Hybridization of K-Means and Firefly Algorithm for intrusion detection system

During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks. Indeed, it is difficult to provide secure information systems and to maintain them in a secure state during their lifetime. An IDS is a device or software application that monitors network or system activities for malicious task or policy violations and produces reports to a management station. A metaheuristic is a high-level problem independent algorithmic framework. These are problem-independent techniques and do not take advantage of any specificity of the problem. The main aim of meta-heuristic algorithms is to quickly find solution to a problem. This solution may not be the best of all possible solutions to the problem but still they stand valid as they do not require excessively long time to be solved. Firefly Algorithm is one of the new metaheuristic algorithms for optimization problems inspired by the flashing behavior of fireflies. In this work, a new algorithm for anomaly detection has been introduced which is a hybridization of K-Means and Firefly Algorithm. The algorithm uses clustering to build the training model and uses classification to evaluate on the test set. The subject algorithm is evaluated on the NSL-KDD dataset, which is quite impressive. Further, a comparison study has been performed between the newly developed algorithm with other clustering algorithms including K-Means + Cuckoo, K-Means + Bat, K-Means, K-Means++, Canopy and Farthest First. The results show that K-Means + Firefly and K-Means + Bat outperforms by a huge margin.

[1]  Manas Ranjan Patra,et al.  A Novel Classification via Clustering Method for Anomaly Based Network Intrusion Detection System , 2009 .

[2]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[3]  Xiangjian He,et al.  Detection of Denial-of-Service Attacks Based on Computer Vision Techniques , 2015, IEEE Transactions on Computers.

[4]  Yiqing Qin,et al.  Research on Evolutionary Immune Mechanism in KDD , 2007 .

[5]  Wathiq Laftah Al-Yaseen,et al.  Hybrid Modified K-Means with C4.5 for Intrusion Detection Systems in Multiagent Systems. , 2015 .

[6]  Amrit Pal Singh,et al.  Comparative Study of Firefly Algorithm and Particle Swarm Optimization for Noisy Non- Linear Optimization Problems , 2012 .

[7]  Georgios Kambourakis,et al.  Swarm intelligence in intrusion detection: A survey , 2011, Comput. Secur..

[8]  Janez Brest,et al.  Modified firefly algorithm using quaternion representation , 2013, Expert Syst. Appl..

[9]  Qiang Wang,et al.  A clustering algorithm for intrusion detection , 2005, SPIE Defense + Commercial Sensing.

[10]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[11]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[12]  Puja Padiya,et al.  Feature Selection Based Hybrid Anomaly Intrusion Detection System Using K Means and RBF Kernel Function , 2015 .

[13]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .

[14]  Xiangjian He,et al.  Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm , 2016, IEEE Transactions on Computers.

[15]  Zhiliang Zhu,et al.  Feature Grouping for Intrusion Detection System Based on Hierarchical Clustering , 2014, CD-ARES.

[16]  A. Malathi,et al.  A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection , 2013 .

[17]  Taghi M. Khoshgoftaar,et al.  CLUSTERING-BASED NETWORK INTRUSION DETECTION , 2007 .

[18]  Xin-She Yang,et al.  Firefly Algorithm, Lévy Flights and Global Optimization , 2010, SGAI Conf..

[19]  Xin-She Yang,et al.  Firefly Algorithm: Recent Advances and Applications , 2013, ArXiv.

[20]  Malcolm I. Heywood,et al.  Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 , 2005, PST.

[21]  Wei Pan,et al.  A Hybrid Neural Network Approach to the Classification of Novel Attacks for Intrusion Detection , 2005, ISPA.

[22]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[23]  Simon Fong,et al.  Integrating nature-inspired optimization algorithms to K-means clustering , 2012, Seventh International Conference on Digital Information Management (ICDIM 2012).

[24]  Malcolm I. Heywood,et al.  A Linear Genetic Programming Approach to Intrusion Detection , 2003, GECCO.