Swarm intelligence in intrusion detection: A survey

Intrusion Detection Systems (IDS) have nowadays become a necessary component of almost every security infrastructure. So far, many different approaches have been followed in order to increase the efficiency of IDS. Swarm Intelligence (SI), a relatively new bio-inspired family of methods, seeks inspiration in the behavior of swarms of insects or other animals. After applied in other fields with success SI started to gather the interest of researchers working in the field of intrusion detection. In this paper we explore the reasons that led to the application of SI in intrusion detection, and present SI methods that have been used for constructing IDS. A major contribution of this work is also a detailed comparison of several SI-based IDS in terms of efficiency. This gives a clear idea of which solution is more appropriate for each particular case.

[1]  Craig W. Reynolds Flocks, herds, and schools: a distributed behavioral model , 1987, SIGGRAPH.

[2]  Yuan Liu,et al.  MQPSO Based on Wavelet Neural Network for Network Anomaly Detection , 2009, 2009 5th International Conference on Wireless Communications, Networking and Mobile Computing.

[3]  Ruhui Ma,et al.  Hybrid QPSO based wavelet neural networks for network anomaly detection , 2007, Second Workshop on Digital Media and its Application in Museum & Heritages (DMAMH 2007).

[4]  M. V. Velzen,et al.  Self-organizing maps , 2007 .

[5]  J. Deneubourg,et al.  Self-organized shortcuts in the Argentine ant , 1989, Naturwissenschaften.

[6]  E. Vesterinen,et al.  Affective Computing , 2009, Encyclopedia of Biometrics.

[7]  Sebastiaan Tesink,et al.  Improving Intrusion Detection Systems through Machine Learning , 2007 .

[8]  Julie Greensmith,et al.  Immune system approaches to intrusion detection – a review , 2004, Natural Computing.

[9]  Jean-Louis Deneubourg,et al.  The dynamics of collective sorting robot-like ants and ant-like robots , 1991 .

[10]  Chuan Chen,et al.  An Improved Ant-based Classifier for Intrusion Detection , 2007, Third International Conference on Natural Computation (ICNC 2007).

[11]  Zhou Lianying,et al.  A Swarm-Intelligence-Based Intrusion Detection Technique , 2006 .

[12]  Guolong Chen,et al.  A PSO-Based Approach to Rule Learning in Network Intrusion Detection , 2007, ICFIE.

[13]  Noria Foukia IDReAM: Intrusion Detection and Response Executed with Agent Mobility , 2004, Engineering Self-Organising Systems.

[14]  Wang Xingyu Selection and Detection of Network Intrusion Feature Based on BPSO-SVM , 2006 .

[15]  Anazida Zainal,et al.  Feature Selection Using Rough-DPSO in Anomaly Intrusion Detection , 2007, ICCSA.

[16]  C. Torrence,et al.  A Practical Guide to Wavelet Analysis. , 1998 .

[17]  ElkanCharles Results of the KDD'99 classifier learning , 2000 .

[18]  Sam Kwong,et al.  Unsupervised Anomaly Intrusion Detection Using Ant Colony Clustering Model , 2005, WSTST.

[19]  WenJie Tian,et al.  A new network intrusion detection identification model research , 2010, 2010 2nd International Asia Conference on Informatics in Control, Automation and Robotics (CAR 2010).

[20]  Gerry V. Dozier,et al.  Vulnerability analysis of AIS-based intrusion detection systems via genetic and particle swarm red teams , 2004, Proceedings of the 2004 Congress on Evolutionary Computation (IEEE Cat. No.04TH8753).

[21]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[22]  Marco Dorigo,et al.  The ant colony optimization meta-heuristic , 1999 .

[23]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[24]  Ramachandran Baskaran,et al.  An Escalated Approach to Ant Colony Clustering Algorithm for Intrusion Detection System , 2008, ICDCN.

[25]  Mohammad Saniee Abadeh,et al.  Induction of Fuzzy Classification Systems Using Evolutionary ACO-Based Algorithms , 2007, First Asia International Conference on Modelling & Simulation (AMS'07).

[26]  Sokratis K. Katsikas,et al.  Intrusion Detection Using Evolutionary Neural Networks , 2008, 2008 Panhellenic Conference on Informatics.

[27]  Matthew M. Williamson,et al.  Biologically Inspired Approaches to Computer Security , 2002 .

[28]  WenJie Tian,et al.  Intrusion Detection Quantitative Analysis with Support Vector Regression and Particle Swarm Optimization Algorithm , 2009, 2009 International Conference on Wireless Networks and Information Systems.

[29]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[30]  Hui-Hua Yang,et al.  Ant colony optimization based network intrusion feature selection and detection , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[31]  Hisao Ishibuchi,et al.  Improving the performance of fuzzy classifier systems for pattern classification problems with continuous attributes , 1999, IEEE Trans. Ind. Electron..

[32]  Xu Hong,et al.  A Real-time Intrusion Detection System Based on PSO-SVM , 2009 .

[33]  Gerry V. Dozier,et al.  Vulnerability analysis of immunity-based intrusion detection systems using genetic and evolutionary hackers , 2007, Appl. Soft Comput..

