that analyzes the attacks, algorithms, languages, models, studies, and test cases used; and 2) a comparison of Python to PHP and Ruby programming languages in terms of their version, purpose, creator, influences, popular sites built with each, usability, and ease of learning. The document concludes that there is a need for solutions that allow users to securely test websites for vulnerabilities in the cloud.
Intrusion Detection System using Self Organizing Map: A SurveyIJERA Editor
Due to usage of computer every field, Network Security is the major concerned in today’s scenario. Every year the number of users and speed of network is increasing, along with it online fraud or security threats are also increasing. Every day a new attack is generated to harm the system or network. It is necessary to protect the system or networks from various threats by using Intrusion Detection System which can detect “known” as well as “unknown” attack and generate alerts if any unusual behavior in the traffic. There are various approaches for IDS, but in this paper, survey is focused on IDS using Self Organizing Map. SOM is unsupervised, fast conversion and automatic clustering algorithm which is able to handle novelty detection. The main objective of the survey is to find and address the current challenges of SOM. Our survey shows that the existing IDS based on SOM have poor detection rate for U2R and R2L attacks. To improve it, proper normalization technique should be used. During the survey we also found that HSOM and GHSOM are advance model of SOM which have their own unique feature for better performance of IDS. GHSOM is efficient due to its low computation time. This survey is beneficial to design and develop efficient SOM based IDS having less computation time and better detection rate.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...Claire Webber
This systematic literature review examines research on cloud computing security threats and mitigation strategies published between 2010 and 2020. The review identified 7 major security threats to cloud services, including data tampering, data leakage, and issues with data storage and intrusion. Data tampering and leakage were highly discussed topics. The findings also indicated that outsourcing data remains a challenge and suggested blockchain as a technology that could help address security issues. The review revealed needs to improve data confidentiality, integrity, and availability in future work.
Implementation_of_User_Authentication_asMasood Shah
This document summarizes a research paper that proposes a model for centralized user authentication as a service for cloud networks. The paper reviews security issues and traditional authentication approaches in cloud computing. It then presents a model that implements user authentication through a cloud gateway and authentication server rather than direct access to resources. The model is intended to provide secure authentication while maintaining availability of cloud services. The paper also describes implementing a prototype of the proposed model using VMware Workstation to create a virtual cloud environment with different operating systems.
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
Abstract—With the heightening reliance on Information Technology in recent times, it has becoming more relevant to find measures to secure every online device, data and information. A Network Intrusion Detection System (NIDS) is one of the security options to consider to help protect such devices, data and information. However, IDS needs to be up to date to mitigate current threats to secure systems. A critical issue in the development of the right IDS is the scarcity of current data sets used for training these IDS and the impact on system performance. This paper presents an On-demand Network Data Set Creation Application (ONDaSCA) a Graphical User Interface software capable of generating labelled network intrusion data set. ONDaSCA grants IDS users or researchers the option to choose a raw data set and processed this data set as output, real-time packet capture and offline upload of existing PCAP file and two (2) difference packet capturing methods (Tshark and Dumpcap). ONDaSCA is highly customisable and an IDS user or researcher can leverage its capabilities to suit their needs. The abilities of this software are compared with other similar products that generate data set for use by IDS model.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Contenu connexe
Similaire à Machine and deep learning techniques for detecting internet protocol version six attacks: a review
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
RTL-DL: A HYBRID DEEP LEARNING FRAMEWORK FOR DDOS ATTACK DETECTION IN A BIG D...IJCNCJournal
The document presents a new framework called RTL-DL for detecting DDoS attacks using a hybrid deep learning approach. It aims to address issues with existing datasets like class imbalance and irrelevant features. The proposed model uses random oversampling and TomekLinks under-sampling (RTL) to handle class imbalance in the CICIDS2017 dataset. It also uses an information gain feature selection technique to select important features. The model achieves high performance metrics in detecting DDoS attacks compared to other approaches. It is more computationally efficient due to reduced processing time from using the RTL algorithm. The framework makes an important contribution to addressing DDoS detection challenges in big data environments.
RTL-DL: A Hybrid Deep Learning Framework for DDoS Attack Detection in a Big D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to prevent DDoS attacks. However, their performance is greatly affected by a large class mbalance nature of the training datasets as well as the presence of redundant and irrelevant features in them. This study proposes RTL-DL, a new framework for an effective intrusion detection model based on the random oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3% accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current approaches, the uggested model has demonstrated romising results in identifying network threats in imbalanced data sets.
Challenges and Proposed Solutions for Cloud ForensicIJERA Editor
The document discusses the challenges of cloud forensics. Some key challenges discussed are:
1) Physical inaccessibility of digital evidence stored in the cloud makes evidence collection difficult as investigators do not have direct access to cloud servers.
2) Dynamic IP addresses in the cloud make it challenging to map IP addresses for search warrants as locations cannot be precisely tracked.
3) Volatile cloud data can be lost if storage instances are shutdown, as data only exists in memory and lacks persistence. This poses issues for forensic investigation.
The document also examines limitations of current forensic tools for cloud environments and issues of trust when relying on cloud providers' employees to collect forensic data. Overall, the challenges discussed center around the lack
This document proposes an Ensemble Deep Learning based Web Attack Detection System (EDL-WADS) to detect web attacks in IoT networks. It first analyzes URL requests using two feature representation methods to transform them into vectors. It then uses three deep learning models - MRN, LSTM, and CNN - to classify the requests separately. Finally, an ensemble classifier combines the results from the three models to make the final detection decision. The proposed system was evaluated on public and real-world datasets and showed accurate detection of web attacks with low false positive and negative rates compared to other approaches.
EFFECTIVE MALWARE DETECTION APPROACH BASED ON DEEP LEARNING IN CYBER-PHYSICAL...ijcsit
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyberphysical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Cyber-physical Systems based on advanced networks interact with other networks through wireless
communication to enhance interoperability, dynamic mobility, and data supportability. The vast data is
managed through a cloud platform, vulnerable to cyber-attacks. It will threaten the customers in terms of
privacy and security as third-party users should authenticate the network. If it fails, it will create extensive
damage and threat to the established network and makes the hacker malfunction the network services
efficiently. This paper proposes a DL-based CPS approach to identify and mitigate the malware cyber-
physical system attack of Denial of Service (DoS) and Distributed Denial of Service (DDoS) as it ensures
adequate decision support. At the same time, the trusted user nodes are connected to the network. It helps
to improve the privacy and authentication of the network by improving the data accuracy and Quality of
Service (QoS) in the network. Here the analysis is determined on the proposed system to improve the
network reliability and security compared to some of the existing SVM-based and Apriori-based detection
approaches.
Network infrastructures have played important part in most daily communications for business industries,
social networking, government sectors and etc. Despites the advantages that came from such
functionalities, security threats have become a daily struggle. One major security threat is hacking.
Consequently, security experts and researchers have suggested possible security solutions such as
Firewalls, Intrusion Detection Systems (IDS), Intrusion Detection and Prevention Systems (IDP) and
Honeynet. Yet, none of these solutions have proven their ability to completely address hacking. The reason
behind that, there is a few researches that examine the behavior of hackers. This paper formally and
practically examines in details the behavior of hackers and their targeted environments. Moreover, this
paper formally examines the properties of one essential pre-hacking step called scanning and highlights its
importance in developing hacking strategies. Also, it illustrates the properties of hacking that is common in
most hacking strategies to assist security experts and researchers towards minimizing the risk of hack.
DETERRING HACKING STRATEGIES VIA TARGETING SCANNING PROPERTIESIJNSA Journal
Network infrastructures have played important part in most daily communications for business industries, social networking, government sectors and etc. Despites the advantages that came from such functionalities, security threats have become a daily struggle. One major security threat is hacking. Consequently, security experts and researchers have suggested possible security solutions such as Firewalls, Intrusion Detection Systems (IDS), Intrusion Detection and Prevention Systems (IDP) and Honeynet. Yet, none of these solutions have proven their ability to completely address hacking. The reason behind that, there is a few researches that examine the behavior of hackers. This paper formally and practically examines in details the behavior of hackers and their targeted environments. Moreover, this paper formally examines the properties of one essential pre-hacking step called scanning and highlights its importance in developing hacking strategies. Also, it illustrates the properties of hacking that is common in most hacking strategies to assist security experts and researchers towards minimizing the risk of hack.
A Review On Data Security In Cloud ComputingYolanda Ivey
This document provides a review of approaches for ensuring data security in cloud computing. It summarizes 31 research papers on this topic published between 2007-2014. The key findings are:
1) The majority of approaches (45%) ensured data security through encryption methods like RSA encryption, merging Playfair and Vigenere ciphers with DES, and using SSL encryption.
2) Other common approaches included proposing guidelines (21%) and frameworks (16%) for data security, and using homomorphic tokens (7%) to enable encrypted data comparisons.
3) The approaches were categorized based on the technique used, with encryption being the most frequent, followed by guidelines, frameworks, homomorphic tokens, and other methods like harmonizing
DISTRIBUTED DENIAL OF SERVICE ATTACK DETECTION AND PREVENTION MODEL FOR IOTBA...IJNSA Journal
Defending against Distributed Denial of Service (DDoS) in the Internet of Things (IoT) computing environment is a challenging task. DDoS attacks are type of collective attack in which attackers work together to compromise internet security and services. The resource-constrained devices used in IoT deployments have made it even easier for an attacker to break, because of the vast number of vulnerable IoT devices with significant compute power. This paper proposed an ensemble machine learning (ML) model using the bagging technique to detect and prevent DDoS attacks in the IoT computing environment. We carried out an Machine Learning experiment and evaluated our proposed model with the most recent DDoS attacks (CICDoS2019) dataset. We use seven validation metrics (classification accuracy, precision rate, recall rate, f1-score, Matthews Correlation Coefficient, false negative rate and false positive rate) to evaluate the performance of the proposed model. The results obtained in our experiment shows an improved performance with an overall maximum classification accuracy of 99.75%, precision rate of 99.99%, recall rate of 99.76%, f1-score of 99.87%, Matthews Correlation Coefficient of 0.000000214, false negative rate of 0.24% and 4.42% false positive rate.
This document summarizes a survey of cloud-based secure web applications. It begins with an introduction to cloud computing and the security risks of web applications. It then presents two tables: 1) a comparison of related work on web application security that analyzes the attacks, algorithms, languages, models, studies, and test cases used; and 2) a comparison of Python to PHP and Ruby programming languages in terms of their version, purpose, creator, influences, popular sites built with each, usability, and ease of learning. The document concludes that there is a need for solutions that allow users to securely test websites for vulnerabilities in the cloud.
Intrusion Detection System using Self Organizing Map: A SurveyIJERA Editor
Due to usage of computer every field, Network Security is the major concerned in today’s scenario. Every year the number of users and speed of network is increasing, along with it online fraud or security threats are also increasing. Every day a new attack is generated to harm the system or network. It is necessary to protect the system or networks from various threats by using Intrusion Detection System which can detect “known” as well as “unknown” attack and generate alerts if any unusual behavior in the traffic. There are various approaches for IDS, but in this paper, survey is focused on IDS using Self Organizing Map. SOM is unsupervised, fast conversion and automatic clustering algorithm which is able to handle novelty detection. The main objective of the survey is to find and address the current challenges of SOM. Our survey shows that the existing IDS based on SOM have poor detection rate for U2R and R2L attacks. To improve it, proper normalization technique should be used. During the survey we also found that HSOM and GHSOM are advance model of SOM which have their own unique feature for better performance of IDS. GHSOM is efficient due to its low computation time. This survey is beneficial to design and develop efficient SOM based IDS having less computation time and better detection rate.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
A Systematic Literature Review On Cloud Computing Security Threats And Mitig...Claire Webber
This systematic literature review examines research on cloud computing security threats and mitigation strategies published between 2010 and 2020. The review identified 7 major security threats to cloud services, including data tampering, data leakage, and issues with data storage and intrusion. Data tampering and leakage were highly discussed topics. The findings also indicated that outsourcing data remains a challenge and suggested blockchain as a technology that could help address security issues. The review revealed needs to improve data confidentiality, integrity, and availability in future work.
