Computers & Security 128 (2023) 103169

Contents lists available at ScienceDirect

Computers & Security

journal homepage: www.elsevier.com/locate/cose

Machine learning-based jamming attack classification and effective

defense technique
Sun-Jin Lee a, Yu-Rim Lee a, So-Eun Jeon a, Il-Gu Lee a,b,∗
a
Department of Future Convergence Technology Engineering, Sungshin Women’s University, Seoul 02844, Republic of Korea
b
Department of Convergence Security Engineering, Sungshin Women’s University, Seoul 02844, Republic of Korea

a r t i c l e i n f o a b s t r a c t

Article history: The fourth industrial revolution has resulted in the intelligent Internet of Things being widely used for
Received 30 October 2022 home networking applications and smart infrastructure. Consequently, wireless connectivity has become
Revised 5 January 2023
essential in industrial and daily-life applications. Wireless communication is a continuously evolving tech-
Accepted 27 February 2023
nology that satisfies high-speed and ultra-low latency requirements. However, as multiple users utilize a
Available online 2 March 2023
single channel by sharing frequency and time, the service quality cannot be ensured owing to the in-
Keywords: terference from a congested network. Additionally, malicious attackers can compromise communication
Wi-Fi availability or destroy data integrity through jamming attacks, threatening human life and safety. Con-
Jamming attack ventional jamming attack detection and response technology respond to attacks without detecting the
Jammer classification type of jammer, exhibiting certain limitations in detecting and defending against an intelligent attack.
Jammer defense This study proposes a novel jammer classification and effective defense (JCED) algorithm that can classify
Basic service set coloring
jamming attack types using machine learning (ML) and provide differential responses based on the jam-
Battery draining
ming types. Depending on the jammer type, the JCED algorithm can adaptively select various response
methods, ranging from simple retransmission to active battery-draining attacks. The experimental results
verify that JCED exhibits 24.9% higher effective throughput and 23.4% lower energy consumption than
the countermeasure detection and consistency algorithm (CDCA). Moreover, JCED improves the effective
throughput by an average of approximately three times compared to CDCA in an environment with in-
tegrity violation attacks. Thus, the JCED is an effective defense mechanism against jamming attacks, en-
suring digital information safety and high throughput.
© 2023 Elsevier Ltd. All rights reserved.

1. Introduction
In the Information Age, digital information and communi-
cation infrastructure have become society’s and the economy’s
core. As Wi-Fi provides equal information access to anyone using
unlicensed bands, it is essential for industrial and daily life ap-
plications. Furthermore, the COVID-19 pandemic has resulted in
a significant increase in online service usage. This increase in the
number of devices used by individuals has increased the number
of Wi-Fi nodes. MarketsandMarkets (2021) predicted that the
global Wi-Fi market is expected to grow annually by 17.8%, from
$9.4 billion in 2020 to $25.2 billion in 2026. The advantage of
Wi-Fi is that the communication services can be used within the
range of an access point (AP) signal without any payment. How-
∗
Corresponding author at: Department of Future Convergence Technology Engi-
neering, Sungshin Women’s University, Seoul 02844, Republic of Korea.
E-mail addresses: 220214013@sungshin.ac.kr (S.-J. Lee),
220214014@sungshin.ac.kr (Y.-R. Lee), 220214016@sungshin.ac.kr (S.-E. Jeon),
iglee@sungshin.ac.kr (I.-G. Lee).
ever, the quality of service (QoS) cannot be ensured if the network
density increases and wireless devices use a wider bandwidth
(Priya and Malhotra, 2021). Moreover, if an attacker violates the
communication availability between medical devices with jam-
ming attacks, communication between medical devices connected
to the target AP may be delayed, resulting in poor QoS or causing
life and safety problems (Tsiatsis et al., 2019). Furthermore, some
instances of distributed denial of service attacks on vulnerabilities
in military communication and infrastructure networks have been
reported, affecting national security (Vadlamani et al., 2016).
Conventional jamming attack response techniques are known
to minimize the damage caused by jamming. Representative jam-
ming attack response techniques include characteristic- or machine
learning (ML)-based single jammer detection and response meth-
ods and channel- and frequency-hopping methods. The single-
jammer detection method classifies a suspected attack as a jam-
mer and responds to it regardless of its type. Channel-hopping
(Djuraev et al., 2017; Liu et al., 2021) and routing (Kim et al, 2021)
technology responds according to the channel and not the jam-
mer attack characteristics. Channel-hopping includes a proactive

