Skip to main content
SpringerLink
Log in

Intrusion Detection System Based on a Behavioral Approach

  • Chapter
  • First Online:
Bioinspired Heuristics for Optimization

Part of the book series: Studies in Computational Intelligence ((SCI,volume 774))

Abstract

Intrusion Detection System (IDS) can be defined as a group of tools, methods and resources that help us to predict or identify any unauthorized activity in a network. Current IDSs are mainly based on techniques constructed on heuristic rules, named signatures, in order to detect intrusions in a network environment. The drawbacks of these approach is that it could only detect a known attacks and referenced above. Contrastively, Intrusion Detection behavioral, or anomaly, assume that attacks causes an abnormal use of resources or manifest a strange behavior on the part of the user, by studying the behavior of the different types of network traffic it can identify the known and unknown attacks using the artificial learning algorithm. This study proposes a new behavioral approach of intrusion detection based on combination APSO (Accelerated Particle Swarm Optimization)-SVM (Support Vector Machine) to develop a model for IDS. The simulation results show a significant amelioration in performances, all tests were realized with the NSL-KDD data set. In comparison with other methods based on the same dataset, the proposed model shows a high detection performance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Report of the international telecommunications union (ITU). (2016). http://www.itu.int/en/ITU-D/Statistics/Pages/facts/default.aspx. Accessed 13 April 2017.

  2. Anderson, J. P. (1980). Computer security threat monitoring and surveillance. Technical report.

    Google Scholar 

  3. Denning, D. E. (1987). An intrusion-detection model. IEEE Transactions on Software - Engineering, 13(2), 222–232.

    Article  Google Scholar 

  4. Curry, D., & Debar, H. (2006). Intrusion detection message exchange format data model and extensible markup language (xml) document type definition. https://tools.ietf.org/html/draft-ietf-idwg-idmef-xml-16. Accessed 13 April 2017.

  5. Intrusion detection message exchange format (IDMEF). www.ietf.org/rfc/rfc4765.txt. Accessed 13 April 2017.

  6. Debar, I. H., Dacier, M., & Wespi, A. (2000). A revised taxonomy for intrusion-detection systems. Annales des Telecommunications., 55(7), 361–378.

    Google Scholar 

  7. Forrest, I. S., Hofmeyr, S. A., Somayaji, A., Longstaff, T. A. (1996). A sense of self for unix processes. In The 12th IEEE Symposium on Research in Security and Privacy (pp. 120–128).

    Google Scholar 

  8. Wespi, A., Dacier, M., & Debar, H. (2000). Intrusion detection using variable-length audit trail patterns. In The 3rd International Workshop on the Recent Advances in Intrusion Detection, (pp. 110–129).

    Google Scholar 

  9. Govindarajan, M., & Chandrasekaran, R. (2012). Intrusion detection using an ensemble of classification methods. World Congress on Engineering and Computer Science, 1, 1–6.

    Google Scholar 

  10. Pervez, M. S., Farid, D. M. (2014). Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In The 8th International Conference on Software, Knowledge, Information,Management and Applications (pp. 1–6).

    Google Scholar 

  11. Kanakarajan, N. K., Muniasamy, K. (2015). Improving the accuracy of intrusion detection using gar-forest with feature selection. In The 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) (pp. 539–547). Berlin: Springer.

    Google Scholar 

  12. Gaikwad, D., & ThoolR, C. (2015). Intrusion detection system using bagging with partial decision treebase classifier. Procedia Computer Science, 49, 92–98.

    Article  Google Scholar 

  13. Kevric, J., Jukic, S., & Subasi, A. (2016). An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Computing and Applications, 1–8. online available.

    Google Scholar 

  14. Aygun, R. C., Gokhan, A. Y. (2017), Network anomaly detection with stochastically improved autoencoder based models. In The IEEE 4th International Conference on Cyber Security and Cloud Computing (pp. 193–198).

    Google Scholar 

  15. Kennedy, J., Eberhart, R. C.(1995). Particle swarm optimization. In The 4th IEEE International Conference on Neural Networks (pp. 1942–1948).

    Google Scholar 

  16. Kennedy, J., Eberhart, R. C. (1997). A discrete binary version of the particle swarm algorithm. In The IEEE International Conference on Systems, Man, and Cybernetics (pp. 4104–4108). Orlando.

