A Modified Grey Wolf Optimization Algorithm for an Intrusion Detection System
Abstract
:1. Introduction
- Improving the quality of the initial population of the meta-heuristic GWO algorithm by including the most relevant features in the initialization phase as evaluated by the IG. Accordingly, a hybrid approach of filter-based and wrapper-based techniques was implemented. An initial guided population speeds up the algorithm’s convergence by obtaining the best fitness solutions in early iterations;
- Speeding up the optimization process using the ELM as a base classifier. As mentioned, the ELM is considered a very fast Single-Layer Feed-forward Neural network (SLFN);
- Enhancing the efficacy of the IDS to distinguish and detect the generic attack in the UNSW-NB15 dataset with the most relevant features.
2. Related Works
Publication | Dataset | Algorithm | Classifier | Technique |
---|---|---|---|---|
[32] | KDDCUPP99, NSL-KDD, UNSW-NB15 | PIO | DT | Single |
[33] | KDDCUP99 | IWD | SVM | Single |
[34] | NSL-KDD | MBGWO | SVM | Single |
[35] | NSL-KDD | Multi-objective GWO | SVM | Single |
[36] | NSL-KDD | GA+SVM | ANN-HGS | Hybrid |
[37] | NSL-KDD, ADFA | - | C5.0 + OC-SVM | Hybrid |
[38] | NSL-KDD | PSO + correlation-based | C4.5 + RF + CART | Ensemble |
[39] | UNSW-NB15 | PSO, MVO, GWO, MFO, WOA, FFA, BAT | SVM + C4.5 + RF | Ensemble + hybrid |
[40] | UNSW-NB15 | PSO, GWO, FFA, and GA with MI | SVM + J48 | Ensemble |
3. Intrusion Detection System Based on the MGWO
- The first part represents the injected ratio of the population (25%, 50%, 75%, and 100%) from the proposed modified technique. A feature with a high IG value means it is significant for classifying the instance. Here, and by using the following equation, the proposed technique ensures that features with high IG values will be included in the initial population. The injected population is initialized based on the IG values, as follows:
- The second part represents the rest of the population (1 − injection ratio), which is initialized randomly, as shown in the following equation.
4. Experimental Results and Discussion
4.1. Dataset Description and Data Preparation
- Feature removal: Some features in the original dataset should be removed since they do not have a relationship with the detection process. These features were: source IP address (srcip), source port number (sport), destination IP address (dstip), destination port number (dsport), record Start time (Stime), and record end time (Ltime) [32]. These features represent static data, such as the source IP and the port number, which can vary from site to site, and this variation is not determinant of whether the traffic has an attack or not. Additionally, the attacks can occur at any time instead of the start and end time. For that, these attributes cannot be considered as features for the traffic, which was eliminated by the work of [32,57];
- Data encoding: This was implemented by converting the symbolic data into numerical representations, such as the state, protocol, and service type, having a string value that is critical to encode into numerical values to fit with the classifier;
- For data normalization, the min–max approach was used to scale the data in the range of [0, 1]
4.2. Evaluation Metrics
- Classification accuracy: This is the total accuracy of the IDS in classifying attacks and is calculated as:
- False Positive Rate (FPR): The proportion of normal traffic that is identified as an attack was measured, which is calculated as:
- False Negative Rate (FNR): This is the proportion of anomalies that is identified as normal. The FNR is calculated as:
- Crossover Error Rate (CER): This is the difference between the FNR and the FPR, which is calculated as:
- Precision (P): This is the percentage of total TP instances divided by the total number of TP and FP instances:
- Recall (R): This is the the percentage of total instances that are correctly classified, TPs, divided by the total true positive and False Negative (FN) instances:
- F1-score (F-measure): The FM is the mean of the precision and recall, which is calculated as:
- G-Mean: Sensitivity and specificity can be combined into a single score that balances both. The G-Mean is calculated as follows:
4.3. Experimental and Parameter Settings
4.4. Classification
5. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Dixit, P.; Kohli, R.; Acevedo-Duque, A.; Gonzalez-Diaz, R.R.; Jhaveri, R.H. Comparing and Analyzing Applications of Intelligent Techniques in Cyberattack Detection. Secur. Commun. Netw. 2021, 2021, 5561816. [Google Scholar] [CrossRef]
- Azeez, N.A.; Salaudeen, B.B.; Misra, S.; Damaševičius, R.; Maskeliūnas, R. Identifying phishing attacks in communication networks using URL consistency features. Int. J. Electron. Secur. Digit. Forensics 2020, 12, 200–213. [Google Scholar] [CrossRef]
- Rotimi, O.J.; Misra, S.; Agrawal, A.; Azubuike, E.; Maskeliunas, R.; Damasevicius, R. Curbing Criminal Acts on Mobile Phone Network. In Cyber Security and Digital Forensics; Springer: Berlin/Heidelberg, Germany, 2022; pp. 99–111. [Google Scholar]
- Damaševičius, R.; Toldinas, J.; Venčkauskas, A.; Grigaliūnas, Š.; Morkevičius, N.; Jukavičius, V. Visual analytics for cyber security domain: State-of-the-art and challenges. In International Conference on Information and Software Technologies; Springer: Berlin/Heidelberg, Germany, 2019; pp. 256–270. [Google Scholar]
- Damasevicius, R.; Toldinas, J.; Venckauskas, A.; Grigaliunas, S.; Morkevicius, N. Technical Threat Intelligence Analytics: What and How to Visualize for Analytic Process. In Proceedings of the 2020 24th International Conference Electronics, Palanga, Lithuania, 15–17 June 2020; pp. 1–4. [Google Scholar]
- Odusami, M.; Abayomi-Alli, O.; Misra, S.; Shobayo, O.; Damasevicius, R.; Maskeliunas, R. Android malware detection: A survey. In Proceedings of the International Conference on Applied Informatics, Bogotá, Colombia, 1–3 November 2018; Springer: Berlin/Heidelberg, Germany, 2018; pp. 255–266. [Google Scholar]
- Subairu, S.O.; Alhassan, J.; Misra, S.; Abayomi-Alli, O.; Ahuja, R.; Damasevicius, R.; Maskeliunas, R. An experimental approach to unravel effects of malware on system network interface. In Advances in Data Sciences, Security and Applications; Springer: Berlin/Heidelberg, Germany, 2020; pp. 225–235. [Google Scholar]
- Rudd, E.M.; Rozsa, A.; Günther, M.; Boult, T.E. A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions. IEEE Commun. Surv. Tutor. 2017, 19, 1145–1172. [Google Scholar] [CrossRef]
- Cascavilla, G.; Tamburri, D.A.; Van Den Heuvel, W. Cybercrime threat intelligence: A systematic multi-vocal literature review. Comput. Secur. 2021, 105, 102258. [Google Scholar] [CrossRef]
