Abstract
In this research paper, we propose a two-stage hybrid approach that uses machine learning techniques and meta-heuristic algorithms. The first step, known as data preparation, involves converting string values to numeric format and subsequently normalizing the data. To increase the performance beyond the limitations of traditional methods, we use population-based meta-heuristic algorithms, namely Atom Search Optimization (ASO) and Equilibrium Optimization (EO), for feature selection, aiming to achieve global optimization. The second step, called attack detection, focuses on distinguishing normal traffic from malicious traffic. To improve the performance of this step, we use K-means clustering and firefly algorithm (FA). In addition, an elitism method is randomly integrated. The resulting approach is called ASO-EO-FA-K-means. We evaluate the performance of our proposed method using two datasets, namely NSL-KDD, UNSW_NB15, and KDD_CUP99. To establish a benchmark, we compare our method with other approaches including Particles Swarm Optimization (PSO), Genetic, Grey Wolf Optimization (GWO), Ant colony optimization (ACO), Harris Hawk Optimization (HHO), NSGA-2, Multi-objective PSO, Multi-objective GWO, learning vector quantization (LVQ), XGBoost, particle swarm optimization based on C4.5 (PSO-C4.5) and genetic algorithm based on multilayer perceptron (GA-MLP)) we compare. The evaluation results show that the proposed method achieves the highest accuracy and the lowest error rate in three datasets NSL-KDD and UNSW_NB15 KDD-CUP99 with accuracy values of 0.998, 0.995 and 0.995, respectively. In addition, our method shows superior efficiency in terms of computation time. In general, our research shows the effectiveness of the ASO-EO-FA-K-means method in intrusion detection and provides better accuracy and efficiency compared to alternative approaches. In all three data sets, the results have shown that NSL-KDD data set with MSE 0.012, accuracy value 0.998 has obtained better results than other data sets.
Similar content being viewed by others
Data availability
The datasets analyzed during the current study are available in the https://research.unsw.edu.au/projects/unsw-nb15-dataset, https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. For the academic/public use of this datasets, the authors have to cities original papers.
References
Du, D., Zhu, M., Li, X., Fei, M., Bu, S., Wu, L., Li, K.: A review on cybersecurity analysis, attack detection, and attack defense methods in cyber-physical power systems. J. Modern Power Syst. Clean Energy 11, 727–743 (2022)
Duo, W., Zhou, M., Abusorrah, A.: A survey of cyber attacks on cyber physical systems: recent advances and challenges. IEEE/CAA J. Automatica Sinica 9(5), 784–800 (2022)
Yusof, N. N. M., Sulaiman, N. S.: Cyber attack detection dataset: a review. In: J. Phys. Conf. Ser. 2319(1), 012029 (2022)
Miao, Y., Chen, C., Pan, L., Han, Q.-L., Zhang, J., Xiang, Y.: Machine learning–based cyber attacks targeting on controlled information: a survey. ACM Comput. Surv. (CSUR) 54(7), 1–36 (2021)
Martínez Torres, J., Iglesias Comesaña, C., García-Nieto, P.J.: Machine learning techniques applied to cybersecurity. Int. J. Mach. Learn. Cybern. 10, 2823–2836 (2019)
Houssein, E.H., Gad, A.G., Wazery, Y.M., Suganthan, P.N.: Task scheduling in cloud computing based on meta-heuristics: review, taxonomy, open challenges, and future trends. Swarm Evol. Comput. 62, 100841 (2021)
Erwin, K., Engelbrecht, A.: Meta-heuristics for portfolio optimization. Soft. Comput. 27, 1–29 (2023)
Heidari, A., Jabraeil Jamali, M.A.: Internet of Things intrusion detection systems: a comprehensive review and future directions. Cluster Comput. 26(6), 3753–3780 (2023)
Reddy, D. K. K., Nayak, J., Behera, H., Shanmuganathan, V., Viriyasitavat, W., Dhiman, G.: A systematic literature review on swarm intelligence based intrusion detection system: past, present and future. Arch. Comput. Methods Eng. 31, 1–68 (2024)
Bouaouda, A., Sayouti, Y.: Hybrid meta-heuristic algorithms for optimal sizing of hybrid renewable energy system: a review of the state-of-the-art. Arch. Comput. Methods Eng. 29(6), 4049–4083 (2022)
Singh, S., Srivastava, S.: Optimizing kernel possibilistic fuzzy C-means clustering using metaheuristic algorithms. Evol. Syst. 14, 1–20 (2023)
Too, J., Abdullah, A.R.: Chaotic atom search optimization for feature selection. Arab. J. Sci. Eng. 45(8), 6063–6079 (2020)
