Anomaly-based intrusion detection system using multi-objective grey wolf optimisation algorithm

Abstract

The rapid development of information technology leads to increasing the number of devices connected to the Internet. Besides, the amount of network attacks also increased. Accordingly, there is an urgent demand to design a defence system proficient in discovering new kinds of attacks. One of the most effective protection systems is intrusion detection system (IDS). The IDS is an intelligent system that monitors and inspects the network packets to identify the abnormal behavior. In addition, the network packets comprise many attributes and there are many attributes that are irrelevant and repetitive which degrade the performance of the IDS system and overwhelm the system resources. A feature selection technique helps to reduce the computation time and complexity by selecting the optimum subset of features. In this paper, an enhanced anomaly-based IDS model based on multi-objective grey wolf optimisation (GWO) algorithm was proposed. The GWO algorithm was employed as a feature selection mechanism to identify the most relevant features from the dataset that contribute to high classification accuracy. Furthermore, support vector machine was used to estimate the capability of selected features in predicting the attacks accurately. Moreover, 20% of NSL–KDD dataset was used to demonstrate effectiveness of the proposed approach through different attack scenarios. The experimental result revealed that the proposed approach obtains classification accuracy of (93.64%, 91.01%, 57.72%, 53.7%) for DoS, Probe, R2L, and U2R attack respectively. Finally, the proposed approach was compared with other existing approaches and achieves significant result.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

References

  1. Acharya N, Singh S (2018) An IWD-based feature selection method for intrusion detection system. Soft Comput 22:4407–4416. https://doi.org/10.1007/s00500-017-2635-2

    Article  Google Scholar 

  2. Alamiedy TA, Anbar M, Al-Ani AK et al (2019) Review on feature selection algorithms for anomaly-based intrusion detection system. Adv Intell Syst Comput 843:605–619. https://doi.org/10.1007/978-3-319-99007-1_57

    Article  Google Scholar 

  3. Alomari O, Othman ZA (2012) Bees algorithm for feature selection in network anomaly detection β-Hill climbing for optimization problems view project feature selection on high-dimensional data view project. Artic J Appl Sci Res 8:1748–1756

    Google Scholar 

  4. Alzubi QM, Anbar M, Alqattan ZNM et al (2019) Intrusion detection system based on a modified binary grey wolf optimisation. Neural Comput Appl 1:1–13. https://doi.org/10.1007/s00521-019-04103-1

  5. Çavuşoğlu Ü (2019) A new hybrid approach for intrusion detection using machine learning methods. Appl Intell 49:2735–2761. https://doi.org/10.1007/s10489-018-01408-x

    Article  Google Scholar 

  6. Cortes C (1995) Support|[ndash]|vector networks. Mach Learn 20:273–297. https://doi.org/10.1023/A:1022627411411

    Article  MATH  Google Scholar 

  7. Dastanpour A, Ibrahim S, Mashinchi R (2014) Using genetic algorithm to supporting artificial neural network for intrusion detection system. J Commun Comput 11:1–13

    Google Scholar 

  8. Devi EMR, Suganthe RC (2017) Feature selection in intrusion detection grey wolf optimizer. Asian J Res Soc Sci Humanit 7:671. https://doi.org/10.5958/2249-7315.2017.00197.6

    Article  Google Scholar 

  9. Dhanabal L, Shantharajah DSP (2015) A Study On NSL–KDD dataset for intrusion detection system based on classification algorithms. Int J Adv Res Comput Commun Eng 4:446–452. https://doi.org/10.17148/IJARCCE.2015.4696

    Article  Google Scholar 

  10. Emary E, Zawbaa HM (2016) Impact of chaos functions on modern swarm optimizers. PLoS One 11:1–26. https://doi.org/10.1371/journal.pone.0158738

    Article  Google Scholar 

  11. Emary E, Zawbaa HM, Grosan C, Hassenian AE (2015) Feature subset selection approach by gray-wolf optimization. In: Afro-European Conference for Industrial Advancement. Springer, Cham, pp 1–13

  12. Emary E, Zawbaa HM, Hassanien AE (2016) Binary grey wolf optimization approaches for feature selection. Neurocomputing 172:371–381. https://doi.org/10.1016/j.neucom.2015.06.083