https://doi.org/10.1016/j.cose.2023.103169
0167-4048/© 2023 Elsevier Ltd. All rights reserved.
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al.
method, wherein all nodes in the network move channels, and
a reactive method, where channel hopping occurs only when the
channel state changes (Kim, 2015). This was investigated until re-
cently because a simple response was possible regardless of the
jammer type. However, as jamming attacks have gradually evolved
into intelligent attacks, specific limitations exist in determining the
type of jammers using only a single-jammer detection and re-
sponse method (Lee and Kim, 2016; Park et al., 2022). Addition-
ally, as the channel resources used for channel-hopping are limited,
they are ineffective against jamming attacks. Moreover, if a uni-
form defense method is applied to several types of jammers, the
communication quality cannot be significantly improved. There-
fore, we developed a jammer classification and effective defense
(JCED) algorithm that can filter unintentional interference while
ensuring security through the basic service set (BSS) secure color-
ing technique and improve QoS through retransmission and active
attacks.
The primary contributions of this study can be summarized as
follows:
• First, the proposed JCED technique accurately classifies the jam-
ming attack types using an ML model to generate differential
responses to each jamming attack.
• Second, the effective throughput, delay, and energy consump-
tion are improved by applying differential response techniques,
such as jamming pattern avoidance, BSS secure coloring, and
battery consumption attacks depending on the type of jamming
attack.
• Lastly, a network simulation framework is developed to eval-
uate the jamming attack’s performance and the corresponding
countermeasures using a network attack traffic dataset.
The remainder of this paper is organized as follows.
Section 2 analyzes the existing studies on jammer counter-
measures. The proposed JCED technique is explained in Section 3.
The experimental conditions are described in Section 4, and the
JCED performance evaluation is presented in Section 5. Finally,
Section 6 summarizes the conclusions of the study.
2. Background and literature review
Jamming attacks can be divided into constant, random, de-
ceptive, reactive, and frequency-sweeping attacks (Pirayesh and
Zeng, 2022). Constant jamming attacks paralyze the bandwidth
by transmitting a continuous signal regardless of the carrier-sense
multiple access (CSMA) protocol. Although the implementation of
a constant jammer is simple, it is energy inefficient and easy to
detect as the signal is continuously transmitted (Lall et al., 2016).
Conversely, a random jamming attack transmits communication in-
terruption bits only during a random period and saves power dur-
ing the remaining time. Additionally, a random jammer is cost-
effective as it requires less energy than a constant jammer. How-
ever, it is inefficient in attack success because the attack level de-
creases with the power-saving time. Deceptive jamming attacks
disguise regular communication by continuously transmitting stan-
dard packets. Although deceptive jammers are energy inefficient,
their detection is challenging because they use standard packets.
By contrast, a reactive jamming attack transmits a signal when ac-
tive packet communication is detected by checking the channel
status. A reactive jammer requires a sensing circuit to check the
network status in real time. However, as attacks are generated only
when the data transmission process is detected, the possibility of
attack detection can be reduced, resulting in an energy-efficient at-
tack (Grover et al., 2014).
Recently, attacks that attempt to occupy channels using decep-
tive and reactive jammers, which are challenging to detect, and
2
Computers & Security 128 (2023) 103169
intelligent jamming attacks that bypass jammer detection are in-
creasing. Therefore, detecting these attacks and corresponding re-
sponses has been increasingly studied. Table 1 summarizes the ex-
isting studies on jammer detection and response. Here, the defense
capability refers to the ability of the method to respond after jam-
ming is detected. The defense capability is considered strong if the
method responds to the entire jammer and weak if the method
classifies only some jammers and responds to only specific jam-
mers. It is represented as inability if there is no response to any
jammer.
As indicated in Table 1, jammer detection techniques can
be divided into feature- and ML-based detection techniques.
Fadele et al. (2019) proposed a countermeasure detection and con-
sistency algorithm (CDCA) for detecting reactive jammers. CDCA
detected attacks by controlling the threshold parameter and de-
termining the node locations’ consistency through location-based
authentication. According to their experimental results, the CDCA
throughput exhibited 86% performance, a 10% improvement from
the conventional reactive jammer response method. Additionally,
energy consumption was reduced to 3%. However, as CDCA de-
fended only against reactive jammers, it did not respond to other
types of jamming attacks. Ibrahim et al. (2022) proposed a trap-
type response that created a dummy or pseudo-secondary user
(PSU) for jamming propagation detection to lure and trap attackers.
Their experimental results verified that the bandwidth efficiency of
the model with PSU was 1.7 times higher than that of the conven-
tional model. However, they reported a limitation: the method de-
tected and responded to only certain types of jammers and failed
to respond to bypass attacks from intelligent jammers. Su et al.
(2021) evaluated the jamming counter measurement algorithm us-
ing the Stackelberg game theory to suppress the communication of
smart jammers. However, the drawback of this method was that it
used only consistent response techniques rather than customized
responses to jammers.
Hachimi et al. (2020) evaluated the multi-classification perfor-
mance in ML using a wireless sensor network dataset (WSN-DS).
As the evaluation was performed using the multi-layer percep-
tron (MLP) and kernelized support vector machine (SVM) mod-
els, random, constant, reactive, deceptive, and standard jammers
were classified with an accuracy of approximately 94%. However,
the physical network was not modeled, and the response after
the attack was not considered. Kasturi et al. (2020) constructed
a jamming attack environment using a network simulator-3 (NS-
3) to propose a jammer classification in an ad hoc network and
created a training dataset. Herein, constant, reactive, and random
jammers were classified using MLP, k-nearest neighbor, decision
tree, and random forest (RF) models. Although a dataset was con-
structed in the study, no countermeasures were suggested, and de-
ceptive jammers were not detected. Arjoune et al. (2020) also de-
veloped a dataset, evaluated the classification model, and classi-
fied smart jammers with an accuracy of 96.6% in the RF model.
However, countermeasures were not considered, and the types of
jammers were not classified. Liu et al. (2019) proposed an in-
telligent jammer response method based on pattern recognition
that could respond to an attack despite the changes in the at-
tack method. However, prior information on the jammer was re-
quired to respond to a jamming attack. After identifying and tag-
ging various radio interference patterns considering the external
environment changes, the model was trained using reinforcement
learning. According to their experimental results, the processing
rate in the random switching environment was lower than that
of single learning at the experiment’s beginning, but the process-
ing performance gradually improved. Nevertheless, although this
study classified jammer patterns, the response remained consis-
tent. Xu et al. (2020) designed a double deep Q-network (DQN), a
Markov decision process model that uses raw spectral data to de-
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169

Table 1
Analysis of existing studies on jammer detection and response methods.

Defense
Existing studies Methods Limitations capability

Feature- • Signal strength and node position consistency analysis • Responds to only reactive jammers Weak
based Fadele et al. to identify jamming attacks • Difficult to detect in intelligent jamming attacks
detection (2019) • Monitor when the channel is idle and consider it as an
attack if it differs from standard traffic time
• Making dummy users of the network a honeypot for • Responds when intelligent jamming propagation Weak
Ibrahim et al. jamming propagation learns this pattern is not considered
(2022) • Leverage the fake mechanism to trap attackers and • Only a few jammers can detect and respond
increase bandwidth efficiency by up to 1.7 times
Su et al. • Using Stackelberg game theory to evaluate the power • No response depending on the type of jammer Weak
(2021) control performance in environments with smart
jammers
• Defend attacks using the jamming counter
measurement iteration algorithm
ML-based • Cloud radio access network (C-RAN) detects and • A communication environment is not designed; Inability
detection Hachimi et al. classifies four types of jamming attacks only datasets are used
(2020) • Only detection; no response technology
• ML-based classification method for constant, reactive, • No response technology in real-world Inability
Kasturi et al. and random jammers communication environments
(2020) • No response to deceptive jammers
• Investigate the types of jamming signals and use • Only detects jamming attacks; no response Inability
Arjoune et al. parameters to generate large datasets technology
(2020) • Evaluate performance by applying random forest (RF), Unable to classify jammer types
support vector machine (SVM), and neural network
(NN) methods
Liu et al. • Intelligent jamming detection and response to pattern • Although patterns are considered, the responses are Weak
(2019) recognition consistent
• Real-time raw spectrum information is obtained to • Uses only channel switching
generate datasets and respond by reinforcing learning
Xu. et al. • Anti-jamming technology based on a double deep Q • Consistent response with channel switching Weak
(2020) network (double DQN) • No performance evaluation for other types of
• Method responds to sweep, random, and sensing-based jammers
jamming attacks