    Google Scholar 

  17. Yang, X. S. (2008). Nature-Inspired Metaheuristic Algorithms. Luniver Press.

    Google Scholar 

  18. Yang, X. S. (2010). Engineering Optimization: An Introduction with Metaheuristic Applications. Chichester: Wiley.

    Book  Google Scholar 

  19. Burges, C. (1998). A tutorial on support vector machines for pattern recognition. Data Mining and Knowledge Discovery, 2(2), 121–167.

    Article  Google Scholar 

  20. Vapnik, V., & Cortes, C. (1995). Support vector networks. Machine Learning, 20(3), 273–297.

    MATH  Google Scholar 

  21. Chang, C. (2005). Practical guide to support vector classification. Technical report. 10.1.1.224.4115.

    Google Scholar 

  22. Pardo, M., & Sberveglieri, G. (2005). Classification of electronic nose data with support vector machines. Sensors and Actuators B Chemical, 107, 730–737.

    Article  Google Scholar 

  23. Salzberg, S. L. (1997). On comparing classifiers: pitfalls to avoid and a recommended approach. Data Mining and Knowledge Discovery, 1, 317–327.

    Article  Google Scholar 

  24. Christopher, M. B. (2006). Pattern Recognition and Machine Learning (1st ed.). Berlin: Springer.

    MATH  Google Scholar 

  25. Data set KDD99. http://kdd.ics.uci.edu/databases/kddcup99. Accessed 15 August 2017.

  26. zgr, A., & Erdem, H. (2016). A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015. Peer J Preprints, 4, e1954.

    Google Scholar 

  27. Mahoney, M. V., & Chan, P. K. (2003). An analysis of the 1999 DARPA/Lincoln laboratory evaluation data for network anomaly detection. Proceedings of the Sixth International Symposium on Recent Advances in Intrusion Detection. Lecture Notes in Computer Science (pp. 220–237). Verlag: Springer.

    Google Scholar 

  28. Data set NSL-KDD99. http://www.unb.ca/cic/research/datasets/nsl.html. Accessed 15 August 2017.

  29. Hassan, M. (2013). Current studies on intrusion detection system, genetic algorithm and fuzzy logic. International Journal of Distributed and Parallel Systems, 4(2), 35–47.

    Article  Google Scholar 

  30. Eiben, A. E., & Smit, S. K. (2011). Evolutionary algorithm parameters and methods to tune them. In E. M. Y. Hamadi & F. Saubion (Eds.), Autonomous Search. Berlin: Springer.

    Google Scholar 

  31. Wong, K. Y., Komarudin. (2008). Parameter tuning for ant colony optimization: a review. In Proceedings of the International Conference on Computer and Communication Engineering (ICCCE08): Global Links for human development. Kuala Lumpa, Malaysia, 13–15 May.

    Google Scholar 

Download references

Acknowledgements

This work is supported in part by the High School of Technology, Moulay Ismail University Meknes, which has provided the calculation station where we have executed our experiences.

Author information

Authors and Affiliations

  1. Faculty of Sciences, Moulay Ismail University, Meknes, Morocco

    Mehdi Moukhafi

  2. MIN Group, Superior School of Technology: ESTM, Moulay Ismail University, Meknes, Morocco

    Seddik Bri

  3. Faculty of Sciences, Moulay Ismail University, Meknes, Morocco

    Khalid El Yassini

Authors
  1. Mehdi Moukhafi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seddik Bri
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Khalid El Yassini
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mehdi Moukhafi .

Editor information

Editors and Affiliations

  1. Parc Scientifique de la Haute Borne, INRIA Lille Nord Europe, Villeneuve-d’Ascq, France

    El-Ghazali Talbi

  2. Université Paris Est Laboratoire Images, Signaux et Systèmes Intelligents (LISSI), Vitry-sur-Seine, France

    Amir Nakib

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer International Publishing AG, part of Springer Nature

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Moukhafi, M., Bri, S., El Yassini, K. (2019). Intrusion Detection System Based on a Behavioral Approach. In: Talbi, EG., Nakib, A. (eds) Bioinspired Heuristics for Optimization. Studies in Computational Intelligence, vol 774. Springer, Cham. https://doi.org/10.1007/978-3-319-95104-1_4

Download citation

Publish with us

Policies and ethics

Search

Navigation