Implementation_of_User_Authentication_asMasood Shah
This document summarizes a research paper that proposes a model for centralized user authentication as a service for cloud networks. The paper reviews security issues and traditional authentication approaches in cloud computing. It then presents a model that implements user authentication through a cloud gateway and authentication server rather than direct access to resources. The model is intended to provide secure authentication while maintaining availability of cloud services. The paper also describes implementing a prototype of the proposed model using VMware Workstation to create a virtual cloud environment with different operating systems.
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
Abstract—With the heightening reliance on Information Technology in recent times, it has becoming more relevant to find measures to secure every online device, data and information. A Network Intrusion Detection System (NIDS) is one of the security options to consider to help protect such devices, data and information. However, IDS needs to be up to date to mitigate current threats to secure systems. A critical issue in the development of the right IDS is the scarcity of current data sets used for training these IDS and the impact on system performance. This paper presents an On-demand Network Data Set Creation Application (ONDaSCA) a Graphical User Interface software capable of generating labelled network intrusion data set. ONDaSCA grants IDS users or researchers the option to choose a raw data set and processed this data set as output, real-time packet capture and offline upload of existing PCAP file and two (2) difference packet capturing methods (Tshark and Dumpcap). ONDaSCA is highly customisable and an IDS user or researcher can leverage its capabilities to suit their needs. The abilities of this software are compared with other similar products that generate data set for use by IDS model.
International Journal of Computer Science and Information Security,IJCSIS ISSN 1947-5500, Pittsburgh, PA, USA
Email: ijcsiseditor@gmail.com
http://sites.google.com/site/ijcsis/
https://google.academia.edu/JournalofComputerScience
https://www.linkedin.com/in/ijcsis-research-publications-8b916516/
http://www.researcherid.com/rid/E-1319-2016
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
Similaire à Machine and deep learning techniques for detecting internet protocol version six attacks: a review (20)
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Neural network optimizer of proportional-integral-differential controller par...IJECEIAES
Wide application of proportional-integral-differential (PID)-regulator in industry requires constant improvement of methods of its parameters adjustment. The paper deals with the issues of optimization of PID-regulator parameters with the use of neural network technology methods. A methodology for choosing the architecture (structure) of neural network optimizer is proposed, which consists in determining the number of layers, the number of neurons in each layer, as well as the form and type of activation function. Algorithms of neural network training based on the application of the method of minimizing the mismatch between the regulated value and the target value are developed. The method of back propagation of gradients is proposed to select the optimal training rate of neurons of the neural network. The neural network optimizer, which is a superstructure of the linear PID controller, allows increasing the regulation accuracy from 0.23 to 0.09, thus reducing the power consumption from 65% to 53%. The results of the conducted experiments allow us to conclude that the created neural superstructure may well become a prototype of an automatic voltage regulator (AVR)-type industrial controller for tuning the parameters of the PID controller.
An improved modulation technique suitable for a three level flying capacitor ...IJECEIAES
This research paper introduces an innovative modulation technique for controlling a 3-level flying capacitor multilevel inverter (FCMLI), aiming to streamline the modulation process in contrast to conventional methods. The proposed
simplified modulation technique paves the way for more straightforward and
efficient control of multilevel inverters, enabling their widespread adoption and
integration into modern power electronic systems. Through the amalgamation of
sinusoidal pulse width modulation (SPWM) with a high-frequency square wave
pulse, this controlling technique attains energy equilibrium across the coupling
capacitor. The modulation scheme incorporates a simplified switching pattern
and a decreased count of voltage references, thereby simplifying the control
algorithm.
A review on features and methods of potential fishing zoneIJECEIAES
This review focuses on the importance of identifying potential fishing zones in seawater for sustainable fishing practices. It explores features like sea surface temperature (SST) and sea surface height (SSH), along with classification methods such as classifiers. The features like SST, SSH, and different classifiers used to classify the data, have been figured out in this review study. This study underscores the importance of examining potential fishing zones using advanced analytical techniques. It thoroughly explores the methodologies employed by researchers, covering both past and current approaches. The examination centers on data characteristics and the application of classification algorithms for classification of potential fishing zones. Furthermore, the prediction of potential fishing zones relies significantly on the effectiveness of classification algorithms. Previous research has assessed the performance of models like support vector machines, naïve Bayes, and artificial neural networks (ANN). In the previous result, the results of support vector machine (SVM) were 97.6% more accurate than naive Bayes's 94.2% to classify test data for fisheries classification. By considering the recent works in this area, several recommendations for future works are presented to further improve the performance of the potential fishing zone models, which is important to the fisheries community.
Electrical signal interference minimization using appropriate core material f...IJECEIAES
As demand for smaller, quicker, and more powerful devices rises, Moore's law is strictly followed. The industry has worked hard to make little devices that boost productivity. The goal is to optimize device density. Scientists are reducing connection delays to improve circuit performance. This helped them understand three-dimensional integrated circuit (3D IC) concepts, which stack active devices and create vertical connections to diminish latency and lower interconnects. Electrical involvement is a big worry with 3D integrates circuits. Researchers have developed and tested through silicon via (TSV) and substrates to decrease electrical wave involvement. This study illustrates a novel noise coupling reduction method using several electrical involvement models. A 22% drop in electrical involvement from wave-carrying to victim TSVs introduces this new paradigm and improves system performance even at higher THz frequencies.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
Enhancing battery system identification: nonlinear autoregressive modeling fo...IJECEIAES
Precisely characterizing Li-ion batteries is essential for optimizing their
performance, enhancing safety, and prolonging their lifespan across various
applications, such as electric vehicles and renewable energy systems. This
article introduces an innovative nonlinear methodology for system
identification of a Li-ion battery, employing a nonlinear autoregressive with
exogenous inputs (NARX) model. The proposed approach integrates the
benefits of nonlinear modeling with the adaptability of the NARX structure,
facilitating a more comprehensive representation of the intricate
electrochemical processes within the battery. Experimental data collected
from a Li-ion battery operating under diverse scenarios are employed to
validate the effectiveness of the proposed methodology. The identified
NARX model exhibits superior accuracy in predicting the battery's behavior
compared to traditional linear models. This study underscores the
importance of accounting for nonlinearities in battery modeling, providing
insights into the intricate relationships between state-of-charge, voltage, and
current under dynamic conditions.
Smart grid deployment: from a bibliometric analysis to a surveyIJECEIAES
Smart grids are one of the last decades' innovations in electrical energy.
They bring relevant advantages compared to the traditional grid and
significant interest from the research community. Assessing the field's
evolution is essential to propose guidelines for facing new and future smart
grid challenges. In addition, knowing the main technologies involved in the
deployment of smart grids (SGs) is important to highlight possible
shortcomings that can be mitigated by developing new tools. This paper
contributes to the research trends mentioned above by focusing on two
objectives. First, a bibliometric analysis is presented to give an overview of
the current research level about smart grid deployment. Second, a survey of
the main technological approaches used for smart grid implementation and
their contributions are highlighted. To that effect, we searched the Web of
Science (WoS), and the Scopus databases. We obtained 5,663 documents
from WoS and 7,215 from Scopus on smart grid implementation or
deployment. With the extraction limitation in the Scopus database, 5,872 of
the 7,215 documents were extracted using a multi-step process. These two
datasets have been analyzed using a bibliometric tool called bibliometrix.
The main outputs are presented with some recommendations for future
research.
Use of analytical hierarchy process for selecting and prioritizing islanding ...IJECEIAES
One of the problems that are associated to power systems is islanding
condition, which must be rapidly and properly detected to prevent any
negative consequences on the system's protection, stability, and security.
This paper offers a thorough overview of several islanding detection
strategies, which are divided into two categories: classic approaches,
including local and remote approaches, and modern techniques, including
techniques based on signal processing and computational intelligence.
Additionally, each approach is compared and assessed based on several
factors, including implementation costs, non-detected zones, declining
power quality, and response times using the analytical hierarchy process
(AHP). The multi-criteria decision-making analysis shows that the overall
weight of passive methods (24.7%), active methods (7.8%), hybrid methods
(5.6%), remote methods (14.5%), signal processing-based methods (26.6%),
and computational intelligent-based methods (20.8%) based on the
comparison of all criteria together. Thus, it can be seen from the total weight
that hybrid approaches are the least suitable to be chosen, while signal
processing-based methods are the most appropriate islanding detection
method to be selected and implemented in power system with respect to the
aforementioned factors. Using Expert Choice software, the proposed
hierarchy model is studied and examined.
Enhancing of single-stage grid-connected photovoltaic system using fuzzy logi...IJECEIAES
The power generated by photovoltaic (PV) systems is influenced by
environmental factors. This variability hampers the control and utilization of
solar cells' peak output. In this study, a single-stage grid-connected PV
system is designed to enhance power quality. Our approach employs fuzzy
logic in the direct power control (DPC) of a three-phase voltage source
inverter (VSI), enabling seamless integration of the PV connected to the
grid. Additionally, a fuzzy logic-based maximum power point tracking
(MPPT) controller is adopted, which outperforms traditional methods like
incremental conductance (INC) in enhancing solar cell efficiency and
minimizing the response time. Moreover, the inverter's real-time active and
reactive power is directly managed to achieve a unity power factor (UPF).
The system's performance is assessed through MATLAB/Simulink
implementation, showing marked improvement over conventional methods,
particularly in steady-state and varying weather conditions. For solar
irradiances of 500 and 1,000 W/m2
, the results show that the proposed
method reduces the total harmonic distortion (THD) of the injected current
to the grid by approximately 46% and 38% compared to conventional
methods, respectively. Furthermore, we compare the simulation results with
IEEE standards to evaluate the system's grid compatibility.
Enhancing photovoltaic system maximum power point tracking with fuzzy logic-b...IJECEIAES
Photovoltaic systems have emerged as a promising energy resource that
caters to the future needs of society, owing to their renewable, inexhaustible,
and cost-free nature. The power output of these systems relies on solar cell
radiation and temperature. In order to mitigate the dependence on
atmospheric conditions and enhance power tracking, a conventional
approach has been improved by integrating various methods. To optimize
the generation of electricity from solar systems, the maximum power point
tracking (MPPT) technique is employed. To overcome limitations such as
steady-state voltage oscillations and improve transient response, two
traditional MPPT methods, namely fuzzy logic controller (FLC) and perturb
and observe (P&O), have been modified. This research paper aims to
simulate and validate the step size of the proposed modified P&O and FLC
techniques within the MPPT algorithm using MATLAB/Simulink for
efficient power tracking in photovoltaic systems.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Remote field-programmable gate array laboratory for signal acquisition and de...IJECEIAES
A remote laboratory utilizing field-programmable gate array (FPGA) technologies enhances students’ learning experience anywhere and anytime in embedded system design. Existing remote laboratories prioritize hardware access and visual feedback for observing board behavior after programming, neglecting comprehensive debugging tools to resolve errors that require internal signal acquisition. This paper proposes a novel remote embeddedsystem design approach targeting FPGA technologies that are fully interactive via a web-based platform. Our solution provides FPGA board access and debugging capabilities beyond the visual feedback provided by existing remote laboratories. We implemented a lab module that allows users to seamlessly incorporate into their FPGA design. The module minimizes hardware resource utilization while enabling the acquisition of a large number of data samples from the signal during the experiments by adaptively compressing the signal prior to data transmission. The results demonstrate an average compression ratio of 2.90 across three benchmark signals, indicating efficient signal acquisition and effective debugging and analysis. This method allows users to acquire more data samples than conventional methods. The proposed lab allows students to remotely test and debug their designs, bridging the gap between theory and practice in embedded system design.