tect and defend against typical channel jamming attacks, such as
sweeping and random sensing-based jamming. Additionally, they
proposed an anti-jamming method. They determined that a double
DQN was more effective in preventing jamming attacks than the
existing convolutional neural network-type Q-network. Although
several countermeasures were proposed in this study, the detection
and response methods for reactive and deceptive jammers were
not considered because only one type of jammer was classified
and operated as a single countermeasure in the communication
process. Thus, conventional research on jammer detection focused
on detecting a single jammer. Moreover, existing methods failed
to consider all jammers owing to their fragmentary responses. Al-
though jammer types were classified, no study directly used the
type information for defense.
3. JCED mechanism
The proposed JCED mechanism classifies jamming attack types
using an ML model and adaptively responds when a jamming at-
tack occurs in a Wi-Fi communication environment.
The RF model among ML algorithms was used for jammer clas-
sification. RF is an ensemble learning method that generates and
learns multiple decision trees and is a model that randomly selects
characteristics used in decision making. RF is used for classification
and regression problems and is easy to process extensive data. In
addition, essential features can be selected to optimize classifica-
tion performance. In this experiment, n_estimator and max_depth
values were set among RF parameters. n_estimator, the number
of trees in the forest is set to 50, and the maximum depth of the
tree max_depth is set to 0. In addition, the ratio of training data
and testing data was divided by 7:3.
The threat model used in this study includes network resource
consumption and data forgery attacks. Generally, attackers can dis-
rupt network availability through resource consumption attacks,
and data forgery attacks can destroy data integrity. In a network
resource consumption attack, the attacker can access and commu-
nicate with the network just like a regular user. Unlike normal
users, the attacker continuously accesses the victim’s system for
malicious purposes, depriving normal users of communication op-
portunities, paralyzing the victim’s system, and causing burnout.
Therefore, in network resource consumption attacks, the system
must ensure that normal users can use communication services
and control how resources are handled to minimize network re-
source consumption. An attacker can forge packets to imperson-
ate a regular user in a data forgery attack. If the system does not
recognize the packet’s integrity, it recognizes it as a regular user
and accepts the attacker. This enables the attacker to take over
the system and leak system resources. Therefore, in the case of
data falsification attacks, the system must constantly check the in-
tegrity of packets to prevent and respond to attackers in advance.
The JCED mechanism protects against availability violation attacks
by responding to each type of jammer. Additionally, it prevents in-
tegrity violation attacks through BSS secure coloring. Fig. 1 depicts
the network configuration of the JCED.
An overlapping BSS (OBSS) area exists in a dense network envi-
ronment where the AP coverage overlaps (Joshi et al., 2022). The
station (STA) in the OBSS received a packet from a neighboring
BSS in addition to the packet transmitted by the STA located in
its BSS. Wireless local-area network (WLAN) devices using CSMA
with collision avoidance (CSMA/CA) prevented collisions by check-
ing whether the wireless medium was empty. If the transmitted
packet collided, it waited as long as a random backoff. If a colli-
sion reoccurred, the waiting backoff time increased, and data were
transmitted when the medium was not used. This increased the
density of STAs and the probability of collision in a dense net-
work, which deteriorated QoS. In general, Wi-Fi 6 (802.11ax) sup-

3
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al.
Fig. 1. Network configuration of the jammer classification and effective defense (JCED) algorithm.
ports efficient spectrum use in dense networks by applying the BSS
coloring technique (Commscope, 2018). Therefore, the transmitting
STA filtered the unintentional interference from neighboring BSSs
by loading the BSS coloring information that determined its BSS in
the frame. The data throughput was improved using this process.
However, as the conventional BSS coloring was information added
to the header, an attacker could effortlessly falsify the header and
increase the effect of a jamming attack. The JCED algorithm filtered
unintentional interference in advance by checking the BSS coloring
(STA 5) when the STA received a packet. Additionally, BSS secure
coloring was inserted into the frame body and encrypted to pre-
vent data forgery attacks from deceptive jammers. It also classified
the jammer types using ML models. If an attack node generated a
continuous signal, such as a constant or random jammer, the STA
identified the attack pattern of the jammer. When the attack was
terminated, the retransmission of the unprocessed normal packet
was requested and processed (STA 4). Furthermore, when a reac-
tive jammer that attacked intelligently was detected, the STA trans-
mitted the jammer identification information to the AP (STA 3) and
requested the AP to attack. The AP performed an active battery-
draining attack to neutralize the attack from the reactive jammer.
Fig. 2 depicts the proposed JCED mechanism flowchart. When
one STA transmitted a packet to another, the receiver checked the
BSS secure coloring to filter the unnecessary signals generated in
the OBSS. If the BSS coloring did not match, the STA classified the
packet as interference and did not process it. As this process fil-
tered packets sent by an attacker, it served as a preventive tech-
nique for deceptive jammers.
Additionally, when intelligent jammers forged BSS coloring,
JCED verified the data integrity using BSS secure coloring en-
crypted in the frame body. Fig. 3 illustrates the Wi-Fi packet frame
structure, including the BSS coloring and secure coloring.
Typically, the physical protocol data unit (PPDU) comprises the
physical layer convergence protocol (PLCP) and PLCP service data
unit (PSDU) (ShareTechnote, 2022). Additionally, PLCP includes the
4
Computers & Security 128 (2023) 103169
signal, service, length, and cyclic redundancy code (CRC), whereas
PSDU includes a media access control (MAC) header, data, frame
check sequence (FCS), and an end delimiter. The receiver detects
the channel by calculating the expected duration of the frame
based on the PLCP preamble and header values. This is referred
to as the clear channel assessment. In 802.11ax, BSS coloring is in-
put into the header in PLCP, wherein BSS coloring comprises the
BSS color, partial BSS color, and disabled BSS color (Extreme Net-
works, 2021). In the proposed JCED, the plaintext BSS coloring
was entered in the header, and the encrypted BSS secure color-
ing value was also inserted in the PSDU. The advanced encryption
standard (AES) algorithm guaranteeing high stability and speed is
used for encryption. AES is a representative symmetric algorithm
and supports 128-bit encryption blocks and 128, 192, and 256-bit
key lengths. When an encryption algorithm is applied in a device
with limited computational resources, resource consumption can
be minimized by changing AES to lightweight encryption. After the
first verification using BSS coloring, the BSS secure coloring is de-
crypted. The second verification process contrasting with the BSS
coloring, confirms the correct BSS coloring and verifies the packet’s
integrity. BSS secure coloring included only partial BSS color, and
the integrity of BSS coloring was verified using only a few data
points. Thus, only the packet to be processed was rapidly deter-
mined through the BSS coloring value in the frame header to in-
crease the processing efficiency. The BSS secure coloring value en-
crypted in the PSDU was cross-verified to counter the tampering
with the BSS coloring.
Subsequently, JCED used an ML model to determine whether a
packet was attacked and the type of attack. Attacks were classi-
fied into constant, random, deceptive, and reactive jamming types.
When a constant jamming attack occurred, the STA identified the
duration when the attack was not in progress and attempted to re-
process the packet in that period to prevent the attack. An attack
pattern is checked if the attack packet type is classified as random
jamming. Time-series data is collected, and patterns are learned by
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al.
Fig. 2. Flowchart of the jammer classification and effective defense (JCED) mechanism.
Fig. 3. Wi-Fi packet frame structure.
inputting it into the ML model operating in the background. Packet
reprocessing avoids the attack by predicting the point at which the
attack is stopped. If a specific pattern was not identified, retrans-
mission was randomly attempted considering the energy efficiency
of the STA.
When a reactive jamming attack occurred, the STA performed a
battery-draining attack on the jammer, following which the reac-
tive jammer could not transmit more packets. Typically, a battery-
draining attack consumes the available resources of the STA by
transmitting numerous packets to ensure that the STA does not
switch to the power-saving mode (Lee et al., 2020). In general,
battery-draining techniques are used by attackers to destroy tar-
get node availability. However, the developed JCED attacked reac-
tive jammers with battery-draining to proactively respond to nodes
that generated intelligent attacks. If the STA detects a reactive jam-
mer with an ML model, the STA requests a battery-draining attack
to the AP to which power is connected. The AP generates a signal
capable of draining the reactive jammer and transmits the signal
continuously until regular communication with the reactive jam-
mer becomes impossible. This method enabled the STA to reduce
the time required to process abnormal packets from the reactive
jammer and process normal packets during the saved time.
5
Computers & Security 128 (2023) 103169
Fig. 4 depicts a block diagram of the proposed JCED mechanism.
The STA comprised a sender, receiver, BSS coloring checker,
jammer-type classifier, a data processing module, and a correspon-
dence module. The BSS coloring checker included header and body
checkers that checked for BSS coloring and secure coloring in the
packet frame. After checking the BSS coloring, ML model-based
multi-classification was performed using a jammer-type classifier.
If the packet was classified as a standard packet, it was processed.
The defense module was used to respond if it was not a nor-
mal packet. The correspondence module used a retransmission re-
quester to request retransmission to a normal node considering the
jammer pattern. Furthermore, battery-draining control information
was transmitted to the AP to handle the jammers actively. The
AP also comprised a sender and receiver. The AP transmitted the
BSS coloring to the STA, received the battery-draining control in-
formation from the STA, and generated an attack signal through
the signal generator. Subsequently, a battery-draining attack was
performed on the target node.
Algorithm 1 is the pseudo-code of JCED. The algorithm consists
of 5 steps. Step 1 is the node setting step which defines the pa-
rameters of the attacking node and the jamming node. BSS col-
oring checking is performed in step 2 to counter deceptive jam-
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169

