Heuristic intrusion detection technique based on nonlinear regression and sigmoid function

Document Type : English Original Article

Authors

IT faculty, KN Toosi University of Technology,Tehran,Iran

Abstract

The expansion of Internet technologies during the last decades has led to the dependence of user’s activities in cyberspace on services provided by computer networks. One of the most important services is Intrusion Detection System (IDS) which controls network traffic for detecting abnormal behavior as well as anomaly activities. The robustness of the IDS is considered as an essential issue in the networks. In this paper, a brand new model based on meta-heuristic algorithms is projected to detect abnormal packets. In order to develop a high-performance strategy, a benchmark dataset (NSL-KDD), high-accuracy feature selection method and four meta-heuristic algorithms are employed. The dataset consists of 150490 normal and abnormal packets which are captured from a military network connection, and 16 most important features are extracted among 41 features using wrapper feature selection method. The mentioned feature selection method uses the naïve-bayesian approach to evaluate feature subsets. After the feature selection process, four meta-heuristic algorithms are utilized to detect the anomalies in network. The parameters of the cost function (a combination of non-linear regression and sigmoid) are optimized using meta-heuristic algorithms. The experimental results show that the imperialist competitive algorithm (ICA) outperforms other implemented meta-heuristic algorithms in terms of accuracy.

Keywords

[1]     W.-C. Lin, S.-W. Ke, and C.-F. J. K.-b. s. Tsai, "CANN: An intrusion detection system based on combining cluster centers and nearest neighbors," vol. 78, pp. 13-21, 2015.

[2]     N. Hubballi and V. J. C. C. Suryanarayanan, "False alarm minimization techniques in signature-based intrusion detection systems: A survey," vol. 49, pp. 1-17, 2014.

[3]     P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," computers & security, vol. 28, no. 1-2, pp. 18-28, 2009.

[4]     R. A. R. Ashfaq, X.-Z. Wang, J. Z. Huang, H. Abbas, and Y.-L. J. I. S. He, "Fuzziness based semi-supervised learning approach for intrusion detection system," vol. 378, pp. 484-497, 2017.

[5]     M. A. M. Hasan, M. Nasser, S. Ahmad, and K. I. J. J. o. i. s. Molla, "Feature selection for intrusion detection using random forest," vol. 7, no. 03, p. 129, 2016.

[6]     M. Xiao, H. J. I. Nagamochi, and Computation, "Exact algorithms for maximum independent set," vol. 255, pp. 126-146, 2017.

[7]     J. Wang, M. Yin, and J. J. T. C. S. Wu, "Two approximate algorithms for model counting," vol. 657, pp. 28-37, 2017.

[8]     E. K. Burke, M. Hyde, G. Kendall, G. Ochoa, E. Özcan, and J. R. Woodward, "A classification of hyper-heuristic approaches," in Handbook of metaheuristics: Springer, 2010, pp. 449-468.

[9]     G. L. Pappa et al., "Contrasting meta-learning and hyper-heuristic research: the role of evolutionary algorithms," vol. 15, no. 1, pp. 3-35, 2014.

[10]   M. Babagoli, M. P. Aghababa, and V. J. S. C. Solouk, "Heuristic nonlinear regression strategy for detecting phishing websites," pp. 1-13, 2018.

[11]   X.-S. Yang, Nature-inspired metaheuristic algorithms. Luniver press, 2010.

[12]   J. M. Framinan, J. N. Gupta, and R. J. J. o. t. O. R. S. Leisten, "A review and classification of heuristics for permutation flow-shop scheduling with makespan objective," vol. 55, no. 12, pp. 1243-1255, 2004.

[13]   A. M. Shaheen, S. R. Spea, S. M. Farrag, and M. A. J. A. S. E. J. Abido, "A review of meta-heuristic algorithms for reactive power planning problem," vol. 9, no. 2, pp. 215-231, 2018.

[14]   M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on, 2009, pp. 1-6: IEEE.