- Grigaliunas, S.; Toldinas, J.; Venckauskas, A.; Morkevicius, N.; Damaševičius, R. Digital evidence object model for situation awareness and decision making in digital forensics investigation. IEEE Intell. Syst. 2020, 36, 39–48. [Google Scholar] [CrossRef]
- Moustafa, N.; Creech, G.; Slay, J. Big data analytics for intrusion detection system: Statistical decision-making using finite dirichlet mixture models. In Data Analytics and Decision Support for Cybersecurity; Springer: Berlin/Heidelberg, Germany, 2017; pp. 127–156. [Google Scholar]
- Zhou, Y.; Cheng, G.; Jiang, S.; Dai, M. Building an efficient intrusion detection system based on feature selection and ensemble classifier. Comput. Netw. 2020, 174, 107247. [Google Scholar] [CrossRef] [Green Version]
- Scarfone, K.; Mell, P. Guide to intrusion detection and prevention systems (idps). NIST Spec. Publ. 2007, 800, 94. [Google Scholar]
- Odusami, M.; Misra, S.; Adetiba, E.; Abayomi-Alli, O.; Damasevicius, R.; Ahuja, R. An improved model for alleviating layer seven distributed denial of service intrusion on webserver. J. Phys. Conf. Ser. 2019, 1235, 012020. [Google Scholar] [CrossRef]
- Alkadi, O.; Moustafa, N.; Turnbull, B. A review of intrusion detection and blockchain applications in the cloud: Approaches, challenges and solutions. IEEE Access 2020, 8, 104893–104917. [Google Scholar] [CrossRef]
- Zaman, S.; Karray, F. Features selection for intrusion detection systems based on support vector machines. In Proceedings of the 2009 6th IEEE Consumer Communications and Networking Conference, Las Vegas, NV, USA, 10–13 January 2009; pp. 1–8. [Google Scholar]
- Mnasri, S.; Bossche, A.V.D.; Nasri, N.; Val, T. The 3D redeployment of nodes in Wireless Sensor Networks with real testbed prototyping. In Proceedings of the International Conference on Ad-Hoc Networks and Wireless, Messina, Italy, 20–22 September 2017; Springer: Berlin/Heidelberg, Germany, 2017; pp. 18–24. [Google Scholar]
- Mnasri, S.; Nasri, N.; van den Bossche, A.; Thierry, V. 3D indoor redeployment in IoT collection networks: A real prototyping using a hybrid PI-NSGA-III-VF. In Proceedings of the 2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC), Limassol, Cyprus, 25–29 June 2018; pp. 780–785. [Google Scholar]
- Liu, H.; Motoda, H. Feature Selection for Knowledge Discovery and Data Mining; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2012; Volume 454. [Google Scholar]
- Tang, X.; Dai, Y.; Xiang, Y. Feature selection based on feature interactions with application to text categorization. Expert Syst. Appl. 2019, 120, 207–216. [Google Scholar] [CrossRef]
- Glover, F.W.; Kochenberger, G.A. Handbook of Metaheuristics; Springer Science & Business Media: Berlin/Heidelberg, Germany, 2006; Volume 57. [Google Scholar]
- Talbi, E.G. Metaheuristics: From Design to Implementation; John Wiley & Sons: Hoboken, NJ, USA, 2009; Volume 74. [Google Scholar]
- Tubishat, M.; Ja’afar, S.; Alswaitti, M.; Mirjalili, S.; Idris, N.; Ismail, M.A.; Omar, M.S. Dynamic salp swarm algorithm for feature selection. Expert Syst. Appl. 2021, 164, 113873. [Google Scholar] [CrossRef]
- Azeez, N.A.; Ayemobola, T.J.; Misra, S.; Maskeliūnas, R.; Damaševičius, R. Network intrusion detection with a hashing based apriori algorithm using Hadoop MapReduce. Computers 2019, 8, 86. [Google Scholar] [CrossRef] [Green Version]
- Damasevicius, R.; Venckauskas, A.; Grigaliunas, S.; Toldinas, J.; Morkevicius, N.; Aleliunas, T.; Smuikys, P. LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics 2020, 9, 800. [Google Scholar] [CrossRef]