Fig. 4. Block diagram of the simulation.

Algorithm 1
Pseudo-code for JCED

Input: Node configuration information, Network packets, Process capacity

Output: Detection accuracy, Throughput, Effective throughput, Delay, Energy
consumption
Step 1: Node setting
Normal_node Generation(node_config) Setting the number of normal nodes
Attacker Generation(node_config) Setting the number of attack nodes and jammer type
for all node do
max_capacity = Process capacity Set the available throughput of all nodes
max_battery = node_config Set the battery of all nodes
Step 2: Packet filtering (BSS Coloring Checker)
input_data = Network packets
for all node do
processing = sum(input_data) Aggregate data to be processed by each node
for all node do
for all packet do
if packet[bss_coloring] != packet[decrypted_bss_secure_coloring] Drop the packet if the decrypted bss secure
processing – processing[packet] coloring is different from the existing bss coloring
if processing[packet] != my_bss
processing – processing[packet] Drop packets if you have a different bss coloring
Step 3: ML-based jammer type detection
for all node do
for all packet do
model = random_forest() Train a ML model (random forest)
detection = model(processing[packet]) Classify packets using machine learning models
if detection == normal
real_processing += packet If it is normal, keep it in the processing target
else
Go to step 4 If it is not normal, go to step 4
Step 4: Detection and respond to jammer
for all node do
for all packet do
if packet == constant
retransmission_requester() Attempting retransmission when no attack is occurring
elif packet == random
pattern_checker() Try retransmission by checking the transmission pattern
retransmission_requester()
elif packet == reactive
battery_draining_initiator() Perform a battery draining attack
Step 5: Extract results after packet processing
for all node do
for all packet do
if max_capacity >= real_processing Packet processing within the node’s available throughput
process packets