Barshandeh, S., Haghzadeh, M.: A new hybrid chaotic atom search optimization based on tree-seed algorithm and Levy flight for solving optimization problems. Engineering with Computers 37(4), 3079–3122 (2021)
Faramarzi, A., Heidarinejad, M., Stephens, B., Mirjalili, S.: Equilibrium optimizer: a novel optimization algorithm. Knowl.-Based Syst. 191, 105190 (2020)
Rai, R., Dhal, K.G.: Recent developments in equilibrium optimizer algorithm: its variants and applications. Arch. Comput. Methods Eng. 30, 1–54 (2023)
Nayak, J., Swapnarekha, H., Naik, B., Dhiman, G., Vimal, S.: 25 years of particle swarm optimization: flourishing voyage of two decades. Arch. Comput. Methods Eng. 30(3), 1663–1725 (2023)
Sohail, A.: Genetic algorithms in the fields of artificial intelligence and data sciences. Ann. Data Sci. 10(4), 1007–1018 (2023)
Liu, Y., Asarry, A., Hassan, M.K., Hairuddin, A.A., Mohamad, H.: Review of the grey wolf optimization algorithm: variants and applications. Neural Comput. Appl. 36(6), 2713–2735 (2024)
Hashemi, A., Dowlatshahi, M.: Exploring ant colony optimization for feature selection: a comprehensive review. Appl. Ant Colony Optim. its Variants: Case Stud. New Develop. 26, 45–60 (2024)
Alabool, H.M., Alarabiat, D., Abualigah, L., Heidari, A.A.: Harris hawks optimization: a comprehensive review of recent variants and applications. Neural Comput. Appl. 33, 8939–8980 (2021)
Zeng, Q., Wang, K., Lu, S., Lu, C., Wang, Z., Zhou, T.: Evolution of the microstructure and multi-objective optimization of the tensile properties of GH3625 superalloy by selective laser melting. J. Mater. Res. Technol. 24 (2023)
Feng, Q., Li, Q., Quan, W., Pei, X.M.: Overview of multiobjective particle swarm optimization algorithm. Chin. J. Eng. 43(6), 745–753 (2021)
Makhadmeh, S.N., Alomari, O.A., Mirjalili, S., Al-Betar, M.A., Elnagar, A.: Recent advances in multi-objective grey wolf optimizer, its versions and applications. Neural Comput. Appl. 34(22), 19723–19749 (2022)
Al-Yaseen, W. L., Jehad, A., Abed, Q. A., Idrees, A. K.: The use of modified k-means algorithm to enhance the performance of support vector machine in classifying breast cancer. Int. J. Intell. Eng. Syst. 14(2), 190–200 (2021)
Kumar, V., Kumar, D.: A systematic review on firefly algorithm: past, present, and future. Arch. Comput. Methods Eng. 28, 3269–3291 (2021)
Hassan, B.A.: CSCF: a chaotic sine cosine firefly algorithm for practical application problems. Neural Comput. Appl. 33(12), 7011–7030 (2021)
Van Veen, R., Biehl, M., De Vries, G.-J.: sklvq: scikit learning vector quantization. J. Mach. Learn. Res. 22(1), 10499–10504 (2021)
Qiu, Y., Zhou, J., Khandelwal, M., Yang, H., Yang, P., Li, C.: Performance evaluation of hybrid WOA-XGBoost, GWO-XGBoost and BO-XGBoost models to predict blast-induced ground vibration. Eng. Comput. 38, 1–18 (2021)
Chen, K.H., Wang, K.J., Wang, K.M., Angelia, M.A.: Applying particle swarm optimization-based decision tree classifier for cancer classification on gene expression data. Appl. Soft Comput. 24, 773–780 (2014)
luaffjk. "ga-mlp.py." https://github.com/luaffjk/ga-mlp/blob/master/ga-mlp.py. Accessed 2020
Alzaqebah, A., Aljarah, I., Al-Kadi, O.: A hierarchical intrusion detection system based on extreme learning machine and nature-inspired optimization. Comput. Secur. 124, 102957 (2023)
Hu, Z., Liu, S., Luo, W., Wu, L.: Intrusion-detector-dependent distributed economic model predictive control for load frequency regulation with PEVs under cyber attacks. IEEE Trans. Circuits Syst. I Regul. Pap. 68(9), 3857–3868 (2021)
de Araujo-Filho, P.F., Kaddoum, G., Campelo, D.R., Santos, A.G., Macêdo, D., Zanchettin, C.: Intrusion detection for cyber–physical systems using generative adversarial networks in fog environment. IEEE Internet Things J. 8(8), 6247–6256 (2020)
Sun, C.C., Cardenas, D.J.S., Hahn, A., Liu, C.-C.: Intrusion detection for cybersecurity of smart meters. IEEE Transactions on Smart Grid 12(1), 612–622 (2020)
Gupta, A., Kalra, M.: "Intrusion detection and prevention system using cuckoo search algorithm with ANN in cloud computing." In: 2020 Sixth international conference on parallel, distributed and grid computing (PDGC), 2020: IEEE, pp. 66–72
Moghanian, S., Saravi, F.B., Javidi, G., Sheybani, E.O.: GOAMLP: Network intrusion detection with multilayer perceptron and grasshopper optimization algorithm. IEEE Access 8, 215202–215213 (2020)