[34]  Mohammad Saniee Abadeh,et al.  A Boosting Ant-Colony Optimization Algorithm for Computer Intrusion Detection , 2022 .

[35]  Wenying Feng,et al.  Network Intrusion Detection by Support Vectors and Ant Colony , 2009 .

[36]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[37]  Sreeram Ramakrishnan,et al.  A hybrid approach for feature subset selection using neural networks and ant colony optimization , 2007, Expert Syst. Appl..

[38]  Riccardo Poli,et al.  Particle swarm optimization , 1995, Swarm Intelligence.

[39]  Russell C. Eberhart,et al.  A discrete binary version of the particle swarm algorithm , 1997, 1997 IEEE International Conference on Systems, Man, and Cybernetics. Computational Cybernetics and Simulation.

[40]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[41]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[42]  Parag M. Kanade,et al.  Fuzzy ants as a clustering concept , 2003, 22nd International Conference of the North American Fuzzy Information Processing Society, NAFIPS 2003.

[43]  Zhong-Yang Xiong,et al.  Intrusion Detection Classifier Based on Dynamic SOM and Swarm Intelligence Clustering , 2008 .

[44]  Guo Wenzhong,et al.  A PSO-Based Approach to Rule Learning in Network Intrusion Detection , 2007 .

[45]  G. Holton Sociobiology: the new synthesis? , 1977, Newsletter on science, technology & human values.

[46]  Haiyun Luo,et al.  Security in mobile ad hoc networks: challenges and solutions , 2004, IEEE Wireless Communications.

[47]  Lisa Ann Osadciw,et al.  An intrusion detection framework for Sensor Networks using Honeypot and Swarm Intelligence , 2009, 2009 6th Annual International Mobile and Ubiquitous Systems: Networking & Services, MobiQuitous.

[48]  M. Moraud Wavelet Networks , 2018, Foundations of Wavelet Networks and Applications.

[49]  Shuyuan Yang,et al.  A quantum particle swarm optimization , 2004, Proceedings of the 2004 Congress on Evolutionary Computation (IEEE Cat. No.04TH8753).

[50]  Huaping Liu,et al.  A New Intelligent Intrusion Detection Method Based on Attribute Reduction and Parameters Optimization of SVM , 2010, 2010 Second International Workshop on Education Technology and Computer Science.

[51]  Qiang Wang,et al.  A clustering algorithm for intrusion detection , 2005, SPIE Defense + Commercial Sensing.

[52]  Noria Foukia IDReAM: intrusion detection and response executed with agent mobility architecture and implementation , 2005, AAMAS '05.

[53]  Chin-Chuan Han,et al.  Intrusive behavior analysis based on honey pot tracking and ant algorithm analysis , 2009, 43rd Annual 2009 International Carnahan Conference on Security Technology.

[54]  Morteza Amini,et al.  Network-Based Intrusion Detection Using Unsupervised Adaptive Resonance Theory ( ART ) , 2022 .

[55]  S. Banerjee,et al.  Intrusion Detection on Sensor Networks Using Emotional Ants , 2005 .

[56]  Gürsel Serpen,et al.  Why machine learning algorithms fail in misuse detection on KDD intrusion detection data set , 2004, Intell. Data Anal..

[57]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[58]  Martin Fodslette Møller,et al.  A scaled conjugate gradient algorithm for fast supervised learning , 1993, Neural Networks.

[59]  Alberto Maria Segre,et al.  Programs for Machine Learning , 1994 .

[60]  S. Janakiraman,et al.  ACO based Distributed Intrusion Detection System , 2009, J. Digit. Content Technol. its Appl..

[61]  Surat Srinoy Intelligence system approach for computer network security , 2007 .

[62]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[63]  J. Deneubourg,et al.  The self-organizing exploratory pattern of the argentine ant , 1990, Journal of Insect Behavior.

[64]  Chia-Mei Chen,et al.  Tracing Denial of Service Origin: Ant Colony Approach , 2006, EvoWorkshops.

[65]  H. Alipour,et al.  ACO-FCR: Applying ACO-Based Algorithms to Induct FCR , 2008 .

[66]  Saeed Jalili,et al.  An Ant Colony Optimization Algorithm for Network Vulnerability Analysis , 2006 .

[67]  Lizhong Xiao,et al.  K-means Algorithm Based on Particle Swarm Optimization Algorithm for Anomaly Intrusion Detection , 2006, 2006 6th World Congress on Intelligent Control and Automation.

[68]  S. Srinoy An Adaptive IDS Model Based on Swarm Intelligence and Support Vector Machine , 2006, 2006 International Symposium on Communications and Information Technologies.

[69]  Dorothy E. Denning,et al.  An Intrusion-Detection Model , 1987, IEEE Transactions on Software Engineering.

[70]  Deven Agravat,et al.  Modified Ant Miner for Intrusion Detection , 2010, 2010 Second International Conference on Machine Learning and Computing.

[71]  M. Hestenes,et al.  Methods of conjugate gradients for solving linear systems , 1952 .