6
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al.
mers. In step 3, jamming nodes are classified using an ML algo-
rithm, and each type of jammer is dealt with in step 4. In step 5,
packets determined to be transmitted from normal nodes are pro-
cessed within the available range.
4. Experimental setup
A packet transmission-reception environment was constructed
between STAs to verify the performance of JCED and tested in a
virtual AP environment of an ad hoc network. In this study, the
jammers assumed that the battery capacity of a typical mobile
device was 10 0 0 mAh. A normal STA comprised a mixture of a
continuously powered node and a node operating only on battery
power. Since jammers and STAs are assigned BSS Colorings within
a specific BSS range, the BSS Colorings of jammers and STAs may
be the same or different. In addition, there can be various attacks
in real communication situations. Therefore, in all experiments,
jammers were assumed to be a mixture of constant, random, de-
ceptive, and reactive jammers. The maximum throughput for each
STA was set to 32 Mbps. The experiment environment was tested
on Intel(R) Core(TM) i9-10850K 3.60 GHz CPU, 32.0 GB RAM, and
the simulator was implemented with Python version 3.8. AES of
cryptography v38.0.1 was used to implement BSS secure coloring,
and the RF algorithm provided by sklearn v1.1.2 was used. Also,
pandas v1.5.2 module was used to process and train packet data.
In addition to this, the random module was used to consider ran-
domness.
The WSN-DS dataset (Almomani et al., 2016) is widely used
in the wireless sensor network environment and includes vari-
ous attack cases (Tabbaa et al.). This dataset was used to con-
struct the data payload in the header and body of the packet
frame. The WSN-DS dataset comprises normal, blackhole, grayhole,
flooding, and scheduling attacks. According to a previous study
(Hachimi et al., 2020), a blackhole attack exhibits the character-
istics of a random jammer. A grayhole attack has the character-
istics of a constant jammer wherein certain packets are continu-
ously dropped. A flooding attack consumes energy by confusing
the channel decision and exhibits characteristics similar to reac-
tive jammers. Finally, the scheduling attack has the characteristics
of deceptive jammers. Therefore, WSN-DS labels were tested by la-
beling them as random, constant, reactive, and deceptive jammers
in this study. The CDCA model (Fadele et al., 2019) was used as
a comparative model, which detected and responded to reactive
jammers based on the jammer characteristics. Unlike ML-based
studies, CDCA can respond to jammers even in an environment
where channels are limited and show excellent response perfor-
mance among conventional feature-based detection studies.
The experiment used detection accuracy, effective throughput,
delay, and energy consumption as the evaluation indicators. Detec-
tion accuracy can be defined as Eq. (1).
Detection Accuracy (% )
Number o f nodes that correctl y cl assi f ied jammer types
= × 100.
Number o f total nodes
Detection accuracy was the ratio obtained by classifying a nor-
mal STA as normal and an attacking STA as an attack among the to-
tal number of STAs. In CDCA, the node types were classified based
on the threshold and location consistency evaluations according to
jammer characteristics. Conversely, the node types were classified
using ML models in JCED.
T hroughput (bps )
T he amount o f data t ransmit ted success f ul l y (bits )
= ,
T ime taken to transmit the entire packet (second )
Computers & Security 128 (2023) 103169
Table 2
Energy consumption values for each state.
State Value
TX power 100 mW
RX power 25 mW
IDLE power 5 mW
Effective T hroughput (bps )
T he amount o f normal data t ransmit ted success f ul l y (bits )
= .
T ime taken to transmit the entire packet (second )
(3)
The throughput and effective throughput were calculated using
Eqs. (2) and (3), respectively. The throughput measured the data
transmitted successfully. Therefore, packets transmitted by jam-
mers and those transmitted by normal STAs were added to the
throughput. By contrast, the effective throughput determined the
system throughput by considering only the throughput of packets
transmitted from a normal STA. The delay measured the average
retransmissions required to process a packet. Typically, STA allows
up to eight retransmissions in a Wi-Fi environment. Therefore, a
maximum of eight retransmissions were assumed in the experi-
ment. The energy consumption measured the energy used by each
STA when transmitting and receiving packets and the energy con-
sumed during data processing. Table 2 summarizes the energy con-
sumed according to the finite-state machine (FSM).
As indicated in Table 2, the state of the JCED was defined as
TX, RX, and IDLE. TX denoted a state where an STA transmitted a
packet to another STA, RX indicated a state where a packet was re-
ceived and processed, and IDLE represented a state where the STA
waited for transmission and reception. A typical packet’s TX, RX,
and IDLE powers were assumed to be 100, 25, and 5 mW, respec-
tively. In the BSS coloring and secure coloring schemes, 1 and 2
mW were consumed to transmit BSS coloring and secure coloring
indicators, respectively. If the packet contained a different BSS col-
oring, only 5 mW was used because only a part of the packet was
checked, and the entire packet was not processed.
5. Performance evaluation results and analysis
This section presents the JCED performance evaluation in the
simulation framework based on the network traffic dataset. Ini-
tially, the CDCA and JCED were compared according to the changes
in the number of STAs. Subsequently, the JCED performance in
single-type and multi-type correspondences was evaluated. Finally,
the performances of CDCA, BSS coloring of the general 802.11ax
standard, and JCED were compared and analyzed when the attack
attempt rate (AAR) was changed. Each result was compared with
an average of 10,0 0 0 replicates of the simulation.
5.1. Effective Throughput, Energy Consumption, and Delay
(1)
The performances of CDCA and JCED were compared when the
number of STAs increased from five to 50 in steps of five. Based
on the jammer-to-STA ratio (JSR), the experiments were divided
into JSR(Low), JSR(Med), and JSR(High) environments, wherein the
ratios were set to 20%, 50%, and 80%, respectively. In this case,
specific types of jammers were assumed to be evenly distributed,
and each STA transmitted and received packets at identical traf-
fic rates. The traffic rate refers to the number of packets transmit-
ted during the communication process. Furthermore, all jammers
were assumed to have the same AAR. JCED used an RF model dur-
(2) ing the experiment to measure the binary classification accuracy
7
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al.
Table 3
Comparison of time complexity for jammer detection steps.
Time
Traffic Size
Model (MB)
CDCA Low (13MB)
Med (26MB)
High (39MB)
JCED Low (13MB)
Med (26MB)
High (39MB)
Fig. 5. Detection accuracies of the countermeasure detection and consistency algo-
rithm (CDCA) and jammer classification and effective defense (JCED) algorithm.
while sampling each data type equally. The WSN-DS dataset used
in the experiment consists of 10,049 blackhole logs, 14,596 gray
hole logs, 3312 flooding logs, 6638 scheduling logs, and 340,066
normal logs. An experiment was conducted by randomly under-
sampling to solve the imbalanced data problem. In addition, pre-
processing was performed to measure the ML model’s classifica-
tion performance. The string-type features were replaced with la-
bel values through label encoding. The model was trained using
19 features without feature selection.
The CDCA measured the reactive jammer detection accuracy in
the same environment. Fig. 5 illustrates the detection accuracies of
CDCA and JCED according to JSR.
CDCA used the unique feature of reactive jammers to detect and
respond to attacks. Therefore, as the ratio of jammers increased,
the number of undetectable attacks increased, gradually decreas-
ing the accuracy. However, JCED accurately determined whether an
attack occurred in the RF model and detected jamming types with
an accuracy of 98.16%.
In addition, the time complexity of the CDCA and JCED models
is shown in Table 3. The processing latency according to the traffic
size was measured to evaluate the time complexity of CDCA and
JCED under various traffic conditions, and each traffic size name
was set to Low (13MB), Med (26MB), and High (39MB).
According to Table 3, CDCA is about 1.4 times faster than JCED
regarding data loading time. This is because it does not include a
preprocessing process for ML. CDCA also does not have a learn-
ing process. In contrast, JCED includes preprocessing and training
processes, increasing the time until classification. However, since