Detecting and resolving feature envy through automated machine learning and m...IJECEIAES
Efficiently identifying and resolving code smells enhances software project quality. This paper presents a novel solution, utilizing automated machine learning (AutoML) techniques, to detect code smells and apply move method refactoring. By evaluating code metrics before and after refactoring, we assessed its impact on coupling, complexity, and cohesion. Key contributions of this research include a unique dataset for code smell classification and the development of models using AutoGluon for optimal performance. Furthermore, the study identifies the top 20 influential features in classifying feature envy, a well-known code smell, stemming from excessive reliance on external classes. We also explored how move method refactoring addresses feature envy, revealing reduced coupling and complexity, and improved cohesion, ultimately enhancing code quality. In summary, this research offers an empirical, data-driven approach, integrating AutoML and move method refactoring to optimize software project quality. Insights gained shed light on the benefits of refactoring on code quality and the significance of specific features in detecting feature envy. Future research can expand to explore additional refactoring techniques and a broader range of code metrics, advancing software engineering practices and standards.
Smart monitoring technique for solar cell systems using internet of things ba...IJECEIAES
Rapidly and remotely monitoring and receiving the solar cell systems status parameters, solar irradiance, temperature, and humidity, are critical issues in enhancement their efficiency. Hence, in the present article an improved smart prototype of internet of things (IoT) technique based on embedded system through NodeMCU ESP8266 (ESP-12E) was carried out experimentally. Three different regions at Egypt; Luxor, Cairo, and El-Beheira cities were chosen to study their solar irradiance profile, temperature, and humidity by the proposed IoT system. The monitoring data of solar irradiance, temperature, and humidity were live visualized directly by Ubidots through hypertext transfer protocol (HTTP) protocol. The measured solar power radiation in Luxor, Cairo, and El-Beheira ranged between 216-1000, 245-958, and 187-692 W/m 2 respectively during the solar day. The accuracy and rapidity of obtaining monitoring results using the proposed IoT system made it a strong candidate for application in monitoring solar cell systems. On the other hand, the obtained solar power radiation results of the three considered regions strongly candidate Luxor and Cairo as suitable places to build up a solar cells system station rather than El-Beheira.
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
KuberTENes Birthday Bash Guadalajara - K8sGPT first impressionsVictor Morales
K8sGPT is a tool that analyzes and diagnoses Kubernetes clusters. This presentation was used to share the requirements and dependencies to deploy K8sGPT in a local environment.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
Software Engineering and Project Management - Introduction, Modeling Concepts...Prakhyath Rai
Introduction, Modeling Concepts and Class Modeling: What is Object orientation? What is OO development? OO Themes; Evidence for usefulness of OO development; OO modeling history. Modeling
as Design technique: Modeling, abstraction, The Three models. Class Modeling: Object and Class Concept, Link and associations concepts, Generalization and Inheritance, A sample class model, Navigation of class models, and UML diagrams
Building the Analysis Models: Requirement Analysis, Analysis Model Approaches, Data modeling Concepts, Object Oriented Analysis, Scenario-Based Modeling, Flow-Oriented Modeling, class Based Modeling, Creating a Behavioral Model.
artificial intelligence and data science contents.pptxGauravCar
What is artificial intelligence? Artificial intelligence is the ability of a computer or computer-controlled robot to perform tasks that are commonly associated with the intellectual processes characteristic of humans, such as the ability to reason.
› ...
Artificial intelligence (AI) | Definitio
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...shadow0702a
This document serves as a comprehensive step-by-step guide on how to effectively use PyCharm for remote debugging of the Windows Subsystem for Linux (WSL) on a local Windows machine. It meticulously outlines several critical steps in the process, starting with the crucial task of enabling permissions, followed by the installation and configuration of WSL.
The guide then proceeds to explain how to set up the SSH service within the WSL environment, an integral part of the process. Alongside this, it also provides detailed instructions on how to modify the inbound rules of the Windows firewall to facilitate the process, ensuring that there are no connectivity issues that could potentially hinder the debugging process.
The document further emphasizes on the importance of checking the connection between the Windows and WSL environments, providing instructions on how to ensure that the connection is optimal and ready for remote debugging.
It also offers an in-depth guide on how to configure the WSL interpreter and files within the PyCharm environment. This is essential for ensuring that the debugging process is set up correctly and that the program can be run effectively within the WSL terminal.
Additionally, the document provides guidance on how to set up breakpoints for debugging, a fundamental aspect of the debugging process which allows the developer to stop the execution of their code at certain points and inspect their program at those stages.
Finally, the document concludes by providing a link to a reference blog. This blog offers additional information and guidance on configuring the remote Python interpreter in PyCharm, providing the reader with a well-rounded understanding of the process.
The CBC machine is a common diagnostic tool used by doctors to measure a patient's red blood cell count, white blood cell count and platelet count. The machine uses a small sample of the patient's blood, which is then placed into special tubes and analyzed. The results of the analysis are then displayed on a screen for the doctor to review. The CBC machine is an important tool for diagnosing various conditions, such as anemia, infection and leukemia. It can also help to monitor a patient's response to treatment.
Machine and deep learning techniques for detecting internet protocol version six attacks: a review
1. International Journal of Electrical and Computer Engineering (IJECE)
Vol. 13, No. 5, October 2023, pp. 5617~5631
ISSN: 2088-8708, DOI: 10.11591/ijece.v13i5.pp5617-5631 5617
Journal homepage: http://ijece.iaescore.com
Machine and deep learning techniques for detecting internet
protocol version six attacks: a review
Arkan Hammoodi Hasan Kabla1
, Mohammed Anbar1
, Shady Hamouda2
, Abdullah Ahmed
Bahashwan1
, Taief Alaa Al-Amiedy1
, Iznan Husainy Hasbullah1
, Serri Faisal2
1
National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, Penang, Malaysia
2
Department of Business Information Technology, Liwa College of Technology, Abu Dhabi, United Arab Emirates
Article Info ABSTRACT
Article history:
Received Jul 31, 2022
Revised Jan 27, 2023
Accepted Feb 10, 2023
The rapid development of information and communication technologies has
increased the demand for internet-facing devices that require publicly
accessible internet protocol (IP) addresses, resulting in the depletion of
internet protocol version 4 (IPv4) address space. As a result, internet
protocol version 6 (IPv6) was designed to address this issue. However, IPv6
is still not widely used because of security concerns. An intrusion detection
system (IDS) is one example of a security mechanism used to secure
networks. Lately, the use of machine learning (ML) or deep learning (DL)
detection models in IDSs is gaining popularity due to their ability to detect
threats on IPv6 networks accurately. However, there is an apparent lack of
studies that review ML and DL in IDS. Even the existing reviews of ML and
DL fail to compare those techniques. Thus, this paper comprehensively
elucidates ML and DL techniques and IPv6-based distributed denial of
service (DDoS) attacks. Additionally, this paper includes a qualitative
comparison with other related works. Moreover, this work also thoroughly
reviews the existing ML and DL-based IDSs for detecting IPv6 and IPv4
attacks. Lastly, researchers could use this review as a guide in the future to
improve their work on DL and ML-based IDS.
Keywords:
DDoS attacks
Deep learning
Intrusion detection system
IPv4
IPv6
Machine learning
This is an open access article under the CC BY-SA license.
Corresponding Author:
Mohammed Anbar
National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia
11800 USM, Penang, Malaysia
Email: anbar@usm.my
1. INTRODUCTION
The exponential growth of internet users and applications increases the demands for internet-facing
devices that require unique publicly accessible IP addresses, resulting in the internet protocol version 4
(IPv4) addresses pool being depleted. The main reason for this exponential growth is the proliferation of
numerous information and communication technologies (ICTs), such as cloud computing, the internet of
things (IoT), and wireless technology applications. As a result, internet protocol version 6 (IPv6) was
engineered and positioned as the next-generation IP to replace IPv4 in the future and solve the IPv4 address
exhaustion issue. According to Google IPv6 adoption data from January 17, 2022, 34.31% of Google users use the
IPv6 protocol [1].
One of the most critical protocols in IPv6 is the internet control message protocol version six
(ICMPv6). IPv6 cannot function without the service of ICMPv6, whose messages serve various critical
purposes. However, the ICMPv6 lacks a built-in authentication scheme, exposing its messages to exploitation
by attackers. Furthermore, IPv6 nodes do not validate ICMPv6 messages because they are assumed to be
2. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5617-5631
5618
inherently secure. As a result, all IPv6 nodes in any link-local network are vulnerable to ICMPv6-based
distributed denial of service (DDoS) attacks and exposed to spoofed ICMPv6 packets [2].
Even though IPv6 has more security protections than IPv4, it still has several exploitable
weaknesses and vulnerabilities that allow attackers to gain unauthorized access or flood the network with
massive traffic to deny users access to the required services. In addition, many unique IPv6 characteristics,
such as IPv6 multicast addresses, are exploited in many attacks. As a result, IPv6 security needs work as it
remains vulnerable to various threats, especially denial-of-service (DoS) and DDoS attacks, which are among
the most damaging. Intrusion detection systems (IDSs) are an efficient security tool for detecting attacks on
computer networks. However, IPv4-based IDSs cannot detect IPv6 attacks due to differences in the
protocol’s packet pattern and structure [3]. One solution is adapting machine learning (ML) or deep learning
(DL) detection models in IDS, allowing them to detect sophisticated IPv6 attacks in IPv6 networks
accurately. In addition, ML and DL techniques have shown impressive results in solving many problems in
other fields. As a result, they are becoming more popular among security researchers as a detection model to
detect different IPv6 attacks.
This paper has two-fold theoretical contributions: i) a comprehensive review of the IPv4 and IPv6
IDSs based on ML and DL algorithms, and ii) a qualitative comparison between this review study and
existing studies in terms of several author-defined metrics. The researchers working in the field related to DL
and ML-based IDS may refer to this review in the future as a guideline. This paper’s organization is as
follows: section 2 presents a qualitative comparison with the existing studies, followed by an overview of the
IPv6 protocol in section 3. Section 4 provides an overview of DoS and DDoS attacks. The overview of IDSs
and the review of the existing ML and DL-based IDS are discussed in section 5, followed by an in-depth
discussion of the current ML and DL-based IDS in section 6. Section 7 highlights the decisive differences
between DL and ML. Finally, section 8 concludes this research paper and suggests future research directions.
2. QUALITATIVE COMPARISON WITH EXISTING REVIEWS
The importance of improving cyber security mechanisms to detect or prevent cyber threats cannot
be overstated. An example of a defense system that detects network intrusion is IDS. IDS is deployable with
other security measures, such as authentication mechanisms or access control. Meanwhile, a large number of
ML and DL techniques have been adopted by IDSs, especially after ML techniques proved their efficiency
many years ago [4]. The application of neural networks has touched many aspects of our technological lives
for decades, such as facial, image, and voice recognition applications. Therefore, researchers are already
aware of how DL positively affects us, including its impact on cyber security. Unfortunately, most current works
utilize ML or DL for feature selection or classification, but little research has combined ML and DL techniques.
This section provides a qualitative comparison between this review study and existing review works on IDS for
detecting IPv6 DDoS attacks using ML and DL techniques.
A review by Kaur and Kakkar [5] investigated the use of ML techniques to detect DDoS attacks but
ignored DL techniques despite their use for DDoS attack detection. Meanwhile, Alamiedy et al. [6] reviewed
anomaly-based IDSs, focusing on the performance of the ML classifiers used by the IDS but also ignoring
DL-based ones. In addition, Aleesa et al. [7] systematically reviewed and analyzed most DL-based IDSs but
ignored the ML techniques. Moreover, Ferrag et al. [8] presented a survey of DL techniques utilized for
cyber security IDS and discussed some ML techniques.
Elejla et al. [9] presented an in-depth review that covered most of the ML techniques adopted for
ICMPv6-based DDoS detection, even though it does not cover DL. Aldweesh et al. [10] discussed and
compared DL-based IDSs in a systematic review and highlighted the efficiency of all the reviewed works in
terms of their accuracy (AC) but did not include ML-based IDS. Bahashwan et al. [11] reviewed IPv6 IDSs
for DoS and DDoS attacks detection covering ML and DL techniques, though only superficially since its
focus is on the new internet protocol, IPv6, and possible attacks. Hodo et al. [12] reviewed ML and DL-based
IDS, but not comparatively. A comparative follow-up study highlighting the similarities and differences of
different types of IDS could help other researchers decide the most suitable techniques for their needs.