[15]   A. Waskita, H. Suhartanto, P. Persadha, and L. T. Handoko, "A simple statistical analysis approach for intrusion detection system," in Systems, Process & Control (ICSPC), 2013 IEEE Conference on, 2013, pp. 193-197: IEEE.

[16]   N. Moustafa and J. J. I. S. J. A. G. P. Slay, "The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set," vol. 25, no. 1-3, pp. 18-31, 2016.

[17]   J. Jabez and B. J. P. C. S. Muthukumar, "Intrusion Detection System (IDS): Anomaly detection using outlier detection approach," vol. 48, pp. 338-346, 2015.

[18]   H. Sadreazami, A. Mohammadi, A. Asif, K. N. J. I. T. o. S. Plataniotis, and I. P. o. Networks, "Distributed-Graph-Based Statistical Approach for Intrusion Detection in Cyber-Physical Systems," vol. 4, no. 1, pp. 137-147, 2018.

[19]   C. Manikopoulos and S. J. I. C. M. Papavassiliou, "Network intrusion and fault detection: a statistical anomaly approach," vol. 40, no. 10, pp. 76-82, 2002.

[20]   O. Almomani, "A Hybrid Model Using Bio-Inspired Metaheuristic Algorithms for Network Intrusion Detection System," CMC-COMPUTERS MATERIALS & CONTINUA, vol. 68, no. 1, pp. 409-429, 2021.

[21]   S. Hosseini and B. M. H. Zade, "New hybrid method for attack detection using combination of evolutionary algorithms, SVM, and ANN," Computer Networks, vol. 173, p. 107168, 2020.

[22]   C. I. Rene and J. J. I. Abdullah, "Malicious Code Intrusion Detection using Machine Learning And Indicators of Compromise," 2017.

[23]   C. Kruegel and T. Toth, "Using decision trees to improve signature-based intrusion detection," in International Workshop on Recent Advances in Intrusion Detection, 2003, pp. 173-191: Springer.

[24]   R. R. Patel and C. S. Thaker, "Zero-day attack signatures detection using honeypot," in International Conference on Computer Communication and Networks (CSI-COMNET), 2011.

[25]   S. O. Al-Mamory and H. Zhang, "A survey on IDS alerts processing techniques," in Proceeding of the 6th WSEAS international conference on information security and privacy (ISP’07), Spain, 2007, pp. 69-78.

[26]   P. A. Porras, M. W. Fong, and A. Valdes, "A mission-impact-based approach to INFOSEC alarm correlation," in International Workshop on Recent Advances in Intrusion Detection, 2002, pp. 95-114: Springer.

[27]   M. J. I. J. o. C. A. Gupta, "Hybrid Intrusion Detection System: Technology and Development," vol. 115, no. 9, 2015.

[28]   I. Dutt, S. Borah, I. K. Maitra, K. Bhowmik, A. Maity, and S. Das, "Real-Time Hybrid Intrusion Detection System Using Machine Learning Techniques," in Advances in Communication, Devices and Networking: Springer, 2018, pp. 885-894.

[29]   C. Amza, C. Leordeanu, and V. Cristea, "Hybrid network intrusion detection," in Intelligent Computer Communication and Processing (ICCP), 2011 IEEE International Conference on, 2011, pp. 503-510: IEEE.

[30]   C. Estan and G. Magin, "Interactive Traffic Analysis and Visualization with Wisconsin Netpy," in LISA, 2005, vol. 5, pp. 17-17.

[31]   D. Santoro, G. Escudero-Andreu, K. G. Kyriakopoulos, F. J. Aparicio-Navarro, D. J. Parish, and M. J. M. Vadursi, "A hybrid intrusion detection system for virtual jamming attacks on wireless networks," vol. 109, pp. 79-87, 2017.

[32]   N. V. Abhishek, T. J. Lim, B. Sikdar, and A. Tandon, "An Intrusion Detection System for Detecting Compromised Gateways in Clustered IoT Networks," in 2018 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR), 2018, pp. 1-6: IEEE.

[33]   H. Bostani and M. J. C. C. Sheikhan, "Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach," vol. 98, pp. 52-71, 2017.