- Li, G.; Sharma, P.; Pan, L.; Rajasegarar, S.; Karmakar, C.; Patterson, N. Deep learning algorithms for cyber security applications: A survey. J. Comput. Secur. 2021, 29, 447–471. [Google Scholar] [CrossRef]
- Wozniak, M.; Silka, J.; Wieczorek, M.; Alrashoud, M. Recurrent Neural Network Model for IoT and Networking Malware Threat Detection. IEEE Trans. Ind. Inform. 2021, 17, 5583–5594. [Google Scholar] [CrossRef]
- Toldinas, J.; Venčkauskas, A.; Damaševičius, R.; Grigaliūnas, Š.; Morkevičius, N.; Baranauskas, E. A novel approach for network intrusion detection using multistage deep learning image recognition. Electronics 2021, 10, 1854. [Google Scholar] [CrossRef]
- Alharbi, A.; Alosaimi, W.; Alyami, H.; Rauf, H.T.; Damaševičius, R. Botnet attack detection using local global best bat algorithm for industrial Internet of things. Electronics 2021, 10, 1341. [Google Scholar] [CrossRef]
- Khare, N.; Devan, P.; Chowdhary, C.L.; Bhattacharya, S.; Singh, G.; Singh, S.; Yoon, B. SMO-DNN: Spider monkey optimization and deep neural network hybrid classifier model for intrusion detection. Electronics 2020, 9, 692. [Google Scholar] [CrossRef]
- Natesan, P.; Rajalaxmi, R.R.; Gowrison, G.; Balasubramanie, P. Hadoop Based Parallel Binary Bat Algorithm for Network Intrusion Detection. Int. J. Parallel Program. 2017, 45, 1194–1213. [Google Scholar] [CrossRef]
- Alazzam, H.; Sharieh, A.; Sabri, K.E. A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Expert Syst. Appl. 2020, 148, 113249. [Google Scholar] [CrossRef]
- Acharya, N.; Singh, S. An IWD-based feature selection method for intrusion detection system. Soft Comput. 2018, 22, 4407–4416. [Google Scholar] [CrossRef]
- Alzubi, Q.M.; Anbar, M.; Alqattan, Z.N.; Al-Betar, M.A.; Abdullah, R. Intrusion detection system based on a modified binary grey wolf optimisation. Neural Comput. Appl. 2020, 32, 6125–6137. [Google Scholar] [CrossRef]
- Alamiedy, T.A.; Anbar, M.; Alqattan, Z.N.; Alzubi, Q.M. Anomaly-based intrusion detection system using multi-objective grey wolf optimisation algorithm. J. Ambient. Intell. Humaniz. Comput. 2020, 11, 3735–3756. [Google Scholar] [CrossRef]
- Hosseini, S.; Zade, B.M.H. New hybrid method for attack detection using combination of evolutionary algorithms, SVM, and ANN. Comput. Netw. 2020, 173, 107168. [Google Scholar] [CrossRef]
- Khraisat, A.; Gondal, I.; Vamplew, P.; Kamruzzaman, J.; Alazab, A. Hybrid intrusion detection system based on the stacking ensemble of c5 decision tree classifier and one class support vector machine. Electronics 2020, 9, 173. [Google Scholar] [CrossRef] [Green Version]
- Tama, B.A.; Rhee, K.H. A combination of PSO-based feature selection and tree-based classifiers ensemble for intrusion detection systems. In Advances in Computer Science and Ubiquitous Computing; Springer: Berlin/Heidelberg, Germany, 2015; pp. 489–495. [Google Scholar]
- Almomani, O. A Hybrid Model Using Bio-Inspired Metaheuristic Algorithms for Network Intrusion Detection System. CMC-Comput. Mater. Contin. 2021, 68, 409–429. [Google Scholar] [CrossRef]
- Almomani, O. A feature selection model for network intrusion detection system based on PSO, GWO, FFA and GA algorithms. Symmetry 2020, 12, 1046. [Google Scholar] [CrossRef]