Finally, Sharma et al. [13] reviewed some IDSs from earlier studies that utilized ML techniques. Table 1
summarizes the existing studies and shows how our work differs.
Table 1 shows that only Bahashwan et al. [11] reviewed some ML and DL techniques in IDSs.
Therefore, it is clear that there is an apparent lack of study that reviews both ML and DL’s adoption in IDS.
Moreover, even those covering ML and DL fail to compare the two techniques. However, our work differs
from the existing works since it provides i) a thorough review of the ML and DL techniques used in
signature-based IDS (SIDS) and anomaly-based IDS (AIDS), ii) an in-depth discussion and insight into
existing ML and DL techniques used in SIDS and AIDS, iii) association between the ML and DL techniques
with existing related works, and iv) the crucial differences between ML and DL techniques.
3. Int J Elec & Comp Eng ISSN: 2088-8708
Machine and deep learning techniques for detecting internet … (Arkan Hammoodi Hasan Kabla)
5619
Table 1. Qualitative comparison with existing reviews
Author
IPv6
review
IDS
classification
Security domain Techniques A comparison to
previous reviews
SIDS AIDS ML DL
Drewek-Ossowicka et al. [4] - ✓ ✓ - ✓ - ✓
Aldweesh et al. [10] - ✓ - ✓ - ✓ ✓
Aleesa et al. [7] - ✓ ✓ - - ✓ -
Bahashwan et al. [11] ✓ ✓ ✓ - ✓ ✓ -
Ferrag et al. [8] - ✓ - ✓ ✓ ✓ ✓
Alamiedy et al. [6] - ✓ - ✓ ✓ - -
Elejla et al. [9] ✓ ✓ - ✓ ✓ - ✓
Hodo et al. [12] - ✓ ✓ - ✓ - -
Sharma et al. [13] - - ✓ - ✓ - -
Kaur and Kakkar [5] - - ✓ - ✓ - -
This Review ✓ ✓ ✓ ✓ ✓ ✓ ✓
3. OVERVIEW OF IPv6
IPv6 is a network layer protocol that follows the OSI model standard. However, the IPv6 design
differs from the IPv4 in terms of address size (32-bit vs. 128-bit), packet header format, address format, and
other features, such as mobility, handling the quality of service whenever required, and end-to-end
connectivity, which outperforms the IPv4. Besides, some levels of enhanced security in IPv6 are built into
the IPv6 stack, such as the internet protocol security (IPSec) protocol support, unlike IPv4. Unfortunately,
IPv6 is still vulnerable to attacks even with the new features.
Nevertheless, due to the much larger address space, probing all IPv6 addresses in the network is
impractical for attackers compared to IPv4. However, attackers can leverage some specific IPv6 features for
exploitation. For example, sending a spoofed packet to the all-router multicast group (FF02::2) allows attackers to
discover routers in the network since all routers will respond with a reply, which exposes their presence [11].
IPv6 introduces two new essential protocols, ICMPv6 and neighbor discovery protocol (NDP). ICMPv6
messages consist of error messages and information messages. ICMPv6 error messages’ codes range from 1 to
127, and ICMPv6 information messages’ codes range from 128 to 255. The NDP, a subset of ICMPv6, depends on
five ICMPv6 information messages for its operation. ICMPv6 is a mandatory part of the IPv6 protocol responsible
for many crucial functions, including enabling IPv6 nodes in an IPv6 network to discover their neighbors via the
duplicate address detection (DAD) process. DAD is vital to the Stateless address auto-configuration (SLAAC)
function, allowing IPv6 nodes to assign unique IPv6 addresses to their network interfaces. Additionally, it supports
other crucial features, such as address resolution and identifying the path maximum transmission unit (PMTU).
Regrettably, these core features prioritize functionality over security, resulting in adversaries being able to easily
perform DoS and DDoS attacks by exploiting the ICMPv6 messages [14].
4. OVERVIEW OF DoS AND DDoS
DoS and DDoS flooding attacks are the most common attacks on IPv6 and IPv4 networks, which
could have a destructive impact on the networks. Attackers typically gain control of some infected nodes
(called bots) within the local network first before executing DoS or DDoS attacks. Attackers inject a large
amount of malicious traffic into the network or send them toward the targeted victim until all available network
bandwidth or the victim’s computational resources are consumed. In addition, attackers may also inundate the
network with spoofed packets from multiple infected nodes to flood the victims’ network and servers. The
significant difference between a DoS and a DDoS is that the former is triggered from a single source, while the
latter involves multiple sources. Figure 1 (see in appendix) illustrates the difference between DDoS and DoS
attacks.
5. INTRUSION DETECTION SYSTEMS
Anomaly-based techniques are the most efficient for building sophisticated IDS models by
automating the process and creating a practical detection system while reducing human intervention and
efforts [15], [16]. In addition, those AIDSs build a robust model by monitoring traffic behaviors based on
packet features. In anomaly-based techniques, the classification is based on heuristics or rules rather than
patterns or signatures and attempts to detect any abnormality that falls out of regular system operation [17].
The IDS must be strategically placed in the network to detect attacks by collecting and monitoring network
traffic. After collecting network data and monitoring the traffic, the IDS will analyze the packets to detect
possible threats. Researchers have formulated two different classifications of the IDS model: SIDS and
AIDS [18]. SIDS depends on a pre-defined signatures database [19], making it unable to identify attacks
4. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5617-5631
5620
without matching signatures [6]. Therefore, detecting zero-day attacks is impossible for SIDS without the
pre-defined signatures in its database [20]. On the other hand, unlike the signature-based model, AIDS does
not rely on a pre-defined signatures database but detects the anomalies in the network traffic behaviors [21].
AIDS detects unknown attacks from the anomaly in the network traffic behavior [9]. AIDS could
either be programmed or self-learning. Developing a self-learning AIDS involves creating a model for the
basic processes using the assigned network traffic aggregated over a specified duration [22]. At the same
time, the programmed IDS model works in a system that requires an admin or third party to train the model
to detect behavioral changes. In other words, the user is the one that defines the acceptable level for the
system’s abnormal behavior [23]. Table 2 shows the differences between SIDS and AIDS. There are many
techniques employed in AIDS, but ML and DL techniques are among the most efficient and widely used to
detect attacks in IPv4 and IPv6 networks. Therefore, this work focuses on the review of AIDS based on ML
and DL techniques.
Table 2. Advantages and disadvantages of SIDS vs. AIDS
SIDS AIDS
Advantages
It efficiently detects known attacks. It efficiently detects zero-day attacks.
It is easy to implement, deploy, and update. Allow for the detection of privilege abuse.
For known attacks, the false positive rate (FPR) is low. Operating system (OS) agnostic.
High detection AC and low false alarm rate (FAR).
Disadvantages
Unable to detect new attacks “zero-day.” It is challenging to stay alert at the right time.
It is challenging to keep attack patterns up to date. There is unavailability when behavior profiles are being rebuilt (retrained).
Keeping track of attack patterns takes much time.
5.1. ML-based IDS
Most researchers utilize ML for two primary purposes. First, feature selection reduces the chosen
dataset’s dimensionality. Second, classifying data as normal or abnormal [16]. ML techniques can detect
abnormal attributes within a specified time interval and efficiently distinguish normal and abnormal traffic
without human intervention [24], [25]. The following subsections discuss the most common ML techniques
adopted in IDS, including some state-of-the-art IDSs that adopted these ML techniques. Figure 2 illustrates
the ML-based IDSs techniques used in the reviewed studies.
Figure 2. Taxonomy of machine learning techniques
5.1.1. Naïve Bayes
Naïve Bayes (NB) is the most straightforward technique for building classifiers based on Bayesian
networks to execute the classification process. First, the classifiers specify class labels into problem cases;
then represent feature values’ vectors. Finally, the class labels will be drawn depending on specific sets [12].
The following are some approaches that employ NB techniques in their systems.
Fadlil et al. [26] proposed a DDoS attack detection approach by statistically analyzing network
traffic using NB, achieving significant results in detecting DDoS attacks before it happens. Their approach
works by finding network packets’ average and standard deviation. Another group of researchers led by
Vijayasarathy et al. [27] also used the NB classifier for DDoS attack detection. They had done network
5. Int J Elec & Comp Eng ISSN: 2088-8708
Machine and deep learning techniques for detecting internet … (Arkan Hammoodi Hasan Kabla)
5621
modeling for transmission control protocol (TCP) and user datagram protocol (UDP) protocols, achieving a
very high detection AC for TCP and UDP-based attacks of 98.6% and 99.5%, respectively.
Salih et al. [28] proposed an NB-based approach to detect IPv6 covert channels used by adversaries
to circumvent detection by firewalls or IDS. Adversaries create covert channels by sending malicious data to
the target using unused flags or bits. The proposed approach used ten extracted features from the traffic in the
classification stage: flow label, traffic class, hop limit, source addresses, payload length, ICMPv6 code,
ICMPv6 type, ICMPv6 payload, next header, and reserve bit. The authors evaluated their proposed approach
using a self-generated dataset and several attacking tools, achieving 94.55% detection accuracy. The high AC
is due to the features used related to the targeted attacks. However, this research only detects IPv6 covert
channels and does not include DoS and DDoS attacks.
5.1.2. Support vector machine (SVM)
Sain [29] developed the SVM algorithm at AT&T Bell Laboratories in the early 90s. Since then, it
has been widely used in network security to detect DDoS attacks with satisfactory results. Consequently, it
attracted the attention of many researchers, especially those working with ML-based IDS, for its
classification and regression performance [30]. First, the SVM method constructs a set of training examples;
then classifies everything into two categories. Finally, it generates a prediction model to classify new samples
into one of the two categories.
Many mechanisms utilize the SVM technique in their systems. Subbulakshmi et al. [31] created a
dataset comprising DDoS attack traffic. Then, the authors worked on detecting the attacks using enhanced
SVM (ESVM), followed by detecting the attacks into different classes using the enhanced multi-class SVM
(EMCSVM). Then, SVM evaluates the activity of EMCSVM. Meanwhile, [32] used the SVM classification
algorithms to build a DDoS attack detection model, achieving an average AC rate of 95.24% by utilizing
only a small amount of collected flows.
Zulkiflee et al. [33] utilized SVM to detect several IPv6 attacks by identifying a set of features most
relevant to the attacks they wish to detect, such as the flood router attack. Flood router attack is a type of DoS
flooding attack that exploits ICMPv6 RA messages. They detect this attack using a set of five features: Src
IP, Src Port, Dst Port, time interval, and protocol. Then, using these features, the SVM algorithm was applied
to a real-world traffic dataset to detect the attacks, achieving an average detection AC rate of 99.95%,
indicating that SVM is a good classifier and the strength of the chosen features. Meanwhile, Anbar et al. [3]
performed feature selection using principal component analysis (PCA) and Information gain ratio (IGR) in
their proposed technique. Then, they used an SVM-based predictor model to detect RA flooding attacks,
achieving a 98.55% detection AC and only 3.3% FPR using a realistic dataset, indicating their proposed
technique’s effectiveness in RA flooding attack detection.
5.1.3. Decision tree (DT)
The DT algorithm is a simple technique but one of the most commonly used ML and data mining
techniques. Its ability to perform decision analysis [12] makes it suitable as a protective mechanism to
observe a category and conclude the category-targeted value. Also, it can represent decisions and make a
decision explicitly. This algorithm relies on a learned dataset whenever new data needs to be classified. In
other words, it classifies data according to the previously learned dataset [34]. Several mechanisms make use
of the DT technique in their systems. For example, Zekri et al. [35] designed a DT-based model for detecting
DDoS flooding attacks automatically and effectively using their attack signatures. They used this and the
C4.5 algorithms to reduce DDoS attacks, achieving an ideal classification with 98.8% accuracy. Also,
another mechanism by Pydipalli et al. [36] can learn DDoS attack patterns using both signature-based and
anomaly-based detection approaches to reap the benefit of both. After the pre-processing step, they
performed the training set classification using the C4.5 DT algorithm, achieving a high AC rate of 99.93% in
detecting DDoS attacks.