this training process is performed in the background only the first
time, and a pre-learned model is used for classification, there is no
significant difference from CDCA in terms of latency. Since the up-
Computers & Security 128 (2023) 103169
Data Loading & Model Training Model
Preprocessing (sec) (sec) Inference (sec)
0.1457 - 0.7228
0.2690 - 1.4810
0.4152 - 2.2403
0.2059 4.3571 0.2611
0.3712 9.9088 0.5509
0.5725 16.7505 0.8955
Fig. 6. Performance evaluation results of effective throughput.
date of the learned model is performed when the communication
environment is not complicated, it does not affect actual commu-
nication. In addition, CDCA has to compare according to the ruleset
and threshold set by the manager in the inference step. However,
JCED has a shorter detection time and higher jammer classifica-
tion accuracy because it classifies directly with the learned model.
Thus, using JCED rather than CDCA is recommended in all traffic-
size environments. However, in a low-power device environment
where background learning is impossible, giving up a high detec-
tion rate and fast inference time and selectively using CDCA can be
possible.
Fig. 6 depicts the effective throughput according to the changes
in the number of STAs. As CDCA could not avoid the jamming sig-
nals entirely, the effective throughput was maintained constant at
a lower point than that of JCED. Moreover, the higher the JSR in
CDCA, the more the jammers were misclassified. Therefore, CDCA
exhibited the lowest value in JSR(High). Conversely, JCED had a
higher throughput than CDCA regardless of JSR because it accu-
rately classified and responded to attacks.
Fig. 7 depicts the delay and energy consumption measurements
based on the increase in STAs. The lower the JSR, the larger the
number of normal nodes; therefore, the delay in the JSR(Low) en-
vironment increased compared to that observed in the JSR(High)
environment. As the number of STAs increased, the contention and
collision of normal STAs increased, increasing the delay caused by
retransmission. As the number of jammers increased in CDCA, the
delay rapidly increased in the JSR(Low), JSR(Med), and JSR(High)
environments. However, as JCED responded to all types of jam-
mers, the delay increased slowly compared to that observed in
CDCA despite the increase in the number of jammers. As indi-
cated in Fig. 7(b), CDCA consumed more RX power owing to an
increase in the false-positive rate during packet processing, result-
8
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al.
Fig. 7. Performance evaluation results regarding (a) delay and (b) energy consumption.
Table 4
Detection and defense capability of countermeasure cases.
Jammer type Detection and defense capability of countermeasure cases
JCED
CDCA (Constant)
Constant X O
jammer
Random X X
jammer
Deceptive X X
jammer
Reactive O X
jammer
ing in considerable total energy consumption. Notably, energy con-
sumption was high in the JSR(Low) environment, which involved
several retransmissions. In the case of JCED, overhead was ob-
served when BSS coloring was checked. Additionally, as the re-
active jammer consumed up to 10 0 0 mAh of energy during the
draining of each battery, the energy consumption rate was higher
than that observed in CDCA in specific environments. However,
as JCED filtered abnormal packets, the RX consumption was re-
duced; therefore, the overall energy consumption was lower than
that of the conventional model. Furthermore, CDCA and JCED ex-
hibited minor energy consumption in the JSR(High) environment
because the higher the JSR, the lower the proportion of normal
nodes. Thus the performance of JCED was improved compared to
CDCA for effective throughput, delay, and energy consumption in
all JSR environments. It was possible to achieve a 24.9% higher
effective throughput with 23.4% lower energy consumption than
CDCA.
5.2. Effectiveness of countermeasures for different jamming types
JCED used different countermeasures for different types of jam-
mers. Table 4 summarizes the countermeasure cases used to eval-
uate the single-type response method performance.
CDCA detected only reactive jammers and filtered the corre-
sponding packets. JCED(Constant), JCED(Random), JCED(Deceptive),
and JCED(Reactive) detected the jammer types based on ML. How-
ever, they responded only to specific types of jammers. The pro-
posed model JCED(All) detected all jammer types using ML models
Computers & Security 128 (2023) 103169
JCED JCED JCED
(Random) (Deceptive) (Reactive) JCED (All)
X X X O
O X X O
X O X O
X X O O
and responded differently to each type. Fig. 8 depicts the results of
the measured effective throughput and energy consumption when
the number of STAs increases in each case.
As CDCA detected and defended against only reactive jam-
mers (Fig. 8(a)), the effective throughput converged to a specific
value with increased STAs. Additionally, the effective throughput
of JCED, which included all response strategies, was the highest.
By contrast, in the case of models with only individual response
strategies, the effective throughput values of JCED(Constant)
and JCED(Random) were the highest. Furthermore, the effective
throughput was higher in the order of the JCED(Deceptive) and
JCED(Reactive), filtered with BSS secure coloring and attacked by
battery draining. As indicated in Fig. 8(b), CDCA showed low en-
ergy consumption as no BSS coloring was observed in the frame
header and body. In the case of JCED(Deceptive), the energy con-
sumption was relatively low because packet filtering was possible
with BSS coloring. In contrast, JCED(Constant) and JCED(Random)
could not filter through BSS coloring and consumed additional
energy during the retransmission process; therefore, the energy
consumption was considerably high. JCED(Reactive) also consumed
more energy than the other models when performing a battery-
draining attack. In other words, JCED improved the effective
throughput and energy consumption compared to the single-type
response methods of the proposed model and CDCA. Therefore, it
is recommended to apply all of JCED’s countermeasures in combi-
nation. However, if all of JCED’s countermeasures cannot be applied
in some countries or regions, some can be selected by referring to
this experiment’s results.
9
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al.
Fig. 8. Performance evaluation results in terms of (a) effective throughput and (b) energy consumption.
Fig. 9. Performance evaluation results regarding (a) effective throughput and (b) energy consumption.
5.3. Effectiveness of classification and defense
Effective throughput and energy consumption were measured
according to the changes in AAR in a network consisting of 10 STAs
to measure the performance of JCED against jamming attacks that
falsify BSS color. The AAR varied from 0% to 90%. When AAR was
0%, intentional interference did not occur; when it was 90%, the
interference was the highest. The maximum data generation rate
when no error existed during communication between the STAs
was set at 32 Mbps. If a packet was damaged owing to an in-
tegrity attack during communication, it was neither processed nor
reflected in the effective throughput despite being determined as a
normal packet.
Fig. 9 depicts the three models’ effective throughput and en-
ergy consumption measured according to the increase in AAR. As
the non-BSS coloring scheme processed unintentional interference
packets, the number of normal packets that could be processed de-
creased gradually. When only BSS coloring was applied, uninten-
tional interference was filtered out. However, packets whose in-
tegrity was destroyed by the changes in AAR could not be pro-
cessed. Consequently, both effective throughput and energy con-
10
Computers & Security 128 (2023) 103169
sumption were reduced. Conversely, in the BSS secure coloring
scheme, BSS coloring existed in the frame header, and BSS se-
cure coloring was observed in the body. As BSS coloring and se-
cure coloring were cross-checked, they exhibited strong charac-
teristics against threats. Therefore, the effective throughput did
not decrease with the increase in AAR. Furthermore, energy con-
sumption was not flexible because most normal packets could
be processed. JCED exhibited an average effective throughput of
3.05 times higher than the non-BSS coloring scheme. Addition-
ally, energy consumption increased by only 13.77%. Also, the ef-
fective throughput of JCED was improved by 72.79% compared to
the BSS coloring scheme. Therefore, when JCED was applied, effec-
tive throughput was higher than that of non-BSS and BSS coloring
schemes, improving the QoS.
6. Conclusions
Among the various sophisticated cyber-attacks, jamming attacks
are considered the most hazardous because they interfere with
users’ communication and manipulate users’ systems via intelli-
gent attacks. Typically, detecting and responding to intelligent at-