[34]   S. Aljawarneh, M. Aldwairi, and M. B. J. J. o. C. S. Yassein, "Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model," vol. 25, pp. 152-160, 2018.

[35]   G. J. N. I. D'Agostini, S. Methods in Physics Research Section A: Accelerators, Detectors, and A. Equipment, "A multidimensional unfolding method based on Bayes' theorem," vol. 362, no. 2-3, pp. 487-498, 1995.

[36]   J. Chen, H. Huang, S. Tian, and Y. J. E. S. w. A. Qu, "Feature selection for text classification with Naïve Bayes," vol. 36, no. 3, pp. 5432-5435, 2009.

[37]   S. Shamshirband, A. Amini, N. B. Anuar, M. L. M. Kiah, Y. W. Teh, and S. J. M. Furnell, "D-FICCA: A density-based fuzzy imperialist competitive clustering algorithm for intrusion detection in wireless sensor networks," vol. 55, pp. 212-226, 2014.

[38]   W. Feng, Q. Zhang, G. Hu, and J. X. J. F. G. C. S. Huang, "Mining network data for intrusion detection through combining SVMs with ant colony networks," vol. 37, pp. 127-140, 2014.

[39]   D. J. S. Whitley and computing, "A genetic algorithm tutorial," vol. 4, no. 2, pp. 65-85, 1994.

[40]   P. N. Suganthan, "Particle swarm optimiser with neighbourhood operator," in Evolutionary Computation, 1999. CEC 99. Proceedings of the 1999 Congress on, 1999, vol. 3, pp. 1958-1962: IEEE.

[41]   B. S. Bhati and C. Rai, "Ensemble Based Approach for Intrusion Detection Using Extra Tree Classifier," in Intelligent Computing in Engineering: Springer, 2020, pp. 213-220.

[42]   Z.-H. Chen and C.-W. Tsai, "An Effective Metaheuristic Algorithm for Intrusion Detection System," in 2018 IEEE International Conference on Smart Internet of Things (SmartIoT), 2018, pp. 154-159: IEEE.

[43]   O. C. Abikoye, T. O. Aro, R. O. Obisesan, and A. N. Babatunde, "Hybridized Intrusion Detection System Using Genetic and Tabu Search Algorithm," 2017.

[44]   A. J. Wilson and S. Giriprasad, "A Feature Selection Algorithm for Intrusion Detection System Based On New Meta-Heuristic Optimization," Journal of Soft Computing and Engineering Applications, vol. 1, no. 1, 2020.