5.1.4. Artificial neural network (ANN)
In 1943, McCulloc and Pitts introduced a set of simple neurons in an ANN to perform
computational tasks. The neurons behave like biological networks by replicating the biological neurons’
functionality [37]. Afterward, researchers develop neural networks for decision-making applications, such as
real-time cyber-attack detection. For example, Saad et al. [38] employed the back-propagation neural
network (BPNN) algorithm, an ML technique, for DDoS attack detection in IPv6 networks. They first ranked
and selected a set of features using IGR and PCA before applying BPNN. After using 80% of the dataset for
BPNN training, they used the remaining dataset for testing, achieving 98.3% detection AC. In addition, seven
researchers led by Hodo et al. [39] used ANN to design a paradigm to analyze threats in IoT network traffic,
focusing on classifications of legitimate threat patterns on IoT networks and achieving a very high detection
AC of 99.4%.
6. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5617-5631
5622
5.1.5. K-mean clustering
K-mean clustering is a technique to group a dataset into K groups. This algorithm determines
K initial cluster centers in a dataset and then refines them by each case joining its closest cluster center. After
that, each cluster center updates its cases’ average [12]. Several approaches employ the K-mean clustering
technique in their systems. For example, Hao et al. [40] created a detection model to detect DDoS attacks of
undetermined sessions, achieving efficient detection rates (DRs) of DDoS attacks with a reasonable AC rate
of 86%. Additionally, Putri et al. [41] used the clustering algorithm of K-means in their proposed approach to
detect DDoS attacks, achieving a high AC rate of 97.83% and a DR of 98.63%. Promisingly, on WEKA
tools, the obtained results are higher for both AC rate (99.69%) and DR (99.01%).
5.1.6. Fuzzy logic (FL)
The FL technique is derived from fuzzy set theory, which deals with approximation rather than
precision based on the traditional predicate logic [12]. One of the attractive features of this technique is the
handling of real-life uncertainty, making anomaly detection more efficient. Several works use FL algorithms
in their systems. For example, Iyengar et al. [42] designed a fuzzy logic model based on pre-defined rules
that recognize malicious DDoS packets from regular traffic and then perform suitable procedures to mitigate
them. In addition, Balarengadurai and Saraswathi [43] used the FL algorithm to create a mechanism to detect
and predict DDoS attacks in IEEE 802.15.4 environment. Their fuzzy-based detection and prediction system
(FBDPS) mitigates DDoS attacks by checking each sensor node’s energy consumption. FBDPS classifies a
node as malicious if it consumes an abnormal amount of energy. Moreover, FBDPS can differentiate DDoS
attack types based on the malicious node’s energy consumption rate.
Yao et al. [44] proposed an anomaly-based detection algorithm using the fuzzy technique to detect
NDP-based attacks. The evaluation results using real-world network data from the CERNET2 backbone
revealed that the approach could detect attacks with high detection AC and low false rates. However, the
dataset’s malicious and normal traffic data were from two different sources that might produce a biased
result. Meanwhile, Saad et al. [45] developed an approach based on fuzzy techniques for detecting ICMPv6 echo
flooding attacks with high AC and low root means square error (0.26). They evaluated their proposed approach using
a real-world dataset comprising 2,000 normal and abnormal network traffic records. However, the work lacks
important data, such as information on the testbed, attacking tools, false alarm rate, and detection AC.
5.1.7. Genetic algorithms (GA)
Genetic algorithm is based on evolutionary principles and is one of the most used ML techniques,
utilizing biological evaluation to solve different optimization problems [46]. A normal behavior profile is
created as a baseline to learn from and compare with unknown patterns to make decisions using a genetic
strategy. Many IDS use this algorithm to develop the rules to detect attack patterns.
Many researchers utilize GA in their systems, like Chaudhary and Shrimal [47], who used GA in
their proposed model to detect DDoS attacks in mobile ad-hoc networks (MANETs), achieving an 85% DR,
an acceptable result for detecting DDoS attacks. Meanwhile, Mizukoshi and Munetomo [48] utilized GA to
design a scalable real-time traffic analysis model to detect dan prevent DDoS attacks on a distributed Hadoop
infrastructure, achieving outstanding results on the WITZ (96%) and DARPA (98%) datasets. However, the
authors only measured the accuracy, not other evaluation metrics like recall, precision, and the F1-Score.
Table 3 summarizes the related works on ML-based IDS.
5.2. DL-based IDS
This section describes DL-based IDS. DL is an advanced branch of ML in the learning process since
it mimics multiple layers of neurons [49]. Figure 3 illustrates the two main classes of DL-based techniques.
As shown in Figure 3, there are two types of DL techniques. First, the generative architecture (or
unsupervised) represents the given systems in a graphical representation. These visual models depict
dependence for distribution. These graphs consist of nodes and arcs. The nodes represent random variables,
while arcs represent the relationship between nodes with millions of parameters [50]. Then, the common
statistical distribution represents the products of the nodes and their related variables [51]. Also, hidden
variables cannot be observed in the graphical models. The training of generative models does not depend on
the labels of data. Instead, these models go through a pre-training stage (unsupervised learning) for
classification purposes. The lower layers have been trained separately from the other layers through a pre-
training stage, allowing the different layers to be trained layer by layer from bottom to up. After that, all the
other layers will be trained after pre-training. The generative architecture has four sub-classes: Recurrent
neural network (RNN), deep Boltzmann machine (DBM), deep auto-encoder (DAE), and deep belief
networks (DBN). The second type of DL is discriminative architecture (DA). This architecture classification
depends on the discriminative power by characterizing the posterior distributions of conditioned classes from
7. Int J Elec & Comp Eng ISSN: 2088-8708
Machine and deep learning techniques for detecting internet … (Arkan Hammoodi Hasan Kabla)
5623
the input data [12]. The discriminative architecture has two sub-classes: RNN and convolutional neural
network (CNN). The following subsections provide more details for these sub-classes with related works.
Table 3. Summary of literature on ML-based IDS
Article Technique Dataset
used
Protocol
(IPv4/IPv6)
Detection
accuracy
Other performance
metrics
Limitations
Fadlil et al.
[26]
NB Own collected
dataset
IPv4 - - The authors did not report any results.
Vijayasarathy
et al. [27]
NB DARPA, SETS IPv4 98.6% FAR, Miss Rate Test limitations negated the authors’
claim that the system could work at
line speeds. Meanwhile, the evaluation
only used a limited number of dataset
samples.
Salih et al.
[28]
NB Own collected
dataset
IPv6 94.55% false negative rate
(FNR), true positive
rate (TPR)
This research lacks other types of IPv6
attacks, such as DoS and DDoS.
SVM Own collected
dataset
IPv4 45%,
64%,
86%
AC The achieved accuracy rates are not
the highest.
Subbulakshmi
et al. [31]
SVM Own collected
dataset
IPv4 96.83%,
95.24%,
93.65%
FAR The authors only collected a small
amount of flow to evaluate their
approach. The authors limited their
work by not comprehensively
simulating the normal data flow.
Ye et al. [32] SVM Own collected
dataset
IPv6 99.95% Detection AC, FAR Limited to RA flooding DoS attack
detection.
Zulkiflee
et al. [33]
SVM Own collected
dataset
IPv6 98.55% FAR, detection AC Limited to RA flooding DoS attack
detection.
Anbar et al.
[3]
DT/C4.5 Own collected
dataset
IPv4 98.8% True positive (TP), false
positive (FP), true
negative (TN), false
negative (FN), F-measure
The dataset used was not presented
clearly.
Zekri et al.
[35]
DT/C4.5 CICIDS2017 IPv4 99.93% Time taken to build a model,
Kappa Statistic, mean
absolute error (MAE), root
mean squared error (RMSE)
The authors used a random and small
subset of data from the CICIDS2017
dataset, i.e., not using all the available
data. The use of the small evaluation
dataset made the approach’s
performance unrealistic.
Pydipalli et al
[36]
BPNN Own collected
dataset
IPv6 98.3% AC Limited to ICMPv6 echo request DDoS
Flooding attack.
Saad et al.
[38]
ANN Own collected
IoT dataset
IPv4 99.4% AC The proposed approach was trained
with a small set of only 2,313
samples.
Hodo et al.
[39]
K-mean
Clustering
Vast Challenge
2013: Mini-
Challenge 3
IPv4 86% AC The detection accuracy is low
compared to other approaches.
Hao et al.
[40]
K-mean
Clustering
ISCX IPv4 99.69% TP, FP, TN, False
Alarm.
The used dataset has an imbalanced
class problem.
Putri et al.
[41]
FL - IPv4 86.9% Sensitivity, specificity,
precision, FPR, FNR
There is no information about the used
dataset. In addition, the achieved
accuracy rate is low compared to other
approaches.
Balarengadurai
and Saraswathi
[43]
FL Own generated
dataset by NS2
IPv4 99.75% TPR, FPR. The simulation dataset was collected
in a very short time. Although this
approach was proposed to deal with
big data from the cloud traffic, there is
no feature engineering.
Yao et al.
[44]
FL CERNET2 IPv6 - - The authors did not disclose essential
facts about the studies and outcomes.
Also, the malicious and normal traffic of
the used dataset was generated from two
different sources, which could result in a
biased outcome.
Saad et al.
[45]
FL Own generated
dataset
IPv6 - - The authors did not disclose details on
the experiments and results, such as
attacking tools, testbed used, false
alarms, and detection accuracy.
Chaudhary and
Shrimal [47]
GA Own collected
dataset by
Qualnet
IPv4 85% FPR Compared to others, many approaches
could achieve a higher detection rate.
Additionally, this approach can detect
only one attack in MANETs.
Mizukoshi and
Munetomo
[48]
GA DARPA, WITZ IPv4 98% FPR, FNR The authors did not include reliable
metrics like recall, precision, and F1-
Score.
8. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5617-5631
5624
Figure 3. Taxonomy of deep learning techniques
5.2.1. Recurrent neural network
The RNN model is an architecture type with a feedback loop that links layer by layer and stores the
last input’s data to increase the reliability of the model [18]. This sub-class of deep generative networks can
either be unsupervised or supervised. RNN has two types of architecture: i) Jordan RNN, like a feedback
loop, connecting all neurons within one layer to the next, and ii) Elman RNN, which only has superficial
feedback looping layer by layer. Due to its ability to store information [52], RNN can train with fewer input
vectors but can still accurately classify normal and abnormal patterns. RNN can be trained as a discriminative
model by pre-segmenting the training data and post-processing the output to transform it into labeled data.
RNN uses its discriminative power for classification when the output is explicitly labeled with data in
sequence with the input data sequence.
Several researchers use the RNN approach in their systems. For example, Kim et al. [53] utilized
RNN with a long-short-term memory (RNN-LSTM) architecture to train IDS using KDD Cup ’99, achieving
higher accuracy and DRs than other IDS classifiers, i.e., 93% AC and 98.88% DR. Meanwhile, Tang et al.
[52] utilized RNN for IDS in software define networking (SDN)-based networks, achieving an 89% detection
accuracy using their proposed gated recurrent unit-RNN (GRU-RNN) when tested on the NSL-KDD dataset.
Elejla et al. [54] proposed an approach to detect ICMPv6 DDoS flooding attacks using RNN, gated recurrent
unit (GRU), and LSTM. They used an ensemble feature technique to select the significant features to detect
ICMPv6 DDoS flooding attacks. In addition, the selected features were used as the input to train the DL
training model (e.g., RNN, GRU, and LSTM). The authors used a synthetic dataset to evaluate their proposed
technique and showed that LSTM outperformed the other two DL models in AC, recall, precision, and FPR.
5.2.2. Deep auto-encoder
The DAE is a generative model with several forms, including denoising and stacked
auto-encoders [55]. It is also known as a “deep auto-encoder” because its model has multiple hidden layers.
