NOVEL DIFFERENTIAL EVOLUTION FOR FEATURE SELECTION IN ANOMALY-BASED INTRUSION DETECTION
DOI:
https://doi.org/10.11113/aej.v15.22674Keywords:
Anomaly detection, NSL-KDD, mutation strategy, differential evolution, feature selectionAbstract
In recent years many organizations and end users suffer from cyber-attacks or intrusions also known as zero-day attacks that aim for damaging resources or theft of data. A well-known tool for detecting such intrusions is anomaly-based Intrusion Detection System (IDS). IDS have integrated Evolutionary Computation (EC) algorithms as dimensionality reduction method to enhance the detection performance. A major limitation in anomaly-based IDS is the high rate of false alarms due to several reasons most importantly is the high volume of training and testing datasets. These high dimensionality datasets could contain irrelevant, duplicate, and redundant features that cause misclassifications and increase the false alarm rate. In this research a new variant of Differential Evolution (DE) algorithm called Differential Evolution – Convergence Extension (DE-CE) is proposed as part of the anomaly-based IDS for dimensionality reduction and feature selection. The new variant of DE adopts a new mutation strategy that ensures the continuously generating new solutions for the current population, thus ensures selecting the most relevant features from the dataset. The well-known NSL-KDD dataset is adopted for training and testing the proposed anomaly-based IDS. Evaluation is performed against previously proposed DE algorithms with different mutation strategies and PSO in terms of number of selected features, Accuracy, False Positive rate (FPR), recall, and precision for five different classifiers. The proposed DE-CE outperformed the classical DE and PSO algorithms in all performance evaluation metrics, where it achieved the highest accuracy of 99.4744% and lowest FPR of 0.3198%.
References
Hubballi, Neminath, and Vinoth Suryanarayanan. 2014. "False alarm minimization techniques in signature-based intrusion detection systems: A survey." Computer Communications 49: 1-17. DOI: https://doi.org/10.1016/j.comcom.2014.04.012
Pawar, Mohan V., and J. Anuradha. 2015. "Network security and types of attacks in network." Procedia Computer Science 48: 503-506. DOI: https://doi.org/10.1016/j.procs.2015.04.126
Safari, Mohammad, Elham Parvinnia, and Alireza Keshavarz Haddad. 2021."Industrial intrusion detection based on the behavior of rotating machine." International Journal of Critical Infrastructure Protection. 34: 100424. DOI: https://doi.org/10.1016/j.ijcip.2021.100424
Rassam, Murad A., M. A. Maarof, and Anazida Zainal. 2012. "A survey of intrusion detection schemes in wireless sensor networks." American Journal of Applied Sciences. 9(10): 1636. DOI: https://doi.org/10.3844/ajassp.2012.1636.1652
Butun, Ismail, Salvatore D. Morgera, and Ravi Sankar. 2013 "A survey of intrusion detection systems in wireless sensor networks." IEEE communications surveys & tutorials 16(1): 266-282.
http://dx.doi.org/10.1109/SURV.2013.050113.00191
Sengupta, Nandita, and Jaya Sil. 2020. Intrusion Detection: A Data Mining Approach. Springer Nature, DOI: http://dx.doi.org/10.1007/978-981-15-2716-6_1
Meira, Jorge, Rui Andrade, Isabel Praça, João Carneiro, Verónica Bolón-Canedo, Amparo Alonso-Betanzos, and Goreti Marreiros. 2020."Performance evaluation of unsupervised techniques in cyber-attack anomaly detection." Journal of Ambient Intelligence and Humanized Computing. 4477-4489. DOI: https://doi.org/10.1007/s12652-019-01417-9
Zoppi, Tommaso, Andrea Ceccarelli, Tommaso Capecchi, and Andrea Bondavalli. 2021. "Unsupervised anomaly detectors to detect intrusions in the current threat landscape." ACM/IMS Transactions on Data Science 2(2): 1-26. DOI: https://doi.org/10.1145/3441140
Seng, S., J. Garcia-Alfaro, and Y. Laarouchi. 2021. "Why Anomaly-Based Intrusion Detection Systems Have Not Yet Conquered the Industrial Market?." In International Symposium on Foundations and Practice of Security, 341-354. Cham: Springer International Publishing, DOI: https://doi.org/10.1007/978-3-031-08147-7_23
Villalba, Luis Javier García, AL Sandoval Orozco, and J. Maestre Vidal. 2015."Malware detection system by payload analysis of network traffic." IEEE Latin America Transactions 13(3): 850-855. DOI: https://doi.org/10.1109/TLA.2015.7069114
Ni, Xiejun, Daojing He, and Farooq Ahmad. 2016."Practical network anomaly detection using data mining techniques." VFAST Transactions on Software Engineering. 9(2): 1-6. DOI: https://doi.org/10.21015/vtse.v9i2.403
Ghazy, Rania A., El-Sayed M. El-Rabaie, Moawad I. Dessouky, Nawal A. El-Fishawy, and Fathi E. Abd El-Samie. 2018. "Efficient techniques for attack detection using different features selection algorithms and classifiers." Wireless Personal Communications. 100: 1689-1706. DOI: https://doi.org/10.1007/s11277-018-5662-0