References

[1]     W.-C. Lin, S.-W. Ke, and C.-F. J. K.-b. s. Tsai, "CANN: An intrusion detection system based on combining cluster centers and nearest neighbors," vol. 78, pp. 13-21, 2015.
[2]     N. Hubballi and V. J. C. C. Suryanarayanan, "False alarm minimization techniques in signature-based intrusion detection systems: A survey," vol. 49, pp. 1-17, 2014.
[3]     P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, and E. Vázquez, "Anomaly-based network intrusion detection: Techniques, systems and challenges," computers & security, vol. 28, no. 1-2, pp. 18-28, 2009.
[4]     R. A. R. Ashfaq, X.-Z. Wang, J. Z. Huang, H. Abbas, and Y.-L. J. I. S. He, "Fuzziness based semi-supervised learning approach for intrusion detection system," vol. 378, pp. 484-497, 2017.
[5]     M. A. M. Hasan, M. Nasser, S. Ahmad, and K. I. J. J. o. i. s. Molla, "Feature selection for intrusion detection using random forest," vol. 7, no. 03, p. 129, 2016.
[6]     M. Xiao, H. J. I. Nagamochi, and Computation, "Exact algorithms for maximum independent set," vol. 255, pp. 126-146, 2017.
[7]     J. Wang, M. Yin, and J. J. T. C. S. Wu, "Two approximate algorithms for model counting," vol. 657, pp. 28-37, 2017.
[8]     E. K. Burke, M. Hyde, G. Kendall, G. Ochoa, E. Özcan, and J. R. Woodward, "A classification of hyper-heuristic approaches," in Handbook of metaheuristics: Springer, 2010, pp. 449-468.
[9]     G. L. Pappa et al., "Contrasting meta-learning and hyper-heuristic research: the role of evolutionary algorithms," vol. 15, no. 1, pp. 3-35, 2014.
[10]   M. Babagoli, M. P. Aghababa, and V. J. S. C. Solouk, "Heuristic nonlinear regression strategy for detecting phishing websites," pp. 1-13, 2018.
[11]   X.-S. Yang, Nature-inspired metaheuristic algorithms. Luniver press, 2010.
[12]   J. M. Framinan, J. N. Gupta, and R. J. J. o. t. O. R. S. Leisten, "A review and classification of heuristics for permutation flow-shop scheduling with makespan objective," vol. 55, no. 12, pp. 1243-1255, 2004.
[13]   A. M. Shaheen, S. R. Spea, S. M. Farrag, and M. A. J. A. S. E. J. Abido, "A review of meta-heuristic algorithms for reactive power planning problem," vol. 9, no. 2, pp. 215-231, 2018.
[14]   M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set," in Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on, 2009, pp. 1-6: IEEE.
[15]   A. Waskita, H. Suhartanto, P. Persadha, and L. T. Handoko, "A simple statistical analysis approach for intrusion detection system," in Systems, Process & Control (ICSPC), 2013 IEEE Conference on, 2013, pp. 193-197: IEEE.
[16]   N. Moustafa and J. J. I. S. J. A. G. P. Slay, "The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set," vol. 25, no. 1-3, pp. 18-31, 2016.
[17]   J. Jabez and B. J. P. C. S. Muthukumar, "Intrusion Detection System (IDS): Anomaly detection using outlier detection approach," vol. 48, pp. 338-346, 2015.
[18]   H. Sadreazami, A. Mohammadi, A. Asif, K. N. J. I. T. o. S. Plataniotis, and I. P. o. Networks, "Distributed-Graph-Based Statistical Approach for Intrusion Detection in Cyber-Physical Systems," vol. 4, no. 1, pp. 137-147, 2018.
[19]   C. Manikopoulos and S. J. I. C. M. Papavassiliou, "Network intrusion and fault detection: a statistical anomaly approach," vol. 40, no. 10, pp. 76-82, 2002.
[20]   O. Almomani, "A Hybrid Model Using Bio-Inspired Metaheuristic Algorithms for Network Intrusion Detection System," CMC-COMPUTERS MATERIALS & CONTINUA, vol. 68, no. 1, pp. 409-429, 2021.
[21]   S. Hosseini and B. M. H. Zade, "New hybrid method for attack detection using combination of evolutionary algorithms, SVM, and ANN," Computer Networks, vol. 173, p. 107168, 2020.
[22]   C. I. Rene and J. J. I. Abdullah, "Malicious Code Intrusion Detection using Machine Learning And Indicators of Compromise," 2017.
[23]   C. Kruegel and T. Toth, "Using decision trees to improve signature-based intrusion detection," in International Workshop on Recent Advances in Intrusion Detection, 2003, pp. 173-191: Springer.
