Firman Daru, April and Maulana Hirzan, Alauddin and Attarbashi, Zainab and Fanani, Fajriannoor (2025) Q-Learning-based detection of IPv6 intrusions: a behavioral and performance study. In: 2025 International Seminar on Application for Technology of Information and Communication (iSemantic), Semarang, Indonesia.
|
PDF
Download (1MB) | Preview |
Abstract
Intrusion attacks remain a persistent threat in computer networks, occurring unpredictably across various geographic locations. Among these, IPv6-based flood attacks are particularly concerning due to the expanded address space, which enables the transmission of large packets. This problem can significantly affect local network performance or completely deny service to targeted servers. While numerous studies have proposed intrusion detection systems based on supervised learning models, a critical limitation persists. These models require retraining to recognise new attacks. This time-consuming retraining process may increase vulnerability during adaptation periods, as the networks will be exposed to zero-day attacks until updated training data is available. To address this limitation, the present study proposes a self-learning model using reinforcement learning techniques, specifically the Q-Learning algorithm, to classify network intrusions based on learned behavioural patterns autonomously. The system improves classification accuracy with each training epoch, enhancing its reliability. Three agents were designed, each employing different exploration-exploitation strategies characterised by epsilon E-0.1, E-0.5, and E-0.9. This study launched different ICMPv6 attacks individually and gathered five million samples for each intrusion attack. The agent with E-0.1 demonstrated superior performance, achieving 198,235 correct classifications with a cumulative reward of 883,835. The agent followed this with E-0.5, which recorded 100,984 correct classifications and a total reward of 87,075. The agent with E-0.9 performed the poorest, with only 20,850 correct classifications and a negative cumulative reward of -714,035. The findings indicate that the proposed self-learning model based on Q-Learning can effectively identify network intrusions without requiring manual retraining, thereby offering a scalable and adaptive solution for real-time intrusion detection.
| Item Type: | Proceeding Paper (Plenary Papers) |
|---|---|
| Uncontrolled Keywords: | Training, Adaptation models, Q-learning , Transfer learning, Intrusion detection, Training data, Real-time systems, Classification algorithms, Network intrusion |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK7800 Electronics. Computer engineering. Computer hardware. Photoelectronic devices > TK7885 Computer engineering |
| Kulliyyahs/Centres/Divisions/Institutes (Can select more than one option. Press CONTROL button): | Kulliyyah of Information and Communication Technology Kulliyyah of Information and Communication Technology |
| Depositing User: | Dr Zainab Senan Mahmod |
| Date Deposited: | 31 Dec 2025 16:46 |
| Last Modified: | 31 Dec 2025 17:11 |
| Queue Number: | 2025-12-Q1259 |
| URI: | http://irep.iium.edu.my/id/eprint/126360 |
Actions (login required)
 |
View Item |
Download Statistics
Download Statistics