Skip to main content
SpringerLink
Log in

A lightweight intelligent network intrusion detection system using OCSVM and Pigeon inspired optimizer

  • Published:
Applied Intelligence Aims and scope Submit manuscript

Abstract

Due to the widespread of Internet services, all around the world, service providers are facing a major problem defending their systems, especially from new breaches and attacks. Network Intrusion Detection System (NIDS) analyzes network packets and reports low-level security violations to system administrators. In large networks, these reports become unmanageable. Moreover, state-of-the-art systems suffer from high false alarms. A NIDS should be anomaly-based to have the ability to discover zero-day attacks. Most NIDSs proposed by researchers that were based on such techniques suffered from high false alarms. This paper introduces an intelligent lightweight IDS that has a low false alarm rate while maintaining a high detection rate. The proposed NIDS is a fusion between two main subsystems that work in parallel. Each subsystem is trained using One-Class Support Vector Machine (OCSVM). One of the systems is trained over normal packets, while the other is trained over attack packets. The results of both subsystems are combined to give a good judgment for each packet that passes through the network. The proposed NIDS has been evaluated and compared with state-of-the-art systems using three popular IDS datasets (KDDCUP-99, NSL-KDD, and UNSW-NB15) in terms of detection rate, accuracy, f-measure and false alarms. The results show that the proposed NIDS outperformed the examined IDSs proposed by the previous researches.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

References

  1. Abdiansah A, Wardoyo R (2015) Time complexity analysis of support vector machines (svm) in libsvm. Int J Comput Appl 128:28–34

    Google Scholar 

  2. Aggarwal A, Sahay T, Bansal A, Chandra M (2015) Grid search analysis of nu-svc for text-dependent speaker-identification. In: 2015 Annual IEEE india conference (INDICON). IEEE, pp 1–5

  3. Al-Azzam S, Sharieh A, Al-Sharaeh S, Azzam N (2020) A data estimation for failing nodes using fuzzy logic with integrated microcontroller in wireless sensor networks. Int J Electric Comput Eng (2088-8708) 10

  4. Al-Yaseen WL, Othman ZA, Nazri MZA (2017) Multi-level hybrid support vector machine and extreme learning machine based on modified k-means for intrusion detection system. Expert Syst Appl 67:296–303

    Article  Google Scholar 

  5. Alazzam H, Alsmady A, Shorman AA (2019) Supervised detection of iot botnet attacks. In: Proceedings of the second international conference on data science, E-Learning and information systems, pp 1–6

  6. Alazzam H, Sharieh A, Sabri KE (2020) A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Expert Syst Appl 148:113249

    Article  Google Scholar 

  7. Albdour L, Manaseer S, Sharieh A (2020) Iot crawler with behavior analyzer at fog layer for detecting malicious nodes. Int J Commun Netw Inform Secur 12:83–94

    Google Scholar 

  8. Amaral AA, de Souza Mendes L, Zarpelão BB, Junior MLP (2017) Deep ip flow inspection to detect beyond network anomalies. Comput Commun 98:80–96

    Article  Google Scholar 

  9. Aslahi-Shahri B, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A (2016) A hybrid method consisting of ga and svm for intrusion detection system. Neural comput Appl 27:1669–1676

    Article  Google Scholar 

  10. Bahrololum M, Salahi E, Khaleghi M (2009) Anomaly intrusion detection design using hybrid of unsupervised and supervised neural network. Int J Comput Netw Commun (IJCNC) 1:26–33

    Google Scholar 

  11. Benmessahel I, Xie K, Chellal M (2018) A new evolutionary neural networks based on intrusion detection systems using multiverse optimization. Appl Intell 48:2315–2327

    Article  Google Scholar 

  12. Benmessahel I, Xie K, Chellal M, Semong T (2019) A new evolutionary neural networks based on intrusion detection systems using locust swarm optimization. Evol Intel 12:131–146

    Article  Google Scholar 

  13. Boahen EK, Bouya-Moko BE, Wang C (2021) Network anomaly detection in a controlled environment based on an enhanced psogsarfc. Comput Secur 104:102225

    Article  Google Scholar 

  14. Callegari C, Giordano S, Pagano M, Pepe T (2011) Combining sketches and wavelet analysis for multi time-scale network anomaly detection. Comput Secur 30:692–704

    Article  Google Scholar 

  15. David J, Thomas C (2015) Ddos attack detection using fast entropy approach on flow-based network traffic. Procedia Comput Sci 50:30–36

    Article  Google Scholar 

  16. Farahnakian F (2018) Anomaly-based intrusion detection using deep neural networks. Int J Digit Content Technol Appl 12:70–18

    Google Scholar 

  17. Farahnakian F, Heikkonen J (2018) A deep auto-encoder based approach for intrusion detection system. In: 2018 20th international conference on advanced communication technology (ICACT). IEEE, pp 178–183

  18. Fourie C, Van Niekerk A, Mucina L (2011) Optimising a one-class svm for geographic object-based novelty detection. In: Proceedings of the first AfricaGeo conference, pp 1–25