Generally, it has an input layer representing the sample data and two or more hidden layers to transform the
features and map them into the output layer where the features would be reconstructed. Auto-encoder training
results in a “bottleneck” structure because the hidden layer is more restricted than the input layer [56]. The
following methods employ the DAE technique in their systems. Abolhasanzadeh et al. [57] proposed an
approach based on a DAE to detect IPv4-based attacks by applying bottleneck features to reduce the big data
dimensionality, increasing the efficiency of intrusion detection. The authors used the NSL-KDD dataset for
evaluation, achieving good AC for real-world intrusion detection. In addition, Farahnakian and Heikkonen
[58] proposed a DAE-based IDS and tested it using the KDD Cup ’99 dataset, achieving significantly
improved AC (96.53%) and DR (95.65%). Ujjan et al. [59] proposed sFlow and adaptive polling-based
sampling with Snort IDS and a DL-based model to detect various DDoS attacks inside IoT networks with a
very high detection AC of 95%. Meanwhile, Asad et al. [60] proposed a detection mechanism based on DNN
that employs feed-forward back-propagation for accurate DDoS attack detection, achieving a very high
detection AC of 98%.
5.2.3. Deep Boltzmann machine
The DBM is one of the generative architectures derived from the general (BM) machine. It is
regarded as a good classifier when a substantial amount of unlabeled data is involved in training, followed by
fine-tuning with labeled data. Although the DBM’s units on the same layer are unconnected, there is a
connection between the input and the hidden units, making DBM a unidirectional graphical model. Classic
BM has a network of units based on arbitrary decisions to identify whether the states are off or on [55].
9. Int J Elec & Comp Eng ISSN: 2088-8708
Machine and deep learning techniques for detecting internet … (Arkan Hammoodi Hasan Kabla)
5625
However, BM is time-consuming to train as it is a slow-processing algorithm. Reducing the DBM’s hidden
layers to a single layer result in a restricted Boltzmann machine (RBM). Many researchers use DBM in their
systems. For example, Elsaeidy et al. [30] utilized deep RBM to extract effective and significant high-level
features for detecting different DDoS attacks. Also, Imamverdiyev et al. [61] utilized the deep RBM model
in their proposed DoS detection method tested on the NSL-KDD dataset.
5.2.4. Deep belief networks
DBN are created by stacking DBM with one or more hidden layers. The ability to learn training
data’s joint probability distribution without using labeled data puts the DBN in the generative probabilistic
model category [12]. DBN can construct the models using either unsupervised pre-training or supervised
fine-tuning techniques. The training aims to learn the weights between layers. Several works employed the
DBN technique in the systems. For example, Xin and Wang [62] utilized the DBN algorithm to select the
features layer by layer to reduce the dimensionality of features. Although the DBN is an unsupervised
learning algorithm, it is more suited for use with a large amount of unlabeled data, making it a practical
algorithm for network intrusion detection, as shown by the experimental results. Additionally, Alom et al.
[63] utilized the DBN in their intrusion detection, achieving 97.5% AC in detecting and classifying attacks
using the NSL-KDD dataset.
5.2.5. Convolutional neural network
CNN is a deep learning neural network for processing structured arrays of data such as images and
is widely used in computer vision. Many applications based on natural language processing successfully use
CNN [64]. Training the CNN is more straightforward than other connected networks since it has fewer
parameters with a similar quantity of hidden units [63]. More clearly, CNN is biologically inspired and has a
multi-layer perceptron. CNN architecture comprises the convolutional layer, the max-pooling (gathering)
layer, and the fully connected layer. The max-pooling layer should follow each convolutional layer.
Moreover, the last stage comprises many stacked max-pooling and convolutional layers in a neural network
to create a fully-connected layer in a non-linear fashion [65].
Many researchers employ CNN in their systems. For example, Fan and Ling-zhi [66] used KDD
Cup 99 to test their proposed CNN-based model, achieving a high DR of 97.7%. Meanwhile, Teyou and
Ziazet [67] proposed an effective and flexible network-IDS (NIDS) that adopted CNN and tested with the
NSL-KDD dataset, achieving a high detection rate of 99.97%. Also, Haider et al. [68] proposed a DL-based
CNN ensemble solution to detect DDoS attacks in an SDN environment, achieving a high attack detection
AC of 99.48%. Moreover, Liu et al. [69] implemented DL models in their proposed end-to-end attack
detection approach that analyzes the payloads. Their proposed CNN-based payload classification approach
(PL-CNN) and RNN-based payload classification approach (PL-RNN) for attack detection achieved 99.36%
and 99.98% detection AC, respectively, when tested on the DARPA1998 dataset. This paper
comprehensively covers the two main architectures of DL, generative architectures and discriminative
architectures. Lately, many researchers have shown interest in utilizing DL techniques in IDS. Table 4 (see in
appendix) summarizes the related work on DDoS IDS utilizing DL techniques.
6. DISCUSSION
The different protocol structure of IPv4 and IPv6 makes it almost impossible to create a generalized
AIDS that concurrently detects both IPv4 and IPv6-based attacks. However, as shown in Tables 3 and 4,
several AIDS have been proposed based on ML and DL techniques. Table 3 presents 19 ML-based AIDS,
and the majority (13) are for IPv4 networks. SVM and FL algorithms are the two commonly used algorithms
for detecting IPv4 and IPv6-based attacks. Meanwhile, the highest detection AC achieved by ML-based
AIDSs for IPv4-based attacks is 99.93% (using a DT) and 99.95% for IPv6-based attacks (using SVM).
At the same time, the lowest detection AC is 85% (using GA) and 94.55% (using NB) for IPv4 and IPv6,
respectively. As for DL-based AIDS, Table 4 lists five proposed DL-based AIDS, but all five are for
detecting IPv4 DDoS attacks. DBN is the most common DL algorithm used in AIDS to detect IPv4-based
attacks, even though it achieved the lowest detection AC (73%) compared to CNN, which has the best
detection AC for DL-based AIDSs (99.98%). However, it is worth noting that researchers typically evaluated
their ML or DL-based AIDSs using self-generated datasets.
7. DIFFERENCES BETWEEN ML AND DL
ML and DL techniques are the best methods to build IDS detection models since they can reduce
human efforts [16]. However, if it involves training a massive amount of network traffic from a high-speed
network, DL-based IDS is the best choice [4]. Several key differences between ML and DL include
10. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5617-5631
5626
structuring, model building duration, computational complexity, effectiveness in dealing with big data, and
evaluation metrics, such as detection AC and dimensionality reduction quality. Highlighting these differences
would help researchers select the most appropriate technique. Table 5 shows the differences between ML and
DL, which could serve as a quick reference for researchers in the field.
Table 5. Differences between the ML and DL
No. Machine learning Deep learning
1. ML is a subset of artificial intelligence. DL is a subset of ML.
2. ML achieved high accuracy and detection rate with small data. DL achieved high accuracy and detection rate with big data.
3. Faster to train a model. Computationally intensive.
4. ML requires more human involvement and effort. DL requires less human involvement and effort.
5. It requires trying different features and classifiers to obtain the
best results.
It automatically learns features and classifiers.
6. Usually, the output is a numerical value like a score. The output can vary from a score, an element, or text.
7. The input of ML algorithms should be in numerical form. The input to the DL algorithms could be text, photo, sound,
video, and signals.
8. It requires a shorter time to build a model. Require a longer time to build and train the model.
9. Suitable for thousands of data points. Suitable for big data, i.e., millions of data points.
10. Less scalability. Higher scalability.
11. ML has a low dependency on hardware computational resources. DL is highly dependent and has a high consumption of
hardware computational resources.
12. ML has learning limitations. DL has no theoretical limit to what it can learn.
8. CONCLUSION AND FUTURE RESEARCH DIRECTIONS
ML and DL techniques have shown impressive results in solving problems in many research
domains, including cybersecurity. Many researchers have adapted ML and DL techniques in AIDS to detect
different IPv4 and IPv6-based attacks with high accuracy. Generally, ML and DL techniques are used as
classifiers or for feature selection. However, some researchers use ML and DL techniques for both. This
paper provides a qualitative comparison that benchmarks this review study with the existing studies. The
benchmark reveals a lack of review studies on ML and DL used in AIDS. In addition, this paper presented a
comprehensive review of the adaption of ML and DL techniques in AIDS for detecting IPv4 and IPv6
attacks, such as DoS and DDoS flooding attacks.
Moreover, this study revealed that ML and DL techniques significantly contribute to accurately
detecting IPv4 and IPv6 attacks. However, ML techniques are more prevalent in IDS compared to DL
techniques. Therefore, it is recommended that a review of ML and DL-based AIDS to detect attacks on SDN
and IoT networks is conducted in the future. In addition, other techniques used in AIDS, such as statistical,
rule-based, and information theory-based techniques, can also be reviewed. Finally, any literature studies on
AIDS in the future should also include evaluation metrics based on detection AC, speed, and time since they
are critical for evaluating detection techniques’ performance.
APPENDIX
Figure 1. Visual representation of DDoS and DoS attacks architecture
11. Int J Elec & Comp Eng ISSN: 2088-8708
Machine and deep learning techniques for detecting internet … (Arkan Hammoodi Hasan Kabla)
5627
Table 4. Summary of literature on DL-based IDS
Article Technique Dataset
used
Protocol
(IPv4/IPv6)
Detection
accuracy
Other
performance
metrics
Limitations
Kim et al. [53] RNN KDD CUP 99 IPv4 96.93% FAR The authors evaluated their approach
by using an old dataset from 1999.
This model directly implements
LSTM-RNN after collecting samples
from the old dataset, i.e., there are no
contributions to building an accurate
and effective IDS model.
Elejla et al. [54] RNN NSL-KDD IPv4 89% TP, FP, TN,
FN
The used dataset has a vast number of
redundant records. In addition, other
IDS can achieve higher accuracy
rates.
Abolhasanzadeh
et al. [57]
DAE Own
collected.
dataset
IPv4 95.06% AC The used dataset has many redundant
records.
The authors directly applied an
autoencoder on an old dataset without
pre-stages to construct a solid
detection model.
Farahnakian and
Heikkonen [58]
DAE KDD CUP 99 IPv4 96.53% FAR, TP The authors evaluated their approach
by using an old dataset from 1999.
In addition, there is no feature
engineering that might improve the
effectiveness of IDS.
Subbulakshmi
et al. [31]
DBM Self-generated
dataset
IPv4 - F-measure There is no explanation of the
achieved accuracy. Also, the authors
evaluated their proposed approach
with a few evaluation metrics.
Imamverdiyev
and Abdullayeva
[61]
DBM NSL-KDD IPv4 73% F-measure,
G-mean,
Precision,
recall,
sensitivity,
specificity,
TN, TP
The used dataset has a limitation of a
vast number of redundant records.
In addition, compared to other
approaches, the achieved accuracy
rate is not high enough to build an
effective detection approach.
Xin and Wang
[62]
DBN KDD CUP99 IPv4 97.82% TPR,
FNR
DBN algorithm is more suitable for
selecting features from many
unlabeled data, but the authors
utilized an old, labeled dataset.
Alom et al. [63] DBN NSL-KDD IPv4 97.5% AC The dataset has many redundant
records. Therefore, this approach
seems like a direct implementation of
DBN on the old dataset. In addition,
there are no more evaluation metrics.
The authors evaluated their approach
by using an old dataset from 1999.
Fan and Ling-zhi
[66]
CNN KDD CUP 99 IPv4 97.7% FAR They used this DL algorithm only for
feature extraction, not classification
purposes.
Mohammadpour
et al. [67]
CNN NSL-KDD IPv4 99.97% F-measure The dataset has many redundant
records. In addition, there are no
more evaluation metrics for this
work. Also, this work is relatively
new but features engineering is
missing.
Teyou and Ziazet
et al. [68]
CNN ISCX 2017 IPv4 99.48% Precision,
Recall,
F-score, FPR,
FNR
No details about the methodology
were provided. It seems like a direct
implementation of CNN on the
selected dataset.