Ravi Kiran Varma, P., V. Valli Kumari, and S. Srinivas Kumar. 2018. "A survey of feature selection techniques in intrusion detection system: A soft computing perspective." In Progress in Computing, Analytics and Networking: Proceedings of ICCAN 2017. 785-793. Springer Singapore, DOI: https://doi.org/10.1007/978-981-10-7871-2_75
Thaseen, Ikram Sumaiya, and Cherukuri Aswani Kumar. 2017 "Intrusion detection model using fusion of chi-square feature selection and multi class SVM." Journal of King Saud University-Computer and Information Sciences. 29(4): 462-472. DOI: https://doi.org/10.1016/j.jksuci.2015.12.004
Al-Yaseen, Wathiq Laftah, Ali Kadhum Idrees, and Faezah Hamad Almasoudy. 2022. "Wrapper feature selection method based differential evolution and extreme learning machine for intrusion detection system." Pattern Recognition. 132: 108912. DOI: https://doi.org/10.1016/j.patcog.2022.108912
Liu, Qianqian, Xiaoyan Zhang, Qiaozhi Hua, Zheng Wen, and Haipeng Li. 2022. "Adaptive Differential Evolution Algorithm with Simulated Annealing for Security of IoT Ecosystems." Wireless Communications and Mobile Computing. 2022. DOI: https://doi.org/10.1155/2022/6951849
Kathirvel, Ayyaswamy, Muthusamy Subramaniam, S. Navaneethan, and C. Sabarinath. 2021. "Improved IDR Response System for Sensor Network." Journal of Web Engineering. 53-88. DOI: https://doi.org/10.13052/jwe1540-9589.2013
Fatani, Abdulaziz, Mohamed Abd Elaziz, Abdelghani Dahou, Mohammed AA Al-Qaness, and Songfeng Lu. 2021. "IoT intrusion detection system using deep learning and enhanced transient search optimization." IEEE Access. 9: 123448-123464. DOI: http://doi.org/10.1109/ACCESS.2021.3109081
Lv, Lu, Wenhai Wang, Zeyin Zhang, and Xinggao Liu. 2020. "A novel intrusion detection system based on an optimal hybrid kernel extreme learning machine." Knowledge-based systems 195: 105648. DOI: https://doi.org/10.1016/j.knosys.2020.105648
Shojafar, Mohammad, Rahim Taheri, Zahra Pooranian, Reza Javidan, Ali Miri, and Yaser Jararweh. 2019. "Automatic clustering of attacks in intrusion detection systems." In 2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA), 1-8. IEEE. DOI: http://doi.org/10.1109/AICCSA47632.2019.9035238
Hodashinsky, I. A., and M. A. Mech. 2018 "Constructing a fuzzy network intrusion classifier based on differential evolution and harmonic search." International Journal of Computer Networks & Communications (IJCNC). 10: 85-91. DOI: https://doi.org/10.5121/ijcnc.2018.10208
Xue, Yu, Weiwei Jia, Xuejian Zhao, and Wei Pang. 2018. "An evolutionary computation based feature selection method for intrusion detection." Security and Communication Networks. 2018. DOI: https://doi.org/10.1155/2018/2492956
Aburomman, Abdulla Amin, and Mamun Bin Ibne Reaz. 2017. "A novel weighted support vector machines multiclass classifier based on differential evolution for intrusion detection systems." Information Sciences 414: 225-246. DOI: https://doi.org/10.1016/j.ins.2017.06.007
Storn, Rainer, and Kenneth Price. 1997. "Differential evolution–a simple and efficient heuristic for global optimization over continuous spaces." Journal of global optimization. 11: 341-359. DOI: https://doi.org/10.1023/A:1008202821328
Vesterstrom, Jakob, and Rene Thomsen. 2004. "A comparative study of differential evolution, particle swarm optimization, and evolutionary algorithms on numerical benchmark problems." In Proceedings of the 2004 congress on evolutionary computation (IEEE Cat. No. 04TH8753), 2: 1980-1987. IEEE, DOI: http://doi.org/10.1109/CEC.2004.1331139
Noman, Nasimul, and Hitoshi Iba. 2008. "Accelerating differential evolution using an adaptive local search." IEEE Transactions on evolutionary Computation. 12(1): 107-125. DOI: http://doi.org/10.1109/TEVC.2007.895272
Knobloch, Roman, Jaroslav Mlýnek, and Radek Srb. 2017 "The classic differential evolution algorithm and its convergence properties." Applications of Mathematics. 62: 197-208. DOI: https://doi.org/10.21136/AM.2017.0274-16
Neri, Ferrante, and Ville Tirronen. 2010. "Recent advances in differential evolution: a survey and experimental analysis." Artificial intelligence review 33: 61-106. DOI: https://doi.org/10.1007/s10462-009-9137-2
Wang, Tiejun, Kaijun Wu, Tiaotiao Du, and Xiaochun Cheng. 2020. "Adaptive dynamic disturbance strategy for differential evolution algorithm." Applied Sciences. 10(6): 1972. DOI: http://dx.doi.org/10.3390/app10061972
Faris, M., Mahmud, M. N., Salleh, M. F. M., & Alsharaa, B. 2023. “A differential evolution-based algorithm with maturity extension for feature selection in intrusion detection system.” Alexandria Engineering Journal, 81: 178-192. DOI: https://doi.org/10.1016/j.aej.2023.09.032