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al.
tacks using conventional methods is challenging. Therefore, we
propose a novel JCED algorithm that uses an ML model to classify
the types of jammers and adaptively apply different countermea-
sures based on the jammer types. The JCED responds using BSS
secure coloring and battery-draining attacks in addition to avoid-
ance, a general countermeasure. Therefore, an active defense tech-
nique can be applied, unlike conventional methods, which begin
to respond only when a jamming signal is an input. The perfor-
mance evaluation results verified that JCED performed better than
CDCA in effective throughput, delay, and energy consumption. Fur-
thermore, BSS secure coloring effectively reduced the impact of se-
lective jamming attacks and prevented frame forgery attacks. JCED
can respond more optimally than conventional models that only
detect and respond to jammers. Nevertheless, as the proposed al-
gorithm was tested in a simulation environment, the analysis was
limited to jamming attacks imposed by the WSN-DS datasets. In
the future, we plan to establish a network communication test bed
to measure the JCED performance and study algorithms to improve
response performance in an intelligent jamming environment. In
addition, the JCED model performance will be evaluated in a com-
munication environment other than Wi-Fi.
7. Funding
This work was partially supported by the National Research
Foundation of Korea (NRF) grant funded by the Ministry of Sci-
ence and ICT (MSIT) [grant number 2020R1F1A1061107], the Ko-
rea Institute for Advancement of Technology (KIAT) grant funded
by the Korean Government (MOTIE) [grant number P0 0 08703, The
Competency Development Program for Industry Specialist], and the
MSIT under the ICAN (ICT Challenge and Advanced Network of
HRD) program [grant number IITP-2022-RS-2022-00156310], su-
pervised by the Institute of Information & Communication Tech-
nology Planning and Evaluation (IITP).
Declaration of Competing Interest
The authors declare that they have no known competing finan-
cial interests or personal relationships that could have appeared to
influence the work reported in this paper.
CRediT authorship contribution statement
Sun-Jin Lee: Conceptualization, Methodology, Software, Valida-
tion, Writing – original draft. Yu-Rim Lee: Resources, Validation,
Writing – review & editing. So-Eun Jeon: Formal analysis, Visual-
ization, Writing – review & editing. Il-Gu Lee: Conceptualization,
Validation, Writing – review & editing, Supervision, Project admin-
istration, Funding acquisition.
Data availability
Data will be made available on request.
References
Almomani, I., Al-Kasasbeh, B., AL-Akhras, M., 2016. WSN-DS: a dataset for intrusion
detection systems in wireless sensor networks. J. Sens. 2016, 4731953. doi:10.
1155/2016/4731953.
Arjoune, Y., Salahdine, F., Islam, M.S., Ghribi, E., Kaabouch, N., 2020. A novel
jamming attacks detection approach based on machine learning for wireless
communication. In: 2020 International Conference on Information Networking
(ICOIN), pp. 459–464. doi:10.1109/ICOIN48656.2020.9016462.
Commscope, Wi-Fi 6 fundamentals: Basic Service Set Coloring (BSS Coloring),
https://www.commscope.com/blog/2018/wi- fi- 6- fundamentals- basic- service-
set- coloring- bss- coloring, 2018. (Accessed 31 August 2022).
Djuraev, S., Choi, J.G., Sohn, K.S., Nam, S.Y., 2017. Channel hopping scheme to
mitigate jamming attacks in wireless LANs. EURASIP J. Wirel. Com. Netw. 11.
doi:10.1186/s13638- 016- 0785- z, 2017.
11
Computers & Security 128 (2023) 103169
Extreme Networks, Learn About BSS Color in 802.11ax: Background, Defini-
tion, Set-up, https://www.extremenetworks.com/extreme-networks-blog/
what- is- bss- color- in- 802- 11ax, 2021. (Accessed 1 September 2022).
Fadele, A.A., Othman, M., Hashem, I.A., Yaqoob, I., Imran, M., Shoaib, M.,
2019. A novel countermeasure technique for reactive jamming attack in
internet of things. Multimed. Tools Appl. 78, 29899–29920. doi:10.1007/
s11042- 018- 6684- z.
Grover, K., Lim, A., Yang, Q., 2014. Jamming and anti-jamming techniques in wireless
networks: a survey. Int. J. Ad Hoc Ubiquitous Comput. 17, 197–215. doi:10.1504/
IJAHUC.2014.066419.
Hachimi, M., Kaddoum, G., Gagnon, G., Illy, P., 2020. Multi-stage jamming at-
tacks detection using deep learning combined with kernelized support vec-
tor machine in 5G cloud radio access networks. In: International Symposium
on Networks, Computers and Communications (ISNCC), pp. 1–5. doi:10.1109/
ISNCC49221.2020.9297290.
Ibrahim, K., Alnajim, A.M., Naveed Malik, A., Waseem, A., Alyahya, S., Islam, M.,
Khan, S., 2022. Entice to trap: enhanced protection against a rate-aware intel-
ligent jammer in cognitive radio networks. Sustainability 14, 2957. doi:10.3390/
su14052957.
Joshi, S., Roy, R., Bhat, R.V., Hathi, P., Akhtar, N., 2022. Dynamic distributed thresh-
old control for spatial reuse in IEEE 802.11 ax. In: 2022 National Conference on
Communications (NCC), pp. 373–378. doi:10.1109/NCC55593.2022.9806744.
Kasturi, G.S., Jain, A., Singh, J., 2020. Detection and classification of radio frequency
jamming attacks using machine learning. J. Wirel. Mob. Netw. Ubiquitous Com-
put. Depend. Appl. 11, 49–62. doi:10.22667/JOWUA.2020.12.31.049.
Kim, Y., 2015. Channel-hopping scheme for enhancing fairness performance under
smart jammer attacks in tactical WLANs. J. Kor. Inst. Commun. Inf. Sci. 40, 2188–
2195. doi:10.7840/kics.2015.40.11.2188.
Lee, I.G., Kim, M., 2016. Persistent jamming in wireless local area networks: attack
and defense. Comput. Netw. 109, 67–83. doi:10.1016/j.comnet.2016.06.024.
Lee, I.G., Go, K., Lee, G.H., 2020. Battery draining attack and defense against power
saving wireless lan devices. Sensors 20, 2043. doi:10.3390/s20072043.
Liu, S., Xu, Y., Chen, X., Wang, X., Wang, M., Li, W., Li, Y., Xu, Y., 2019. Pattern-
aware intelligent anti-jamming communication: a sequential deep reinforce-
ment learning approach. IEEE Access 7, 169204–169216. doi:10.1109/ACCESS.
2019.2954531.
Liu, Y., Zeng, Q., Zhao, Y., Wu, K., Hao, Y., 2021. Novel channel-hopping pattern-
based wireless IoT networks in smart cities for reducing multi-access inter-
ference and jamming attacks. EURASIP J. Wirel. Com. Netw. 152. doi:10.1186/
s13638- 021- 02029- 8, 2021.
MarketsandMarkets, Wi-Fi Market by Component (Hardware, Solution, and Ser-
vices), Density (High-density Wi-Fi and Enterprise-class Wi-Fi), Location Type
(Indoor and Outdoor), Organization Size, Vertical (Education, Retail and eCom-
merce), and Region (2022 - 2026), 2021. https://www.marketsandmarkets.com/
Market- Reports/global- wi- fi- market- 994.html (Accessed 31 August 2022).
Park, S.H., Joo, S., Lee, I.G., 2022. Secure visible light communication system via
cooperative attack detection techniques. IEEE Access 10, 20473–20485. doi:10.
1109/ACCESS.2022.3151627.
Pirayesh, H., Zeng, H., 2022. Jamming attacks and anti-jamming strategies in wire-
less networks: a comprehensive survey. IEEE Commun. Surv. Tutor. 24, 767–809.
doi:10.1109/COMST.2022.3159185.
Priya, B., Malhotra, J., 2021. QAAs: QoS provisioned artificial intelligence framework
for AP selection in next-generation wireless networks. Telecommun. Syst. 76,
233–249. doi:10.1007/s11235- 020- 00710- 9.
ShareTechnote, Wi-Fi, Frame Structure, http://sharetechnote.com/html/WLAN_
FrameStructure.html (Accessed 31 August 2022).
Su, Z., Qi, N., Yan, Y., Du, Z., Chen, J., Feng, Z., Wu, Q., 2021. Guarding legal commu-
nication with smart jammer: Stackelberg game based power control analysis.
China Commun. 18, 126–136. doi:10.23919/JCC.2021.04.010.
Tabbaa, H., Ifzarne, S., Imad, H. An online ensemble learning model for detecting
attacks in wireless sensor networks. Arxiv. doi:10.48550/arXiv.2204.13814.
Tsiatsis, V., Karnouskos, S., Höller, J., Boyle, D., Mulligan, C., 2019. Chapter 6-Security,
in: Internet of Things (Second Edition). Academic Press, pp. 127–142. doi:10.
1016/B978- 0- 12- 814435- 0.0 0 018-3.
Vadlamani, S., Eksioglu, B., Medal, H, Nandi, A., 2016. Jamming attacks on wireless
networks: a taxonomic survey. Int. J. Prod. Econ. 172, 76–94. doi:10.1016/j.ijpe.
2015.11.008.
Xu, J., Lou, H., Zhang, W., Sang, G., 2020. An intelligent anti-jamming scheme for
cognitive radio based on deep reinforcement learning. IEEE Access 8, 202563–
202572. doi:10.1109/ACCESS.2020.3036027.
Sun-Jin Lee received her B.S. Degree in convergence
security engineering from Sungshin Women’s Univer-
sity, Seoul, Korea, in 2021. She is currently pursuing an
M.S. degree in future convergence technology engineer-
ing from Sungshin University, Seoul, Korea. Her current
research interests are in the area of endpoint security,
biometric authentication, wireless networks, and conver-
gence security using deep learning.
S.-J. Lee, Y.-R. Lee, S.-E. Jeon et al. Computers & Security 128 (2023) 103169