Liu et al. [69] CNN and
RNN
DARPA 1998 IPv4 99.36 %,
99.98%
Precision,
Recall,
F-measure
The dataset is not comprehensive, as
it only comprises IPv4-based attacks.
Liu et al. [69] DNNs CICIDS 2017 IPv4 98% F-measure,
receiver
operating
characteristics
(ROC)-curve
The detection of this work is based on
pre-defined patterns of DDoS attacks,
i.e., it cannot detect unknown attacks.
Elejla et al. [54] RNN, GRU,
and LSTM
Self-generate
dataset
IPv6 98.31% Recall,
Precision,
FPR, TPR,
FNR, ROC
The RNN model has a low detection
AC (92%) and a high FPR.
12. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5617-5631
5628
ACKNOWLEDGEMENTS
Universiti Sains Malaysia supported this work under an external grant (Grant Number
304/PNAV/650958/U154).
REFERENCES
[1] “IPv6 – Google,” Google, https://www.google.com/intl/en/ipv6/statistics.html#tab=ipv6-adoption (accessed Apr. 09, 2020).
[2] A. A. Bahashwan, M. Anbar, I. H. Hasbullah, Z. R. Alashhab, and A. Bin-Salem, “Flow-based approach to detect abnormal
behavior in neighbor discovery protocol (NDP),” IEEE Access, vol. 9, pp. 45512–45526, 2021, doi:
10.1109/ACCESS.2021.3066630.
[3] M. Anbar, R. Abdullah, B. N. Al-Tamimi, and A. Hussain, “A machine learning approach to detect router advertisement flooding
attacks in next-generation IPv6 networks,” Cognitive Computation, vol. 10, no. 2, pp. 201–214, Apr. 2018, doi: 10.1007/s12559-
017-9519-8.
[4] A. Drewek-Ossowicka, M. Pietrołaj, and J. Rumiński, “A survey of neural networks usage for intrusion detection
systems,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 1, pp. 497–514, 2021,
doi: 10.1007/s12652-020-02014-x.
[5] K. Kaur and P. Kakkar, “A review on various machine learning techniques for the detection of DDoS attacks,” International
Journal of Innovative Research in Science, Engineering and Technology, vol. 5, no. 9, 2016, doi:
10.15680/IJIRSET.2016.0509100.
[6] T. A. Alamiedy, M. Anbar, A. K. Al-Ani, B. N. Al-Tamimi, and N. Faleh, “Review on feature selection algorithms for anomaly-
based intrusion detection system,” in Recent Trends in Data Science and Soft Computing, 2019, pp. 605–619.
[7] A. M. Aleesa, B. B. Zaidan, A. A. Zaidan, and N. M. Sahar, “Review of intrusion detection systems based on deep learning
techniques: coherent taxonomy, challenges, motivations, recommendations, substantial analysis and future directions,” Neural
Computing and Applications, vol. 32, no. 14, pp. 9827–9858, Jul. 2020, doi: 10.1007/s00521-019-04557-3.
[8] M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: approaches,
datasets, and comparative study,” Journal of Information Security and Applications, vol. 50, 102419, Feb. 2020, doi:
10.1016/j.jisa.2019.102419.
[9] O. E. Elejla, B. Belaton, M. Anbar, and A. Alnajjar, “Intrusion detection systems of ICMPv6-based DDoS attacks,” Neural
Computing and Applications, vol. 30, no. 1, pp. 45–56, Jul. 2018, doi: 10.1007/s00521-016-2812-8.
[10] A. Aldweesh, A. Derhab, and A. Z. Emam, “Deep learning approaches for anomaly-based intrusion detection systems: a survey,
taxonomy, and open issues,” Knowledge-Based Systems, vol. 189, Feb. 2020, doi: 10.1016/j.knosys.2019.105124.
[11] A. A. Bahashwan, M. Anbar, and S. M. Hanshi, “Overview of IPv6 based DDoS and DoS attacks detection mechanisms,” in
Advances in Cyber Security, 2020, pp. 153–167.
[12] E. Hodo, X. Bellekens, A. Hamilton, C. Tachtatzis, and R. Atkinson, “Shallow and deep networks intrusion detection system: a
taxonomy and survey,” arXiv:1701.02145, pp. 1–43, Jan. 2017.
[13] R. K. Sharma, H. K. Kalita, and P. Borah, “Analysis of machine learning techniques based intrusion detection systems,” in
Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics, 2016, pp. 485–493.
[14] A. A. Bahashwan, M. Anbar, S. Manickam, I. H. Hasbullah, and M. A. Aladaileh, “Propose a flow-based approach for detecting
abnormal behavior in neighbor discovery protocol (NDP),” in Advances in Cyber Security, 2021, pp. 401–416.
[15] A. H. H. Kabla, M. Anbar, S. Manickam, and S. Karupayah, “Eth-PSD: a machine learning-based phishing scam detection
approach in ethereum,” IEEE Access, vol. 10, pp. 118043–118057, 2022, doi: 10.1109/ACCESS.2022.3220780.
[16] P. Mishra, V. Varadharajan, U. Tupakula, and E. S. Pilli, “A detailed investigation and analysis of using machine learning
techniques for intrusion detection,” IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 686–728, 2019, doi:
10.1109/COMST.2018.2847722.
[17] A. Javaid, Q. Niyaz, W. Sun, and M. Alam, “A deep learning approach for network intrusion detection system,” Proceedings of
the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS),
2016, doi: 10.4108/eai.3-12-2015.2262516.
[18] L. O. Anyanwu, J. Keengwe, and G. A. Arome, “Scalable intrusion detection with recurrent neural networks,” in 2010
Seventh International Conference on Information Technology: New Generations, 2010, pp. 919–923,
doi: 10.1109/ITNG.2010.45.
[19] M. Anbar, R. Abdullah, I. H. Hasbullah, Y.-W. Chong, and O. E. Elejla, “Comparative performance analysis of classification
algorithms for intrusion detection system,” in 2016 14th Annual Conference on Privacy, Security and Trust (PST), Dec. 2016,
pp. 282–288, doi: 10.1109/PST.2016.7906975.
[20] P. Winter, E. Hermann, and M. Zeilinger, “Inductive intrusion detection in flow-based network data using one-class support
vector machines,” in 2011 4th IFIP International Conference on New Technologies, Mobility and Security, Feb. 2011, pp. 1–5,
doi: 10.1109/NTMS.2011.5720582.
[21] D. Kwon, H. Kim, J. Kim, S. C. Suh, I. Kim, and K. J. Kim, “A survey of deep learning-based network anomaly detection,”
Cluster Computing, vol. 22, no. S1, pp. 949–961, Jan. 2019, doi: 10.1007/s10586-017-1117-8.
[22] A. H. H. Kabla et al., “Applicability of intrusion detection system on ethereum attacks: a comprehensive review,” IEEE Access,
vol. 10, pp. 71632–71655, 2022, doi: 10.1109/ACCESS.2022.3188637.
[23] H. Hindy et al., “A taxonomy of network threats and the effect of current datasets on intrusion detection systems,” IEEE Access,
vol. 8, pp. 104650–104675, 2020, doi: 10.1109/ACCESS.2020.3000179.
[24] Y. Hamid, M. Sugumaran, and L. Journaux, “Machine learning techniques for intrusion detection,” in Proceedings of the
International Conference on Informatics and Analytics, Aug. 2016, pp. 1–6, doi: 10.1145/2980258.2980378.
[25] T. A. Al-Amiedy, M. Anbar, B. Belaton, A. H. H. Kabla, I. H. Hasbullah, and Z. R. Alashhab, “A systematic literature review on
machine and deep learning approaches for detecting attacks in RPL-based 6LoWPAN of internet of things,” Sensors, vol. 22,
no. 9, p. 3400, Apr. 2022, doi: 10.3390/s22093400.
[26] A. Fadlil, I. Riadi, and S. Aji, “Review of detection DDoS attack detection using naive bayes classifier for network forensics,”
Bulletin of Electrical Engineering and Informatics, vol. 6, no. 2, pp. 140–148, Jun. 2017, doi: 10.11591/eei.v6i2.605.
[27] R. Vijayasarathy, S. V Raghavan, and B. Ravindran, “A system approach to network modeling for DDoS detection using a Na,”
in 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011), Jan. 2011, pp. 1–10, doi:
10.1109/COMSNETS.2011.5716474.
13. Int J Elec & Comp Eng ISSN: 2088-8708
Machine and deep learning techniques for detecting internet … (Arkan Hammoodi Hasan Kabla)
5629
[28] A. Salih, X. Ma, and E. Peytchev, “No detection and classification of covert channels in IPv6 using enhanced machine learning,”
in Proc. of The International Conference on Computer Technology and Information Systems, 2015, pp. 1–7.
[29] S. R. Sain, “The nature of statistical learning theory,” Technometrics, vol. 38, no. 4, Nov. 1996, doi:
10.1080/00401706.1996.10484565.
[30] A. Elsaeidy, K. S. Munasinghe, D. Sharma, and A. Jamalipour, “Intrusion detection in smart cities using restricted
boltzmann machines,” Journal of Network and Computer Applications, vol. 135, pp. 76–83, Jun. 2019,
doi: 10.1016/j.jnca.2019.02.026.
[31] T. Subbulakshmi, P. Parameswaran, C. Parthiban, M. Mariselvi, J. A. Anusha, and G. Mahalakshmi, “A unified approach for
detection and prevention of DDoS attacks using enhanced support vector machines and filtering mechanisms,” ICTACT Journal
on Communication Technology, vol. 04, no. 02, pp. 737–743, Jun. 2013, doi: 10.21917/ijct.2013.0105.
[32] J. Ye, X. Cheng, J. Zhu, L. Feng, and L. Song, “A DDoS attack detection method based on SVM in software defined network,”
Security and Communication Networks, vol. 2018, pp. 1–8, 2018, doi: 10.1155/2018/9804061.
[33] M. Zulkiflee, M. Ahmad, S. Sahib, and M. Ghani, “A framework of features selection for IPv6 network attacks detection,”
WSEAS Transactions on Communications, vol. 14, no. 46, pp. 399–408, 2015.
[34] J. Singh and M. J. Nene, “A survey on machine learning techniques for intrusion detection systems,” International Journal of
Advanced Research in Computer and Communication Engineering, vol. 2, no. 11, pp. 4349–4355, 2013.
[35] M. Zekri, S. El Kafhali, N. Aboutabit, and Y. Saadi, “DDoS attack detection using machine learning techniques in cloud
computing environments,” in 2017 3rd International Conference of Cloud Computing Technologies and Applications
(CloudTech), Oct. 2017, pp. 1–7, doi: 10.1109/CloudTech.2017.8284731.
[36] S. K. Pydipalli, S. Kasthuri, and J. S, “DDoS detection system using C4.5 decision tree algorithm,” International Research
Journal of Engineering and Technology (IRJET), vol. 14, no. 10, 2018.
[37] R. Ali and S. Kamthania, “A comparative study of different relevant features hybrid neural networks based intrusion detection
systems,” Advanced Materials Research, vol. 403–408, pp. 4703–4710, Nov. 2011, doi: 10.4028/www.scientific.net/AMR.403-
408.4703.
[38] R. M. A. Saad, M. Anbar, S. Manickam, and E. Alomari, “An intelligent ICMPv6 DDoS flooding-attack detection framework
(v6IIDS) using back-propagation neural network,” IETE Technical Review, vol. 33, no. 3, pp. 244–255, May 2016, doi:
10.1080/02564602.2015.1098576.
[39] E. Hodo et al., “Threat analysis of IoT networks using artificial neural network intrusion detection system,” in 2016
International Symposium on Networks, Computers and Communications (ISNCC), May 2016, pp. 1–6,
doi: 10.1109/ISNCC.2016.7746067.
[40] X. Hao, B. Meng, and K. Gu, “Detecting DDoS attack based on PSO clustering algorithm,” in Proceedings of the 2016 3rd
International Conference on Materials Engineering, Manufacturing Technology and Control, 2016, pp. 670–674, doi:
10.2991/icmemtc-16.2016.133.