[72]  Zhifeng Chen,et al.  Application of PSO-RBF Neural Network in Network Intrusion Detection , 2009, 2009 Third International Symposium on Intelligent Information Technology Application.

[73]  Ian Witten,et al.  Data Mining , 2000 .

[74]  Alex Alves Freitas,et al.  Data mining with an ant colony optimization algorithm , 2002, IEEE Trans. Evol. Comput..

[75]  John Mark,et al.  Introduction to radial basis function networks , 1996 .

[76]  Yong Feng,et al.  Network Anomaly Detection Based on DSOM and ACO Clustering , 2007, ISNN.

[77]  Tao Xiong,et al.  A combined SVM and LDA approach for classification , 2005, Proceedings. 2005 IEEE International Joint Conference on Neural Networks, 2005..

[78]  Yong Feng,et al.  An unsupervised anomaly intrusion detection algorithm based on swarm intelligence , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[79]  Yuan Liu,et al.  Wavelet Fuzzy Neural Network Based on Modified QPSO for Network Anomaly Detection , 2010 .

[80]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[81]  Sam Kwong,et al.  Ant Colony Clustering and Feature Extraction for Anomaly Intrusion Detection , 2006, Swarm Intelligence in Data Mining.

[82]  Manuel López-Ibáñez,et al.  Ant colony optimization , 2010, GECCO '10.

[83]  Bala Srinivasan,et al.  Dynamic self-organizing maps with controlled growth for knowledge discovery , 2000, IEEE Trans. Neural Networks Learn. Syst..

[84]  Karen A. Scarfone,et al.  Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .

[85]  Mohammad Saniee Abadeh,et al.  A hybridization of evolutionary fuzzy systems and ant Colony optimization for intrusion detection , 2010, ISC Int. J. Inf. Secur..

[86]  Yang Li,et al.  Research on intrusion detection of SVM based on PSO , 2009, 2009 International Conference on Machine Learning and Cybernetics.

[87]  Jing Wang,et al.  Swarm Intelligence in Cellular Robotic Systems , 1993 .

[88]  Wang Wei-ping,et al.  An Improved PSO-Based Rule Extraction Algorithm for Intrusion Detection , 2009, 2009 International Conference on Computational Intelligence and Natural Computing.

[89]  Zhongfu Wu,et al.  Clustering based on Self-Organizing Ant Colony Networks with Application to Intrusion Detection , 2006, Sixth International Conference on Intelligent Systems Design and Applications.

[90]  Somesh Jha,et al.  Minimization and Reliability Analyses of Attack Graphs , 2002 .

[91]  Lin Xing Network anomal detection wavelet neural network based on QPSO , 2009 .

[92]  Mohammad S. Obaidat,et al.  FORK: A novel two-pronged strategy for an agent-based intrusion detection scheme in ad-hoc networks , 2008, Comput. Commun..

[93]  Hisao Ishibuchi,et al.  Performance evaluation of fuzzy classifier systems for multidimensional pattern classification problems , 1999, IEEE Trans. Syst. Man Cybern. Part B.

[94]  Ajith Abraham,et al.  IDEAS: intrusion detection based on emotional ants for sensors , 2005, 5th International Conference on Intelligent Systems Design and Applications (ISDA'05).

[95]  Yuan Liu,et al.  Network Anomaly Detection Using RBF Neural Network with Hybrid QPSO , 2008, 2008 IEEE International Conference on Networking, Sensing and Control.

[96]  Salima Hassas,et al.  A distributed Intrusion Detection and Response System based on mobile autonomous agents using social insects communication paradigm , 2001, Electron. Notes Theor. Comput. Sci..

[97]  L.N. de Castro,et al.  Text document classification using swarm intelligence , 2005, International Conference on Integration of Knowledge Intensive Multi-Agent Systems, 2005..

[98]  Kimmo Hätönen,et al.  A computer host-based user anomaly detection system using the self-organizing map , 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium.

[99]  Baldo Faieta,et al.  Diversity and adaptation in populations of clustering ants , 1994 .

[100]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[101]  Guan Jian,et al.  An induction learning approach for building intrusion detection models using genetic algorithms , 2004, Fifth World Congress on Intelligent Control and Automation (IEEE Cat. No.04EX788).

[102]  Xingwei Liu,et al.  A New Intrusion Detection Method Based on BPSO-SVM , 2008, 2008 International Symposium on Computational Intelligence and Design.

[103]  Choong Seon Hong,et al.  Security in wireless sensor networks: issues and challenges , 2006, 2006 8th International Conference Advanced Communication Technology.

[104]  Lotfi A. Zadeh,et al.  Fuzzy Sets , 1996, Inf. Control..

[105]  Chi-Ho Tsang,et al.  Multi-agent intrusion detection system in industrial network using ant colony clustering approach and unsupervised feature extraction , 2005, 2005 IEEE International Conference on Industrial Technology.

[106]  Ajith Abraham,et al.  ANTIDS: Self Orga nized Ant-Based C lustering Model for Intrusion Det ection System , 2004, WSTST.

[107]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[108]  Sathya Narayanan,et al.  QoS and Security in 4G Networks , 2004 .