Network intrusion detection using hybrid binary PSO and random forests algorithm

Network security risks grow with increase in the network size. In recent past, the attacks on computer networks have increased tremendously and require efficient network intrusion detection mechanisms. Data mining and machine-learning techniques have been used for network intrusion detection during the past few years and have gained much popularity. In this paper, we propose an intrusion detection mechanism based on binary particle swarm optimization PSO and random forests RF algorithms called PSO-RF and investigate the performance of various dimension reduction techniques along with a set of different classifiers including the proposed approach. Binary PSO is used to find more appropriate set of attributes for classifying network intrusions, and RF is used as a classifier. In the preprocessing step, we reduce the dimensions of the dataset by using different state-of-the-art dimension reduction techniques, and then this reduced dataset is presented to the proposed PSO-RF approach that further optimizes the dimensions of the data and finds an optimal set of features. PSO is an optimization method that has a strong global search capability and is used here for dimension optimization. We perform extensive experimentation to prove the worth of the proposed approach by using different performance metrics. The standard benchmark, that is, KDD99Cup dataset, is used that contains the information about various kinds of network intrusions. The experimental results indicate that the proposed approach performs better than the other approaches for the detection of all kinds of attacks present in the dataset. Copyright © 2012 John Wiley & Sons, Ltd.

[1]  G. Izmirlian,et al.  Application of the Random Forest Classification Algorithm to a SELDI‐TOF Proteomics Study in the Setting of a Cancer Prevention Trial , 2004, Annals of the New York Academy of Sciences.

[2]  Peter Nordin,et al.  Genetic programming - An Introduction: On the Automatic Evolution of Computer Programs and Its Applications , 1998 .

[3]  Choo-Yee Ting,et al.  A Feature Selection Approach for Network Intrusion Detection , 2009, 2009 International Conference on Information Management and Engineering.

[4]  Guo Wenzhong,et al.  A PSO-Based Approach to Rule Learning in Network Intrusion Detection , 2007 .

[5]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[6]  Yimin Wu,et al.  High-dimensional pattern analysis in multimedia information retrieval and bioinformatics , 2004 .

[7]  T. S. Chou,et al.  Network Intrusion Detection Design Using Feature Selection of Soft Computing Paradigms , 2008 .

[8]  Choo-Yee Ting,et al.  From Feature Selection to Building of Bayesian Classifiers: A Network Intrusion Detection Perspective , 2009 .

[9]  Hervé Debar,et al.  A neural network component for an intrusion detection system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Farrukh Aslam Khan,et al.  Binary PSO and random forests algorithm for PROBE attacks detection in a network , 2011, 2011 IEEE Congress of Evolutionary Computation (CEC).

[11]  Ajith Abraham,et al.  Neuro Fuzzy Systems: Sate-of-the-Art Modeling Techniques , 2001, IWANN.

[12]  Ravi Jain,et al.  Soft Computing Models for Network Intrusion Detection Systems , 2005, Classification and Clustering for Knowledge Discovery.

[13]  Sung-Bae Cho,et al.  Efficient anomaly detection by modeling privilege flows using hidden Markov model , 2003, Comput. Secur..

[14]  Ramón Díaz-Uriarte,et al.  Gene selection and classification of microarray data using random forest , 2006, BMC Bioinformatics.

[15]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[16]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[17]  Li-Yeh Chuang,et al.  Chaotic Binary Particle Swarm Optimization for Feature Selection using Logistic Map , 2008 .

[18]  P. Yogesh,et al.  Evolutionary Approach for Network Anomaly Detection Using Effective Classification , 2009 .

[19]  Shao Hong Zhong,et al.  An Effective Intrusion Detection Model Based on Random Forest and Neural Networks , 2011 .

[20]  Ajith Abraham,et al.  Intrusion Detection Using Ensemble of Soft Computing Paradigms , 2003 .

[21]  Salvatore J. Stolfo,et al.  A framework for constructing features and models for intrusion detection systems , 2000, TSEC.

[22]  Salvatore J. Stolfo,et al.  Data Mining Approaches for Intrusion Detection , 1998, USENIX Security Symposium.

[23]  Yuehui Chen,et al.  Feature Selection and Intrusion Detection Using Hybrid Flexible Neural Tree , 2005, ISNN.

[24]  Sung-Bae Cho,et al.  Detecting intrusion with rule-based integration of multiple models , 2003, Comput. Secur..

[25]  WenJie Tian,et al.  Intrusion Detection Quantitative Analysis with Support Vector Regression and Particle Swarm Optimization Algorithm , 2009, 2009 International Conference on Wireless Networks and Information Systems.

[26]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[27]  Philip K. Chan,et al.  An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.

[28]  Werasak Kurutach,et al.  Combination Artificial Ant Clustering and K-PSO Clustering Approach to Network Security Model , 2006, 2006 International Conference on Hybrid Information Technology.

[29]  Mohammad Zulkernine,et al.  Random-Forests-Based Network Intrusion Detection Systems , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[30]  Sanjay Rawat,et al.  Network Intrusion Detection Using Wavelet Analysis , 2004, CIT.

[31]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[32]  Dong Seong Kim,et al.  Modeling Network Intrusion Detection System Using Feature Selection and Parameters Optimization , 2008, IEICE Trans. Inf. Syst..

[33]  S. T. Sarasamma,et al.  Hierarchical Kohonenen net for anomaly detection in network security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[34]  Mohammad Zulkernine,et al.  A hybrid network intrusion detection technique using random forests , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[35]  Jae Won Lee,et al.  An extensive comparison of recent classification tools applied to microarray data , 2004, Comput. Stat. Data Anal..

[36]  Nicoletta Dessì,et al.  Intelligent Bayesian Classifiers in Network Intrusion Detection , 2005, IEA/AIE.

[37]  Neveen I. Ghali,et al.  Feature Selection for Effective Anomaly-Based Intrusion Detection , 2009 .

[38]  Tong Wang,et al.  Applications of Fuzzy Data Mining Methods for Intrusion Detection Systems , 2004, ICCSA.

[39]  Alex Alves Freitas,et al.  An Artificial Immune System for Fuzzy-Rule Induction in Data Mining , 2004, PPSN.