[41] N. A. Putri, D. Stiawan, A. Heryanto, T. W. Septian, L. Siregar, and R. Budiarto, “Denial of service attack visualization with
clustering using k-means algorithm,” in 2017 International Conference on Electrical Engineering and Computer Science
(ICECOS), Aug. 2017, pp. 177–183, doi: 10.1109/ICECOS.2017.8167129.
[42] N. C. S. N. Iyengar and G. Ganapathy, “Chaotic theory based defensive mechanism against distributed denial of service attack in
cloud computing environment,” International Journal of Security and Its Applications, vol. 9, no. 9, pp. 197–212, Sep. 2015, doi:
10.14257/ijsia.2015.9.9.18.
[43] C. Balarengadurai and S. Saraswathi, “Comparative analysis of detection of DDoS attacks in IEEE 802.15.4 low
rate wireless personal area network,” Procedia Engineering, vol. 38, pp. 3855–3863, 2012,
doi: 10.1016/j.proeng.2012.06.442.
[44] L. Yao, L. ZhiTang, and L. Shuyu, “A fuzzy anomaly detection algorithm for IPv6,” in 2006 Semantics, Knowledge and Grid,
Second International Conference on, 2006, p. 67, doi: 10.1109/SKG.2006.5.
[45] R. M. A. Saad, “ICMPv6 flood attack detection using DENFIS algorithms,” Indian Journal of Science and Technology, vol. 7, no.
2, pp. 168–173, Feb. 2013, doi: 10.17485/ijst/2014/v7i2.5.
[46] M. Al-Shalabi, M. Anbar, and T.-C. Wan, “Genetic algorithm based protocols to select cluster heads and find multi-hop path in
wireless sensor networks: review,” MATEC Web of Conferences, vol. 218, 3019, Oct. 2018, doi:
10.1051/matecconf/201821803019.
[47] A. Chaudhary and G. Shrimal, “Intrusion detection system based on genetic algorithm for detection of distribution denial of
service attacks in MANETs,” SSRN Electronic Journal, 2019, doi: 10.2139/ssrn.3351807.
[48] M. Mizukoshi and M. Munetomo, “Distributed denial of services attack protection system with genetic algorithms on Hadoop
cluster computing framework,” in 2015 IEEE Congress on Evolutionary Computation (CEC), May 2015, pp. 1575–1580, doi:
10.1109/CEC.2015.7257075.
[49] A. H. Hasan, M. Anbar, and T. A. Alamiedy, “Deep learning approach for detecting router advertisement flooding-based
DDoS attacks,” Journal of Ambient Intelligence and Humanized Computing, pp. 1–15, Nov. 2022,
doi: 10.1007/s12652-022-04437-0.
[50] Y. Bengio, “Learning deep architectures for AI,” Foundations and Trends®in Machine Learning, vol. 2, no. 1, pp. 1–127, 2009,
doi: 10.1561/2200000006.
[51] M. A. Ferrag, L. A. Maglaras, H. Janicke, and R. Smith, “Deep learning techniques for cyber security intrusion detection : a
detailed analysis,” in 6th International Symposium for ICS & SCADA Cyber Security Research 2019, Sep. 2019, pp. 126–136,
doi: 10.14236/ewic/icscsr19.16.
[52] T. A. Tang, D. McLernon, L. Mhamdi, S. A. R. Zaidi, and M. Ghogho, “Intrusion detection in SDN-based networks: deep
recurrent neural network approach,” in Deep Learning Applications for Cyber Security, 2019, pp. 175–195.
[53] J. Kim, J. Kim, H. Le Thi Thu, and H. Kim, “Long short term memory recurrent neural network classifier for intrusion detection,”
in 2016 International Conference on Platform Technology and Service (PlatCon), Feb. 2016, pp. 1–5, doi:
10.1109/PlatCon.2016.7456805.
[54] O. E. Elejla, M. Anbar, S. Hamouda, S. Faisal, A. A. Bahashwan, and I. H. Hasbullah, “Deep-learning-based approach to detect
ICMPv6 flooding DDoS attacks on IPv6 networks,” Applied Sciences, vol. 12, no. 12, Jun. 2022, doi: 10.3390/app12126150.
[55] L. Deng, “A tutorial survey of architectures, algorithms, and applications for deep learning,” APSIPA Transactions on Signal and
Information Processing, vol. 3, Jan. 2014, doi: 10.1017/atsip.2013.9.
[56] M. Borovcnik, H.-J. Bentz, and R. Kapadia, “A probabilistic perspective,” in Chance Encounters: Probability in Education,
Dordrecht: Springer Netherlands, 1991, pp. 27–71.
[57] B. Abolhasanzadeh, “Nonlinear dimensionality reduction for intrusion detection using auto-encoder bottleneck features,” in 2015
7th Conference on Information and Knowledge Technology (IKT), May 2015, pp. 1–5, doi: 10.1109/IKT.2015.7288799.
14. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 5, October 2023: 5617-5631
5630
[58] F. Farahnakian and J. Heikkonen, “A deep auto-encoder based approach for intrusion detection system,” in 2018 20th
International Conference on Advanced Communication Technology (ICACT), Feb. 2018, pp. 178–183, doi:
10.23919/ICACT.2018.8323688.
[59] R. M. A. Ujjan, Z. Pervez, K. Dahal, A. K. Bashir, R. Mumtaz, and J. González, “Towards sFlow and adaptive polling sampling
for deep learning based DDoS detection in SDN,” Future Generation Computer Systems, vol. 111, pp. 763–779, Oct. 2020, doi:
10.1016/j.future.2019.10.015.
[60] M. Asad, M. Asim, T. Javed, M. O. Beg, H. Mujtaba, and S. Abbas, “Deepdetect: detection of distributed denial of service attacks
using deep learning,” The Computer Journal, vol. 63, no. 7, pp. 983–994, Jul. 2020, doi: 10.1093/comjnl/bxz064.
[61] Y. Imamverdiyev and F. Abdullayeva, “Deep learning method for denial of service attack detection based on restricted boltzmann
machine,” Big Data, vol. 6, no. 2, pp. 159–169, Jun. 2018, doi: 10.1089/big.2018.0023.
[62] M. Xin and Y. Wang, “Research on feature selection of intrusion detection based on deep learning,” in 2020 International
Wireless Communications and Mobile Computing (IWCMC), Jun. 2020, pp. 1431–1434, doi:
10.1109/IWCMC48107.2020.9148217.
[63] M. Z. Alom, V. Bontupalli, and T. M. Taha, “Intrusion detection using deep belief networks,” in 2015 National Aerospace and
Electronics Conference (NAECON), Jun. 2015, pp. 339–344, doi: 10.1109/NAECON.2015.7443094.
[64] F. Qu, J. Zhang, Z. Shao, and S. Qi, “An intrusion detection model based on deep belief network,” in Proceedings of the
2017 VI International Conference on Network, Communication and Computing, Dec. 2017, pp. 97–101, doi:
10.1145/3171592.3171598.
[65] Y. LeCun, “Learning invariant feature hierarchies,” in Computer Vision – ECCV 2012. Workshops and Demonstrations, 2012, pp.
496–505.
[66] J. Fan and K. Ling-zhi, “Intrusion detection algorithm based on convolutional neural network,” Transactions of Beijing Institute
of Technology, vol. 37, no. 12, pp. 1271–1275, 2017.
[67] G. K. De Teyou and J. Ziazet, “Convolutional neural network for intrusion detection system in cyber physical systems,” Prepr.
arXiv.1905.03168, May 2019.
[68] S. Haider, A. Akhunzada, G. Ahmed, and M. Raza, “Deep learning based ensemble convolutional neural network solution for
distributed denial of service detection in SDNs,” in 2019 UK/ China Emerging Technologies (UCET), Aug. 2019, pp. 1–4, doi:
10.1109/UCET.2019.8881856.
[69] H. Liu, B. Lang, M. Liu, and H. Yan, “CNN and RNN based payload classification methods for attack detection,” Knowledge-
Based Systems, vol. 163, pp. 332–341, Jan. 2019, doi: 10.1016/j.knosys.2018.08.036.
BIOGRAPHIES OF AUTHORS
Arkan Hammoodi Hasan Kabla was born in Iraq in 1993. He received a B.Sc.
degree in software engineering in Iraq in 2016 and an M.Sc. degree in internet engineering
from Universiti Sains Malaysia (USM), Malaysia, in 2020, where he is currently pursuing the
Ph.D. degree with the National Advanced IPv6 Centre (NAv6). His research interests include
machine learning, deep learning, anomaly detection, blockchain, and P2P networks. He can be
contacted at email: arkantaha93@gmail.com.
Mohammed Anbar obtained his Ph.D. in Advanced Internet Security and
Monitoring from University Sains Malaysia (USM). He is currently a senior lecturer at
National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia. His current research
interests include malware detection, web security, intrusion detection systems (IDS), intrusion
prevention systems (IPS), network monitoring, internet of things (IoT), and IPv6 security. He
can be contacted at email: anbar@usm.my.
Shady Hamouda is a faculty member at the Department of Information
technology at the Department of Business Information Technology, Liwa College of
Technology, Abu Dhabi, United Arab Emirates. He has over 13 years of experience and is
highly motivated, with a proven track record in Information Systems and Teaching. He got a
PhD from the Faculty of Computer Sciences, University Sains Malaysia, and Malaysia. He
obtained his master’s degree from the Faculty of Information Technology, University Utara
Malaysia, Malaysia, and his bachelor’s degree from the Faculty of Computer Engineering &
Information Technology, Al Azhar University, Palestine. He can be contacted at email:
shady.hamouda@ect.ac.ae.
15. Int J Elec & Comp Eng ISSN: 2088-8708
Machine and deep learning techniques for detecting internet … (Arkan Hammoodi Hasan Kabla)
5631
Abdullah Ahmed Bahashwan received a B.Sc. degree in computer applications
from Osmania University, Hyderabad, India, in 2012 and an M.Sc. degree in internet
engineering from the National Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia
(USM) in 2020, where he is currently pursuing the Ph.D. degree. His research interests include
computer networks, Internet Protocol version 6 (IPv6) security, network security, intrusion
detection systems (IDS), cloud computing, software defines networks (SDN), and the Internet
of Things (IoT). He can be contacted at email: aalhajran2011@gmail.com.
Taief Alaa Al-Amiedy received a B.Sc. degree in electronics and communication
engineering from the University of Kufa, Iraq, and an M.Sc. degree in internet engineering
from Universiti Sains Malaysia, Malaysia, where he is currently pursuing a Ph.D. degree with
the National Advanced IPv6 Centre (NAv6). His current research interests include mobile and
wireless communication, machine and deep learning techniques, network security, intrusion
detection systems (IDSs), the internet of things (IoT), and RPL security. He can be contacted at
email: taiefalaa@gmail.com.
Iznan Husainy Hasbullah received a B.Sc. degree in electrical engineering from
Rensselaer Polytechnic Institute, Troy, NY, USA. He is currently pursuing an M.Sc. degree in
advanced network security. He has experience working as a Software Developer, a Research
and Development Consultant, and a Network Security Auditor before joining the National
Advanced IPv6 Centre (NAv6), Universiti Sains Malaysia, in 2010, as a Research Officer. His
research interests include unified communication, telematics, network security, network
protocols, and next-generation networks. He can be contacted at email: iznan@usm.my.
Serri Faisal is an Assistant Professor and the Head of Business Information
Technology at the Emirates College of Technology. He holds a bachelor’s and a Master of
Science in Computer Science from Texas State University and a PhD in Technology
Management from Universiti Tun Hussein Onn Malaysia. In addition to teaching for over nine
years, he served as a Senior IT Project Manager and an IT Infrastructure Consultant. While
working in the industry for over 15 years, he gained broad experience in implementing
information technology solutions while leading several key projects in Fortune 500 companies
like Dell Technologies, Computer Science Corporation (CSC), and other recognized software
and financial companies in the United States. His current academic research is in applications'
persuasive system design. He can be contacted at email: serri.faisal@ect.ac.ae.