  19. Gao W, Morris TH (2014) On cyber attacks and signature based intrusion detection for modbus based industrial control systems. J Digit Forens Secur Law 9:3

    Google Scholar 

  20. Ghafoori Z, Rajasegarar S, Erfani SM, Karunasekera S, Leckie CA (2016) Unsupervised parameter estimation for one-class support vector machines. In: Pacific-Asia conference on knowledge discovery and data mining. Springer, pp 183–195

  21. Ghanem WAH, Jantan A, Ghaleb SAA, Nasser AB (2020) An efficient intrusion detection model based on hybridization of artificial bee colony and dragonfly algorithms for training multilayer perceptrons, vol 8, pp 130452–130475

  22. Giacinto G, Perdisci R, Del Rio M, Roli F (2008) Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Inform Fusion 9:69–82

    Article  Google Scholar 

  23. Gu J, Lu S (2021) An effective intrusion detection approach using svm with naïve bayes feature embedding. Comput Secur 103:102158

    Article  Google Scholar 

  24. Hamamoto AH, Carvalho LF, Sampaio LDH, Abrão T., Proença ML Jr (2018) Network anomaly detection system using genetic algorithm and fuzzy logic. Expert Syst Appl 92:390–402

    Article  Google Scholar 

  25. Hamdi M, Boudriga N (2007) Detecting denial-of-service attacks using the wavelet transform. Comput Commun 30:3203–3213

    Article  Google Scholar 

  26. Helser S, Hwang MI (2021) Identity theft: a review of critical issues. Int J Cyber Res Educ (IJCRE) 3:65–77

    Article  Google Scholar 

  27. Holm H (2014) Signature based intrusion detection for zero-day attacks:(not) a closed chapter?. In: 2014 47th Hawaii international conference on system sciences. IEEE, pp 4895–4904

  28. Horng S-J, Su M-Y, Chen Y-H, Kao T-W, Chen R-J, Lai J-L, Perkasa CD (2011) A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert Syst Appl 38:306–313

    Article  Google Scholar 

  29. Karami A (2018) An anomaly-based intrusion detection system in presence of benign outliers with visualization capabilities. Expert Syst Appl 108:36–60

    Article  Google Scholar 

  30. Liao H-J, Lin C-HR, Lin Y-C, Tung K-Y (2013) Intrusion detection system: A comprehensive review. J Netw Comput Appl 36:16–24

    Article  Google Scholar 

  31. Likas A, Vlassis N, Verbeek JJ (2003) The global k-means clustering algorithm. Pattern Recognit 36:451–461

    Article  Google Scholar 

  32. Lin S-W, Ying K-C, Lee C-Y, Lee Z-J (2012) An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection. Appl Soft Comput 12:3285–3290

    Article  Google Scholar 

  33. Mantovani RG, Rossi AL, Vanschoren J, Bischl B, De Carvalho AC (2015) Effectiveness of random search in svm hyper-parameter tuning. In: 2015 international joint conference on neural networks (IJCNN). Ieee, pp 1–8

  34. Manzoor MA, Morgan Y (2017) Network intrusion detection system using apache storm. Probe 4107:4166

    Google Scholar 

  35. Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Shabtai A, Breitenbacher D, Elovici Y (2018) N-baiot—network-based detection of iot botnet attacks using deep autoencoders. IEEE Pervasive Comput 17:12–22

    Article  Google Scholar 

  36. Meng W, Li W, Kwok L-F (2015) Design of intelligent knn-based alarm filter using knowledge-based alert verification in intrusion detection. Secur Commun Netw 8:3883–3895

    Article  Google Scholar 

  37. Modi C, Patel D, Borisaniya B, Patel H, Patel A, Rajarajan M (2013) A survey of intrusion detection techniques in cloud. J Netw Comput Appl 36:42–57

    Article  Google Scholar 

  38. Moustafa N, Slay J (2015) Unsw-nb15: A comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 military communications and information systems conference (MilCIS). IEEE, pp 1–6

  39. Muniyandi AP, Rajeswari R, Rajaram R (2012) Network anomaly detection by cascading k-means clustering and c4. 5 decision tree algorithm. Procedia Eng 30:174–182

    Article  Google Scholar 

  40. Niaksu O (2015) Crisp data mining methodology extension for medical domain. Baltic J Modern Comput 3:92

    Google Scholar 

  41. Ozkan H, Ozkan F, Kozat SS (2015) Online anomaly detection under markov statistics with controllable type-i error. IEEE Trans Signal Process 64:1435–1445

    Article  MathSciNet  MATH  Google Scholar 

  42. Peddabachigari S, Abraham A, Grosan C, Thomas J (2007) Modeling intrusion detection system using hybrid intelligent systems. J Netw Comput Appl 30:114–132

    Article  Google Scholar 

  43. Pérez D, Alonso S, Morán A, Prada MA, Fuertes JJ, Domínguez M (2019) Comparison of network intrusion detection performance using feature representation. In: International conference on engineering applications of neural networks. Springer, pp 463–475