- Al-Wajih, R.; Abdulkadir, S.J.; Aziz, N.; Al-Tashi, Q.; Talpur, N. Hybrid binary grey wolf with Harris hawks optimizer for feature selection. IEEE Access 2021, 9, 31662–31677. [Google Scholar] [CrossRef]
- Al-Tashi, Q.; Kadir, S.J.A.; Rais, H.M.; Mirjalili, S.; Alhussian, H. Binary optimization using hybrid grey wolf optimization for feature selection. IEEE Access 2019, 7, 39496–39508. [Google Scholar] [CrossRef]
- Tawhid, M.A.; Ali, A.F. A hybrid grey wolf optimizer and genetic algorithm for minimizing potential energy function. Memet. Comput. 2017, 9, 347–359. [Google Scholar] [CrossRef]
- Gaidhane, P.J.; Nigam, M.J. A hybrid grey wolf optimizer and artificial bee colony algorithm for enhancing the performance of complex systems. J. Comput. Sci. 2018, 27, 284–302. [Google Scholar] [CrossRef]
- Mirjalili, S.; Mirjalili, S.M.; Lewis, A. Grey wolf optimizer. Adv. Eng. Softw. 2014, 69, 46–61. [Google Scholar] [CrossRef] [Green Version]
- Al-Tashi, Q.; Rais, H.M.; Abdulkadir, S.J.; Mirjalili, S.; Alhussian, H. A review of grey wolf optimizer-based feature selection methods for classification. Evol. Mach. Learn. Tech. 2020, 273–286. [Google Scholar]
- Emary, E.; Zawbaa, H.M.; Hassanien, A.E. Binary grey wolf optimization approaches for feature selection. Neurocomputing 2016, 172, 371–381. [Google Scholar] [CrossRef]
- Faris, H.; Aljarah, I.; Al-Betar, M.A.; Mirjalili, S. Grey wolf optimizer: A review of recent variants and applications. Neural Comput. Appl. 2018, 30, 413–435. [Google Scholar] [CrossRef]
- Gao, Z.; Xu, Y.; Meng, F.; Qi, F.; Lin, Z. Improved information gain-based feature selection for text categorization. In Proceedings of the 2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE), Aalborg, Denmark, 11–14 May 2014; pp. 1–5. [Google Scholar]
- Huang, G.B.; Zhu, Q.Y.; Siew, C.K. Extreme learning machine: A new learning scheme of feedforward neural networks. In Proceedings of the 2004 IEEE International Joint Conference on Neural Networks (IEEE Cat. No. 04CH37541), Budapest, Hungary, 25–29 July 2004; Volume 2, pp. 985–990. [Google Scholar]
- Feng, Z.k.; Niu, W.j.; Tang, Z.y.; Xu, Y.; Zhang, H.r. Evolutionary artificial intelligence model via cooperation search algorithm and extreme learning machine for multiple scales nonstationary hydrological time series prediction. J. Hydrol. 2021, 595, 126062. [Google Scholar] [CrossRef]
- Liu, J.; Yu, F.R.; Lung, C.H.; Tang, H. Optimal combined intrusion detection and biometric-based continuous authentication in high security mobile ad hoc networks. IEEE Trans. Wirel. Commun. 2009, 8, 806–815. [Google Scholar] [CrossRef]
- Urvashi; Awasthi, L.K.; Sikka, G. Behavior-Based Approach for Fog Data Analytics: An Approach toward Security and Privacy. In Fog Data Analytics for IoT Applications; Springer: Berlin/Heidelberg, Germany, 2020; pp. 341–354. [Google Scholar]
- Faris, H.; Mafarja, M.M.; Heidari, A.A.; Aljarah, I.; Ala’M, A.Z.; Mirjalili, S.; Fujita, H. An efficient binary salp swarm algorithm with crossover scheme for feature selection problems. Knowl.-Based Syst. 2018, 154, 43–67. [Google Scholar] [CrossRef]
- Moustafa, N.; Slay, J. UNSW-NB15: A comprehensive dataset for network intrusion detection systems (UNSW-NB15 network dataset). In Proceedings of the 2015 Military Communications and Information Systems Conference (MilCIS), Canberra, Australia, 10–12 November 2015; pp. 1–6. [Google Scholar]
