Feature Selection for Intrusion Detection System Using Ant Colony Optimization

Intrusion detection is a major research problem in network security. Due to the nonlinear nature of the intrusion attempts, unpredictable behavior of the network traffic and the large number of features in the problem space, intrusion detection systems represent a complicated problem area. Choosing effective and key features for intrusion detection is a very important topic in information security. The purpose of this study is to identify important features in building an intrusion detection system such that they are computationally efficient and effective. To improve the performance of intrusion detection system, this paper proposes an intrusion detection system that its features are optimally selected using ant colony optimization. The proposed method is easily implemented and has a low computational complexity due to use of a simplified feature set for the classification. The extensive experimental results on the KDD Cup 99 and NSL-KDD intrusion detection benchmark data sets demonstrate that the proposed method outperforms previous approaches, providing higher accuracy in detecting intrusion attempts and lower false alarm with reduced number of features.

[1]  Nasser Ghasem-Aghaee,et al.  Application of ant colony optimization for feature selection in text categorization , 2008, 2008 IEEE Congress on Evolutionary Computation (IEEE World Congress on Computational Intelligence).

[2]  Thomas A. Runkler,et al.  Fuzzy classification in ant feature selection , 2008, 2008 IEEE International Conference on Fuzzy Systems (IEEE World Congress on Computational Intelligence).

[3]  Marco Dorigo,et al.  The hyper-cube framework for ant colony optimization , 2004, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[4]  Chi Hoon Lee,et al.  Using Attack-Specific Feature Subsets for Network Intrusion Detection , 2006, Australian Conference on Artificial Intelligence.

[5]  Marco Dorigo,et al.  Ant colony optimization theory: A survey , 2005, Theor. Comput. Sci..

[6]  Andries Petrus Engelbrecht,et al.  Fundamentals of Computational Swarm Intelligence , 2005 .

[7]  Sam Kwong,et al.  Genetic-fuzzy rule mining approach and evaluation of feature selection techniques for anomaly intrusion detection , 2007, Pattern Recognition.

[8]  Z. Michalewicz,et al.  A new version of ant system for subset problems , 1999, Proceedings of the 1999 Congress on Evolutionary Computation-CEC99 (Cat. No. 99TH8406).

[9]  Andrew H. Sung,et al.  Feature Ranking and Selection for Intrusion Detection Systems Using Support Vector Machines , 2002 .

[10]  Roberto Montemanni,et al.  A new algorithm for a Dynamic Vehicle Routing Problem based on Ant Colony System , 2002 .

[11]  Jafar Tanha,et al.  Combination of Ant Colony Optimization and Bayesian Classification for Feature Selection in a Bioinformatics Dataset , 2009, Journal of Computer Science & Systems Biology.

[12]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[13]  Itzhak Levin,et al.  KDD-99 classifier learning contest LLSoft's results overview , 2000, SKDD.

[14]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[15]  Lang Yu,et al.  Intrusion detection using rough set classification , 2004, Journal of Zhejiang University. Science.

[16]  Andrew H. Sung,et al.  The Feature Selection and Intrusion Detection Problems , 2004, ASIAN.

[17]  Huan Liu,et al.  Toward integrating feature selection algorithms for classification and clustering , 2005, IEEE Transactions on Knowledge and Data Engineering.

[18]  Shawn Ostermann,et al.  Detecting Anomalous Network Traffic with Self-organizing Maps , 2003, RAID.

[19]  Min-Shiang Hwang,et al.  A Study of Attribute-based Proxy Re-encryption Scheme in Cloud Environments , 2014, Int. J. Netw. Secur..

[20]  Alexander Dekhtyar,et al.  Information Retrieval , 2018, Lecture Notes in Computer Science.

[21]  Dunja Mladenic,et al.  Feature Selection for Dimensionality Reduction , 2005, SLSFS.

[22]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[23]  Adel Nadjaran Toosi,et al.  A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers , 2007, Comput. Commun..

[24]  Vittorio Maniezzo,et al.  The Ant System Applied to the Quadratic Assignment Problem , 1999, IEEE Trans. Knowl. Data Eng..

[25]  Bernhard Pfahringer,et al.  Winning the KDD99 classification cup: bagged boosting , 2000, SKDD.

[26]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[27]  Barbara Webb,et al.  Swarm Intelligence: From Natural to Artificial Systems , 2002, Connect. Sci..

[28]  Richard Jensen,et al.  Combining rough and fuzzy sets for feature selection , 2004 .

[29]  A.H. Sung,et al.  Identifying important features for intrusion detection using support vector machines and neural networks , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[30]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[31]  Shi-Jinn Horng,et al.  A novel intrusion detection system based on hierarchical clustering and support vector machines , 2011, Expert Syst. Appl..

[32]  Dong Seong Kim,et al.  Determining Optimal Decision Model for Support Vector Machine by Genetic Algorithm , 2004, CIS.

[33]  Jihoon Yang,et al.  Experimental Comparison of Feature Subset Selection Using GA and ACO Algorithm , 2006, ADMA.

[34]  Bruce Draper,et al.  Feature selection from huge feature sets in the context of computer vision , 2000 .

[35]  Salvatore J. Stolfo,et al.  Adaptive Intrusion Detection: A Data Mining Approach , 2000, Artificial Intelligence Review.

[36]  Kevin P. Anchor,et al.  CDIS: Towards a Computer Immune System for Detecting Network Intrusions , 2001, Recent Advances in Intrusion Detection.