    Article  Google Scholar 

  13. Emary E, Zawbaa HM, Hassanien AE, Parv B (2017) Multi-objective retinal vessel localization using flower pollination search algorithm with pattern search. Adv Data Anal Classif 11:611–627. https://doi.org/10.1007/s11634-016-0257-7

    MathSciNet  Article  MATH  Google Scholar 

  14. Emary E, Zawbaa HM, Grosan C (2018) Experienced gray wolf optimization through reinforcement learning and neural networks. IEEE Trans Neural Networks Learn Syst 29:681–694. https://doi.org/10.1109/TNNLS.2016.2634548

    MathSciNet  Article  Google Scholar 

  15. Garg S, Kaur K, Kumar N et al (2019) A hybrid deep learning-based model for anomaly detection in cloud datacenter networks. IEEE Trans Netw Serv Manag 16:924–935. https://doi.org/10.1109/tnsm.2019.2927886

    Article  Google Scholar 

  16. Ghanem WAHM, Jantan A (2016) Novel multi-objective artificial bee colony optimization for wrapper based feature selection in intruction detectoin. Int J Adv Soft Comput its Appl 8:70–81

    Google Scholar 

  17. Gholipour Goodarzi B, Jazayeri H, Fateri S et al (2014) Intrusion detection system in computer network using hybrid algorithms (SVM and ABC). J Adv Comput Res 5:43–52

    Google Scholar 

  18. Gu Q, Li X, Jiang S (2019) Hybrid genetic grey wolf algorithm for large-scale global optimization. Complexity 2019:2653512. https://doi.org/10.1155/2019/2653512

  19. Kim DS, Nguyen H-N, Ohn S-Y, Park JS (2010) Fusions of GA and SVM for anomaly detection in intrusion detection system. In: International Symposium on Neural Networks. pp 415–420

  20. Kiran MS (2015) The continuous artificial bee colony algorithm for binary optimization. Appl Soft Comput J 33:15–23. https://doi.org/10.1016/j.asoc.2015.04.007

    Article  Google Scholar 

  21. Kumar S, Joshi RC (2011) Design and implementation of IDS using snort, entropy and alert ranking system. In: 2011—international conference on signal processing, communication, computing and networking technologies, ICSCCN-2011. pp 264–268

  22. Kumar V, Prakash Sangwan O (2012) Signature based intrusion detection system using SNORT. Int J Comput Appl Inf Technol I, Issue III 1:2278–7720

    Google Scholar 

  23. Kumari B, Swarnkar T (2011) Filter versus wrapper feature subset selection in large dimensionality microarray: a review. Int J Comput Sci Inf Technol 2:1048–1053

    Google Scholar 

  24. Liao HJ, Richard Lin CH, Lin YC, Tung KY (2013) Intrusion detection system: a comprehensive review. J Netw Comput Appl 36:16–24. https://doi.org/10.1016/j.jnca.2012.09.004

    Article  Google Scholar 

  25. Liu R, Rallo R, Cohen Y (2011) Unsupervised feature selection using incremental least squares. Int J Inf Technol Decis Mak 10:967–987. https://doi.org/10.1142/s0219622011004671

    Article  Google Scholar 

  26. Lotfi Shahreza M, Moazzami D, Moshiri B, Delavar MR (2011) Anomaly detection using a self-organizing map and particle swarm optimization. Sci Iran 18:1460–1468. https://doi.org/10.1016/j.scient.2011.08.025

    Article  Google Scholar 

  27. Lu C, Gao L, Li X, Xiao S (2017) A hybrid multi-objective grey wolf optimizer for dynamic scheduling in a real-world welding industry. Eng Appl Artif Intell 57:61–79

    Article  Google Scholar 

  28. Makhadmeh SN, Khader AT, Al-Betar MA, Naim S (2018) Multi-objective power scheduling problem in smart homes using grey wolf optimiser. J Ambient Intell Humaniz Comput. https://doi.org/10.1007/s12652-018-1085-8