  44. Prasad R, Rohokale V (2020) Artificial intelligence and machine learning in cyber security. In: Cyber Security: The lifeline of information and communication technology. Springer, pp 231–247

  45. Qatawneh M, Almobaideen W, AbuAlghanam O (2020) Challenges of blockchain technology in context internet of things: A survey. Int J Comput Appl 975:8887

    Google Scholar 

  46. Faris H, Castillo P, Merelo Guervós J, Al-Madi N (2018) The influence of input data standardization methods on the prediction accuracy of genetic programming generated classifiers. In: The 10th international joint conference on computational intelligence. https://doi.org/10.5220/0006959000790085, pp 79–85

  47. Rahm E, Do HH (2000) Data cleaning: Problems and current approaches. IEEE Data Eng Bull 23:3–13

    Google Scholar 

  48. Rajakumari SB, Nalini C (2014) An efficient data mining dataset preparation using aggregation in relational database. Indian J Sci Technol 7:44

    Article  Google Scholar 

  49. Ravale U, Marathe N, Padiya P (2015) Feature selection based hybrid anomaly intrusion detection system using k means and rbf kernel function. Procedia Comput Sci 45:428–435

    Article  Google Scholar 

  50. Ren J, Guo J, Qian W, Yuan H, Hao X, Jingjing H (2019) Building an effective intrusion detection system by using hybrid data optimization based on machine learning algorithms. Secur Commun Netw

  51. Revathi S, Malathi A (2013) A detailed analysis on nsl-kdd dataset using various machine learning techniques for intrusion detection. Int J Eng Res Technol (IJERT) 2:1848–1853

    Google Scholar 

  52. Roesch M et al (1999) Snort: Lightweight intrusion detection for networks. In: Lisa, vol 99, pp 229–238

  53. Sanjaya SKSSS, Jena K (2014) A detail analysis on intrusion detection datasets. In: 2014 IEEE International Advance Computing Conference (IACC)

  54. Scott SL (2004) A bayesian paradigm for designing intrusion detection systems. Comput Stat Data Anal 45:69–83

    Article  MathSciNet  MATH  Google Scholar 

  55. Shewale VR, Patil HD (2016) Performance evaluation of attack detection algorithms using improved hybrid ids with online captured data. Int J Comput Appl

  56. Siddique K, Akhtar Z, Khan MA, Jung Y-H, Kim Y (2018) Developing an intrusion detection framework for high-speed big data networks: a comprehensive approach. KSII Trans Int Inform Syst 12

  57. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the kdd cup 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications. IEEE, pp 1–6

  58. Thakral A, Rakesh N, Gupta A (2012) Area prone to cyber attacks. CSI Communications

  59. Truong TC, Zelinka I, Plucar J, Čandík M, Šulc V (2020) Artificial intelligence and cybersecurity: Past, presence, and future. In: Artificial intelligence and evolutionary computations in engineering systems. Springer, pp 351–363

  60. Van Der Maaten L, Postma E, Van den Herik J (2009) Dimensionality reduction: a comparative. J Mach Learn Res 10:13

    Google Scholar 

  61. Von Solms R, Van Niekerk J (2013) From information security to cyber security. Comput Secur 38:97–102

    Article  Google Scholar 

  62. Wang G, Hao J, Ma J, Huang L (2010) A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Exp Syst Appl 37:6225–6232

    Article  Google Scholar 

  63. Wu W-J, Lin S-W, Moon WK (2012) Combining support vector machine with genetic algorithm to classify ultrasound breast tumor images. Comput Med Imaging Graph 36:627– 633

    Article  Google Scholar 

  64. Yao R, Wang N, Liu Z, Chen P, Sheng X (2021) Intrusion detection system in the advanced metering infrastructure: a cross-layer feature-fusion cnn-lstm-based approach. Sensors 21:626

    Article  Google Scholar 

  65. Zhang Y, Lee W, Huang Y-A (2003) Intrusion detection techniques for mobile wireless networks. Wirel Netw 9:545– 556

    Article  Google Scholar 

  66. Zong B, Song Q, Min MR, Cheng W, Lumezanu C, Cho D, Chen H (2018) Deep autoencoding gaussian mixture model for unsupervised anomaly detection. In: ICLR

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, The University of Jordan, Amman, Jordan

    Hadeel Alazzam, Ahmad Sharieh & Khair Eddin Sabri

Authors
  1. Hadeel Alazzam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ahmad Sharieh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Khair Eddin Sabri
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hadeel Alazzam.

Additional information

Publisher’s note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Alazzam, H., Sharieh, A. & Sabri, K.E. A lightweight intelligent network intrusion detection system using OCSVM and Pigeon inspired optimizer. Appl Intell 52, 3527–3544 (2022). https://doi.org/10.1007/s10489-021-02621-x

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10489-021-02621-x

Keywords

Search

Navigation