Yu-Rim Lee received her B.S. Degree in convergence Il-Gu Lee received his B.S. Degree in electrical engineer-
security engineering from Sungshin Women’s Univer- ing from Sogang University, Seoul, Korea, in 2003, and
sity, Seoul, Korea, in 2021. She is currently pursuing an his M.S. degree in the Department of Information and
M.S. degree in future convergence technology engineering Communications Engineering from Korea Advanced Insti-
from Sungshin Women’s University, Seoul, Korea. Her cur- tute of Science and Technology (KAIST), Daejeon, Korea, in
rent research interests are in the area of artificial intelli- 2005. He received his PhD degree in the Graduate School
gence, threat defense, malware detection, and Internet of of Information Security in Computer Science & Engineer-
Things. ing Department from KAIST in 2016. He is a professor
at the Department of Convergence Security Engineering,
Sungshin Women’s University (SWU), Seoul, Korea. Before
joining SWU in March 2017, he was with the Electron-
ics and Telecommunications Research Institute (ETRI) as
a senior researcher from 2005 to 2017 and served as a
principal architect and project leader for Newratek (KR) and Newracom (US) from
So-Eun Jeon received her B.S. Degree in convergence
2014 to 2017. His current research interests are in the area of wireless/mobile net-
security engineering from Sungshin Women’s Univer-
works with an emphasis on information security, networks, wireless circuits, and
sity, Seoul, Korea, in 2021. She is currently pursuing an
systems. He has authored/coauthored more than 100 technical papers in the areas
M.S. degree in future convergence technology engineer-
of information security, wireless networks, and communications, and holds about
ing from Sungshin Women’s University, Seoul, Korea. Her
160 patents. He is also an active participant in and contributor to the IEEE 802.11
current research interests are in the areas of conver-
WLAN standardization committee.
gence security, endpoint security, wireless networks, and
AI convergence technologies, with an emphasis on secure
IoT/wireless network and anomaly detection.

12