An Enhanced Associative Ant Colony Optimization Technique-based Intrusion Detection System

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 325)


There are several intrusion detection models that are presented till now as per my study. There are several approaches including data mining, neural network, naïve basis, etc., that are applied for finding the intrusions. But there is still a need for betterment in this direction. Our paper focuses on the limitation faced in the traditional approach. In this paper, we suggest a hybrid framework based on association rule mining (ARM) and ant colony optimization (ACO). Combining the properties of association and ant colony may provide better classification in comparison with the previous methodology. In our approach, we consider the dataset of NSL-KDD. It is a dataset that does not include redundant record, and test sets are reasonable which is mentioned in [1]. Then, we consider equal proportion of 10,000 dataset from the whole dataset. We first divide it into two parts based on normal establishment and termination. Then, we consider the normal dataset, and for finding the intrusions, we calculate the support value based on the matching factor. Then, we apply ACO technique to check the global optimum value. If the value crosses the limit value, then the node will be added into the final attack category. Finally, based on the attack category of denial of service (DoS), user to root (U2R), remote to user (R2L), and probing (Probe), we find the final classification. Our results support better classification in comparison with the previous techniques used in several research papers as per our study.


ARM ACO Dos U2R R2L Probe 


  1. 1.
    M. Tavallaee, E. Bagheri, W. Lu, A. Ghorbani, A detailed analysis of the KDD CUP 99 data set, in Submitted to Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) (2009)Google Scholar
  2. 2.
    R. Bane, N. Shivsharan, Network Intrusion Detection System (NIDS) (2008) pp. 1272–1277Google Scholar
  3. 3.
    M. Gudadhe, P. Prasad, K. Wankhade, A new data mining based network intrusion detection model. Comput. Commun. Technol. (ICCCT) 731, 735 (2010)Google Scholar
  4. 4.
    S.T. Brugger, Data mining methods for network intrusion detection (2004) pp. 1–65Google Scholar
  5. 5.
    W. Lee, S.J. Stolfo, Data mining approaches for intrusion detection, in Proceedings of the 1998 USENIX Security Symposium (1998)Google Scholar
  6. 6.
    W. Lee, S.J. Stolfo, Data mining approaches for intrusion detection, in Proceedings of the 7th USENIX Security Symposium (1998)Google Scholar
  7. 7.
    W. Lee, S.J. Stolfo, K.W. Mok, A data mining framework for building intrusion detection models, in Proceedings of the 1999 IEEE Symposium on Security and Privacy (1999) pp. 120–132Google Scholar
  8. 8.
    M. Panda, M. Patra, Ensemble rule based classifiers for detecting network intrusions (2009) pp. 19–22Google Scholar
  9. 9.
    Z. Yu, J. Chen, T.Q. Zhu, A novel adaptive intrusion detection system based on data mining (2005) pp. 2390–2395Google Scholar
  10. 10.
    Z. Mingqiang, H. Hui, W. Qian, A graph-based clustering algorithm for anomaly intrusion detection. Comput. Sci. Educ. (ICCSE) 2012(14–17), 1311–1314 (2012)Google Scholar
  11. 11.
    A.K. Dubey, S.K. Shandilya, A novel J2ME service for mining incremental patterns in mobile computing, in Information and Communication Technologies (Springer, Berlin, 2010) pp. 157–164Google Scholar
  12. 12.
    A.K. Dubey, V. Agarwal, Y. Khandagre, Knowledge discovery with a subset-superset approach for mining heterogeneous data with dynamic support, in CSI Sixth International Conference on Software Engineering (CONSEG) (2012), IEEE pp. 1–6Google Scholar
  13. 13.
    S. Goss, S. Aron, J.L. Deneubourg, J.M. Pasteels, Self-organized shortcuts in the Argentine Ant. Naturwissenschaften 76, 579–581 (1989)CrossRefGoogle Scholar
  14. 14.
    M. Dorigo, G. Di Caro, L.M. Gambardella, Ant algorithms for discrete optimization. Technical Report Tech. Rep. IRIDIA/98-10, IRIDIA (1998)Google Scholar
  15. 15.
    M. Dorigo, V. Maniezzo, A. Colorni, The ant systems: an autocatalytic optimizing process (1991)Google Scholar
  16. 16.
    G. Schaffrath, R. Sadre, C. Morariu, A. Pras, B. Stiller, An overview of IP flow-based intrusion detection. Commun. Surv. Tutorials IEEE (2010)Google Scholar
  17. 17.
    Z. Li, Y. Li, L. Xu, Anomaly intrusion detection method based on K-means clustering algorithm with particle swarm optimization, in International Conference of Information Technology, Computer Engineering and Management Sciences (2011)Google Scholar
  18. 18.
    Y.-H. Li, Design of intrusion detection model based on data mining technology, in International Conference on Industrial Control and Electronics Engineering (2012)Google Scholar
  19. 19.
    P. Prasenna, R. Krishna Kumar, A.V.T. Raghav Ramana, A. Devanbu, Network programming and mining classifier for intrusion detection using probability classification, in Pattern Recognition, Informatics and Medical Engineering (2012)Google Scholar
  20. 20.
    H. Li, Using a dynamic K-means algorithm to detect anomaly activities, in Seventh International Conference on Computational Intelligence and Security (2011)Google Scholar
  21. 21.
    Z. Muda, W. Yassin, M.N. Sulaiman, N.I. Udzir, Intrusion detection based on K-means clustering and Naïve Bayes classification, in 7th International Conference on IT in Asia (CITA) (2011)Google Scholar
  22. 22.
    A.S. Sadh, N. Shukla, Apriori and ant colony optimization of association rules. Int. J. Adv. Comput. Res. (IJACR) 3(10), 2 (2013)Google Scholar
  23. 23.
    O.A. Tarakanov, S.V. Kvachev, A.V. Sukhorukov, A formal immune network and its implementation for on-line intrusion detection. Lecture Notes in Computer Science, vol. 3685 (2005), pp. 394–405Google Scholar

Copyright information

© Springer India 2015

Authors and Affiliations

  1. 1.Department of Computer Science and Engineering TITBhopalIndia

Personalised recommendations