- Moustafa, N.; Slay, J. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 dataset and the comparison with the KDD99 data set. Inf. Secur. J. Glob. Perspect. 2016, 25, 18–31. [Google Scholar] [CrossRef]
- Sharma, J.; Giri, C.; Granmo, O.C.; Goodwin, M. Multi-layer intrusion detection system with ExtraTrees feature selection, extreme learning machine ensemble, and softmax aggregation. EURASIP J. Inf. Secur. 2019, 2019, 1–16. [Google Scholar] [CrossRef] [Green Version]
- Mafarja, M.; Mirjalili, S. Whale optimization approaches for wrapper feature selection. Appl. Soft Comput. 2018, 62, 441–453. [Google Scholar] [CrossRef]
- Mafarja, M.; Aljarah, I.; Faris, H.; Hammouri, A.I.; Ala’M, A.Z.; Mirjalili, S. Binary grasshopper optimisation algorithm approaches for feature selection problems. Expert Syst. Appl. 2019, 117, 267–286. [Google Scholar] [CrossRef]
- Keserwani, P.K.; Govil, M.C.; Pilli, S.E. An Optimal Intrusion Detection System using GWO-CSA-DSAE Model. Cyber-Phys. Syst. 2021, 7, 197–220. [Google Scholar] [CrossRef]
- Wolpert, D.H.; Macready, W.G. No Free Lunch Theorems for Optimization. IEEE Trans. Evol. Comput. 1997, 1, 67–82. [Google Scholar] [CrossRef] [Green Version]
Algorithms | F1_Score | Accuracy | FPR | CER | G-Mean |
---|---|---|---|---|---|
GWO | 0.7656 | 0.7894 | 0.3121 | 0.3007 | 0.8215 |
MGWO-25% | 0.7808 | 0.8093 | 0.2808 | 0.2669 | 0.8403 |
MGWO-50% | 0.7637 | 0.7868 | 0.3154 | 0.3025 | 0.8184 |
MGWO-75% | 0.7700 | 0.7932 | 0.3062 | 0.2944 | 0.8241 |
MGWO-100% | 0.7572 | 0.7791 | 0.3283 | 0.3180 | 0.8116 |
No. | Parameter | Value |
---|---|---|
1. | ELM type | Basic |
2. | Activation function | Sigmoid |
3. | Number of hidden neurons | 20 |
4. | Population size | 10 |
5. | Max number of iterations | 100 |
6. | Injection ratio | 25% |
Algorithm | Parameter | Value |
---|---|---|
GA | Crossover percentage | 0.8 |
Mutation percentage | 0.3 | |
Mutation rate | 0.02 | |
Selection scheme | Random | |
Tournament size | 3 | |
Beta | 8 | |
PSO | Inertia weight | 2 |
Max inertia weight | 0.9 | |
Min inertia weight | 0.4 | |
c1, c2 | 2 | |
GWO | Convergence constant | [2 0] |
HHO | Upper bound | 1 |
Lower bound | 0 | |
Transfer function | S2 |
Algorithms | F1_Score | Accuracy | FPR | CER | G-Mean |
---|---|---|---|---|---|
GA | 0.7511 | 0.7827 | 0.3173 | 0.3164 | 0.8151 |
PSO | 0.7397 | 0.7659 | 0.3431 | 0.3316 | 0.7997 |
GOA | 0.7461 | 0.7710 | 0.3389 | 0.3264 | 0.8061 |
HHO | 0.7627 | 0.7862 | 0.3182 | 0.3090 | 0.8191 |
GWO | 0.7656 | 0.7894 | 0.3121 | 0.3007 | 0.8215 |
MGWO | 0.7808 | 0.8093 | 0.2808 | 0.2669 | 0.8403 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Alzaqebah, A.; Aljarah, I.; Al-Kadi, O.; Damaševičius, R. A Modified Grey Wolf Optimization Algorithm for an Intrusion Detection System. Mathematics 2022, 10, 999. https://doi.org/10.3390/math10060999
Alzaqebah A, Aljarah I, Al-Kadi O, Damaševičius R. A Modified Grey Wolf Optimization Algorithm for an Intrusion Detection System. Mathematics. 2022; 10(6):999. https://doi.org/10.3390/math10060999
Chicago/Turabian StyleAlzaqebah, Abdullah, Ibrahim Aljarah, Omar Al-Kadi, and Robertas Damaševičius. 2022. "A Modified Grey Wolf Optimization Algorithm for an Intrusion Detection System" Mathematics 10, no. 6: 999. https://doi.org/10.3390/math10060999
APA StyleAlzaqebah, A., Aljarah, I., Al-Kadi, O., & Damaševičius, R. (2022). A Modified Grey Wolf Optimization Algorithm for an Intrusion Detection System. Mathematics, 10(6), 999. https://doi.org/10.3390/math10060999