Balasubramaniam, S., Vijesh Joe, C., Sivakumar, T. A., Prasanth, A., Satheesh Kumar, K., Kavitha, V., Rajesh Kumar Dhanaraj.: Optimization enabled deep learning-based DDoS attack detection in cloud computing. Int. J. Intell. Syst. 2023, 1–16 (2023)
Fatani, A., Elaziz, M.A., Dahou, A., Al-Qaness, M.A., Lu, S.: IoT intrusion detection system using deep learning and enhanced transient search optimization. IEEE Access 9, 123448–123464 (2021)
Ramaiah, M., Chandrasekaran, V., Ravi, V., Kumar, N.: An intrusion detection system using optimized deep neural network architecture. Trans. Emerg. Telecommun. Technol. 32(4), e4221 (2021)
Mohammadi, S., Mirvaziri, H., Ghazizadeh-Ahsaee, M., Karimipour, H.: Cyber intrusion detection by combined feature selection algorithm. J. Inform. Secur. Appl. 44, 80–88 (2019)
Nguyen, X.-H., Le, K.-H.: Robust detection of unknown DoS/DDoS attacks in IoT networks using a hybrid learning model. Internet Things 23, 100851 (2023)
Sokkalingam, S., Ramakrishnan, R.: An intelligent intrusion detection system for distributed denial of service attacks: a support vector machine with hybrid optimization algorithm based approach. Concurr. Comput.: Pract. Exp. 34(27), e7334 (2022)
Qiu, W., Ma, Y., Chen, X., Yu, H., Chen, L.: Hybrid intrusion detection system based on Dempster-Shafer evidence theory. Comput. Secur. 117, 102709 (2022)
Pudjihartono, N., Fadason, T., Kempa-Liehr, A.W., O’Sullivan, J.M.: A review of feature selection methods for machine learning-based disease risk prediction. Frontiers in Bioinformatics 2, 927312 (2022)
Dhal, P., Azad, C.: A lightweight filter based feature selection approach for multi-label text classification. J. Ambient. Intell. Humaniz. Comput. 14(9), 12345–12357 (2023)
Maldonado, J., Riff, M.C., Neveu, B.: A review of recent approaches on wrapper feature selection for intrusion detection. Expert Syst. Appl. 198, 116822 (2022)
Chen, C.W., Tsai, Y.H., Chang, F.R., Lin, W.C.: Ensemble feature selection in medical datasets: combining filter, wrapper, and embedded feature selection results. Expert. Syst. 37(5), e12553 (2020)
Dhal, P., Azad, C.: Hybrid momentum accelerated bat algorithm with GWO based optimization approach for spam classification. Multimedia Tools Appl. 83, 1–41 (2023)
Dhal, P., Azad, C.: A fine-tuning deep learning with multi-objective-based feature selection approach for the classification of text. Neural Comput. Appl. 36(7), 3525–3553 (2024)
https://www.kaggle.com/datasets/hassan06/nslkdd. Accessed 2024
https://research.unsw.edu.au/projects/unsw-nb15-dataset. Accessed 2020
https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 2022
Luque, A., Carrasco, A., Martín, A., Heras, A.L.: The impact of class imbalance in classification performance metrics based on the binary confusion matrix. Pattern Recogn. 91, 216–231 (2019)
Bhattacharjee, P.S., Fujail, A.K.M., Begum, S.A.: Intrusion detection system for NSL-KDD data set using vectorised fitness function in genetic algorithm. Adv. Comput. Sci. Technol 10(2), 235–246 (2017)
Kumar, V., Sinha, D., Das, A.K., Pandey, S.C., Tamal Goswami, R.: An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset. Cluster Comput. 23, 1397–1418 (2020)
Kumar, S., Gupta, S., Arora, S.: A comparative simulation of normalization methods for machine learning-based intrusion detection systems using KDD Cup’99 dataset. J. Intell. Fuzzy Syst. 42(3), 1749–1766 (2022)
Liu, F., Deng, Y.: Determine the number of unknown targets in open world based on elbow method. IEEE Trans. Fuzzy Syst. 29(5), 986–995 (2020)
Funding
This research received no external funding.
Author information
Authors and Affiliations
Contributions
Conceptualization, M. mazalahi; methodology, S.Hosseini.; software, M. mazalahi; validation, S.Hosseini and M. mazalahi; formal analysis, S.Hosseini and M. mazalahi; investigation, S.Hosseini; resources, M. mazalahi; data curation, S.Hosseini.; writing—original draft preparation, M. mazalahi; writing—review and editing, S.Hosseini.; visualization, M. mazalahi.; supervision, S.Hosseini.; project administration, S.Hosseini.
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethics approval and consent to participate
This article does not contain any studies with human participants performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Maazalahi, M., Hosseini, S. K-means and meta-heuristic algorithms for intrusion detection systems. Cluster Comput (2024). https://doi.org/10.1007/s10586-024-04510-7
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10586-024-04510-7