[24]   R. R. Patel and C. S. Thaker, "Zero-day attack signatures detection using honeypot," in International Conference on Computer Communication and Networks (CSI-COMNET), 2011.
[25]   S. O. Al-Mamory and H. Zhang, "A survey on IDS alerts processing techniques," in Proceeding of the 6th WSEAS international conference on information security and privacy (ISP’07), Spain, 2007, pp. 69-78.
[26]   P. A. Porras, M. W. Fong, and A. Valdes, "A mission-impact-based approach to INFOSEC alarm correlation," in International Workshop on Recent Advances in Intrusion Detection, 2002, pp. 95-114: Springer.
[27]   M. J. I. J. o. C. A. Gupta, "Hybrid Intrusion Detection System: Technology and Development," vol. 115, no. 9, 2015.
[28]   I. Dutt, S. Borah, I. K. Maitra, K. Bhowmik, A. Maity, and S. Das, "Real-Time Hybrid Intrusion Detection System Using Machine Learning Techniques," in Advances in Communication, Devices and Networking: Springer, 2018, pp. 885-894.
[29]   C. Amza, C. Leordeanu, and V. Cristea, "Hybrid network intrusion detection," in Intelligent Computer Communication and Processing (ICCP), 2011 IEEE International Conference on, 2011, pp. 503-510: IEEE.
[30]   C. Estan and G. Magin, "Interactive Traffic Analysis and Visualization with Wisconsin Netpy," in LISA, 2005, vol. 5, pp. 17-17.
[31]   D. Santoro, G. Escudero-Andreu, K. G. Kyriakopoulos, F. J. Aparicio-Navarro, D. J. Parish, and M. J. M. Vadursi, "A hybrid intrusion detection system for virtual jamming attacks on wireless networks," vol. 109, pp. 79-87, 2017.
[32]   N. V. Abhishek, T. J. Lim, B. Sikdar, and A. Tandon, "An Intrusion Detection System for Detecting Compromised Gateways in Clustered IoT Networks," in 2018 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR), 2018, pp. 1-6: IEEE.
[33]   H. Bostani and M. J. C. C. Sheikhan, "Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach," vol. 98, pp. 52-71, 2017.
[34]   S. Aljawarneh, M. Aldwairi, and M. B. J. J. o. C. S. Yassein, "Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model," vol. 25, pp. 152-160, 2018.
[35]   G. J. N. I. D'Agostini, S. Methods in Physics Research Section A: Accelerators, Detectors, and A. Equipment, "A multidimensional unfolding method based on Bayes' theorem," vol. 362, no. 2-3, pp. 487-498, 1995.
[36]   J. Chen, H. Huang, S. Tian, and Y. J. E. S. w. A. Qu, "Feature selection for text classification with Naïve Bayes," vol. 36, no. 3, pp. 5432-5435, 2009.
[37]   S. Shamshirband, A. Amini, N. B. Anuar, M. L. M. Kiah, Y. W. Teh, and S. J. M. Furnell, "D-FICCA: A density-based fuzzy imperialist competitive clustering algorithm for intrusion detection in wireless sensor networks," vol. 55, pp. 212-226, 2014.
[38]   W. Feng, Q. Zhang, G. Hu, and J. X. J. F. G. C. S. Huang, "Mining network data for intrusion detection through combining SVMs with ant colony networks," vol. 37, pp. 127-140, 2014.
[39]   D. J. S. Whitley and computing, "A genetic algorithm tutorial," vol. 4, no. 2, pp. 65-85, 1994.
[40]   P. N. Suganthan, "Particle swarm optimiser with neighbourhood operator," in Evolutionary Computation, 1999. CEC 99. Proceedings of the 1999 Congress on, 1999, vol. 3, pp. 1958-1962: IEEE.
[41]   B. S. Bhati and C. Rai, "Ensemble Based Approach for Intrusion Detection Using Extra Tree Classifier," in Intelligent Computing in Engineering: Springer, 2020, pp. 213-220.
[42]   Z.-H. Chen and C.-W. Tsai, "An Effective Metaheuristic Algorithm for Intrusion Detection System," in 2018 IEEE International Conference on Smart Internet of Things (SmartIoT), 2018, pp. 154-159: IEEE.
[43]   O. C. Abikoye, T. O. Aro, R. O. Obisesan, and A. N. Babatunde, "Hybridized Intrusion Detection System Using Genetic and Tabu Search Algorithm," 2017.
[44]   A. J. Wilson and S. Giriprasad, "A Feature Selection Algorithm for Intrusion Detection System Based On New Meta-Heuristic Optimization," Journal of Soft Computing and Engineering Applications, vol. 1, no. 1, 2020.
Journal of Soft Computing and Information Technology
Volume 12, Issue 1 - Serial Number 39
Spring
May 2023
Pages 29-40

Files

Share

How to cite

Statistics