    Article  Google Scholar 

  29. Mirjalili S (2014) Grey wolf optimizer MATLAB code. Adv Eng Softw 69:46–61

    Article  Google Scholar 

  30. Negandhi P, Trivedi Y, Mangrulkar R (2019) Intrusion detection system using random forest on the NSL–KDD dataset. Emerging research in computing. Information communication and applications. Springer, Berlin, pp 519–531

    Google Scholar 

  31. Özgür A, Erdem H (2017) The impact of using large training data set KDD99 on classification accuracy. PeerJ Prepr 5:e2838v1

    Google Scholar 

  32. Rani MS, Xavier SB (2015) A hybrid intrusion detection system based on C5. 0 decision tree and one-class SVM [J]. Int J Curr Eng Technol 5:2001–2007

    Google Scholar 

  33. Roopa Devi EM, Suganthe RC (2018) Enhanced transductive support vector machine classification with grey wolf optimizer cuckoo search optimization for intrusion detection system. Concurr Comput 1–11. https://doi.org/10.1002/cpe.4999

  34. Seth JK, Chandra S (2016) Intrusion detection based on key feature selection using binary GWO. In: 2016 3rd international conference on computing for sustainable global development (INDIACom). pp 3735–3740

  35. Shah B, Trivedi BH (2013) Data set normalization: for anomaly detection using back propagation neural network. In: IEEE-international conference on research and development prospectus on engineering and technology (ICRDPET)

  36. Shen J, Wang J (2011) Network intrusion detection by artificial immune system. In: IECON proceedings (industrial electronics conference). pp 4716–4720

  37. Srivastava D, Singh R, Singh V (2019a) An intelligent gray wolf optimizer: a nature inspired technique in intrusion detection system (IDS). J Adv Robot 6:18–24

    Google Scholar 

  38. Srivastava D, Singh R, Singh V et al (2019b) Analysis of different hybrid methods for intrusion detection system. 757–764

  39. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications. IEEE, pp 1–6

  40. Tribak H, Delgado-Márquez BL, Rojas P et al (2012) Statistical analysis of different artificial intelligent techniques applied to intrusion detection system. In: Proceedings of 2012 international conference on multimedia computing and systems, ICMCS 2012. pp 434–440

  41. Velliangiri S (2019) A hybrid BGWO with KPCA for intrusion detection. J Exp Theor Artif Intell 00:1–16. https://doi.org/10.1080/0952813x.2019.1647558

    Article  Google Scholar 

  42. Vithalpura JS, Diwanji HM (2015) Analysis of fitness function in designing genetic algorithm based intrusion detection system. J Sci Res Dev 3:86–92

    Google Scholar 

  43. Wolf L, Shashua A (2005) Feature selection for unsupervised and supervised inference: the emergence of sparsity in a weighted-based approach. J Mach Learn Res 6:378–384. https://doi.org/10.1109/iccv.2003.1238369

    Article  MATH  Google Scholar 

  44. Xingzhu W (2015) ACO and SVM selection feature weighting of network intrusion detection method. Int J Secur its Appl 9:259–270. https://doi.org/10.14257/ijsia.2015.9.4.24

    Article  Google Scholar 

  45. Xu H, Liu X, Su J (2017) An improved grey Wolf optimizer algorithm integrated with cuckoo search. In: Proceedings of the 2017 IEEE 9th international conference on intelligent data acquisition and advanced computing systems: technology and applications, IDAACS 2017. pp 490–493

  46. Zawbaa HM, Emary E, Grosan C, Snasel V (2018) Large-dimensionality small-instance set feature selection: a hybrid bio-inspired heuristic approach. Swarm Evol Comput 42:29–42. https://doi.org/10.1016/j.swevo.2018.02.021

    Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Mohammed Anbar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Alamiedy, T.A., Anbar, M., Alqattan, Z.N.M. et al. Anomaly-based intrusion detection system using multi-objective grey wolf optimisation algorithm. J Ambient Intell Human Comput 11, 3735–3756 (2020). https://doi.org/10.1007/s12652-019-01569-8

Download citation

Keywords

  • Intrusion detection system
  • Feature selection
  • Multi-objective optimisation
  • Swarm intelligence
  • Grey wolf algorithm
  • Support vector machine
  • Classification