Haifeng Lv,Xiaoyu Ji,Yong Ding

DOI: https://doi.org/10.1088/1742-6596/2517/1/012016

2023-01-01

Journal of Physics Conference Series

Abstract:The intrusion detection system (IDS) plays an important part because it offers an efficient way to prevent and mitigate cyber attacks. Numerous deep learning methods for intrusion anomaly detection have been developed as a result of recent advances in artificial intelligence (AI) in order to strengthen internet security. The balance among the high detection rate (DR), the low false alarm rate (FAR) and disaster of dimensionality is the crucial apprehension while devising an effective IDS. For the binary classification of intrusion detection systems, we present in this study a mixed model called K-means-XGBoost consisting of K-means and (Extreme Gradient Boosting, XGBoost) algorithms. The distributed computation of our method is achieved in Spark platform to rapidly separate normal events and anomaly events. In phrases of accuracy, DR, F1-score, recall, precision, and error indices FAR, the proposed model’s performance is measured via the well-known dataset of NSL-KDD. The experimental outcomes indicate that our method is outstandingly better among accuracy, DR, F1-score, training time, and processing speed, compared to other models which are recently created. In particular, the accuracy, F1-score, and DR of the proposed model can achieve as high as 93.28%, 94.39%, and 99.22% in the NSL-KDD dataset, respectively.

Ghulam Mohi-Ud-Din,Zhiqiang Liu,Jiangbin Zheng,Sifei Wang,Zhijun Lin,Muhammad Asim,Yuxuan Zhong,Yuxin Chen

DOI: https://doi.org/10.1109/tnsm.2023.3258901

2023-01-01

IEEE Transactions on Network and Service Management

Abstract:The exponential growth in data communication and increase in network size have led to various intrusions and attacks. An Intrusion Detection System (IDS) can be provided as a crucial component of a network or database to ensure the security of data communication over a network. The network size is large, a large dataset may comprise more irrelevant, redundant, and high-dimensional features that impact feature classification, thus affecting the intrusion detection rate. This study presents a new hybrid enhanced normalised Crow Search Algorithm (CSA) and Particle Swarm Optimisation (PSO) technique to address feature selection issues and to classify global best features using a random-forest classifier. In the proposed algorithm, the benefits of the CSA between the search strategy and rapid convergence phenomenon of the PSO algorithm are utilised to select the global best solution in a large search space. A random-forest classifier is used to classify the features after they are updated with weight values for significant features, assessing the asymptotic variance of features and points that are closest to the optimal solution. The asymptotic features are subjected to the weighted least mean square (WLS) method to eliminate large deviations among the features. The random-forest classifier distinguishes between normal records and abnormal intrusion records. The performance assessment of the proposed hybrid IDS model is performed by utilising two datasets, which reveals that the proposed model outperforms other existing models. The simulation outcomes show higher accuracy rate, precision value, recall factor, and F1-Score, revealing the efficacy of the IDS model.

张宝军,潘雪增,王界兵,平玲娣

DOI: https://doi.org/10.3785/j.issn.1008-973X.2009.06.004

2009-01-01

Abstract:Real-time intrusion detection under current network environment exists the following problems: first, the scale of network is large, and a great deal of information needs to be processed, which requires large throughput to the intrusion detection system (IDS); second, the network environment is complex, and the data type is multiplex, accordantly, the intrusion detection system should has high accuracy. Aiming at these problems, a model of intrusion detection system was proposed. The model uses the distributed architecture based on multi-agent system and shows good expansibility, and can self-adjust according to the scale and bandwidth of network. The model uses technologies of anomaly intrusion detection and misuse intrusion detection together, and has low false alert rate and miss alert rate. Multi-attribute data abstraction is used in the model to grasp the feature of intrusion accurately and provide strong support for intrusion identification. The classifier is constructed with radial basis function (RBF) so as to have good extension to unknown intrusions, and can do effective judgment to unknown intrusions. Experimental results show that the system has large throughput and high accuracy, thus it is suitable for current network and has good practicability.

Huaping Liu,Yin Jian,Sijia Liu

DOI: https://doi.org/10.1109/etcs.2010.210

2010-01-01

Abstract:Intelligent algorithms applied in intrusion detection system has become a tendency in recent years. An intelligent intrusion detection method is presented, based on rough set theory (RST) and improved binary particle swarm optimization with supported vector machine (IBPSO-SVM), which is combined attribute reduction with parameters optimization. Experiments on KDD CUP'99 dataset show this method can be an effective way for intrusion detection, not only accelerating the training time, but also improving the accuracy of test.

WU Qingtao,CAO Jibang,ZHENG Ruijuan,ZHANG Juwei

DOI: https://doi.org/10.3778/j.issn.1002-8331.1109-0031

2013-01-01

Abstract:Intrusion feature selection can improve the correctness and detection rate of the intrusion detection system effectively.A intrusion feature subset selection algorithm based on Particle Swarm Optimization(PSO)is proposed.Depending on the analyses of correlation between all features of network intrusion data,the PSO algorithm is used to search and choose effective feature subset independently to reduce data dimension in the feature space.The experimental results show that the algorithm can effectively remove redundant features,reduce the time of feature selection,ensure detection accuracy and improve detecting speed.

Zhang Xue-qin,Gu Chun-hua,Lin Jia-jin

DOI: https://doi.org/10.1109/chinacom.2006.344739

2006-01-01

Abstract:Support vector machine (SVM) has been applied to intrusion detection system (IDS) for its abilities to perform classification and regression. But for large-scale network intrusion detection problem, since solving a support vector machine is a typical quadratic optimization problem, which is influenced by the dimension and quantity of examples, many problems arise. KDDCUP'99 was used as the experiment dataset in this paper. A feature selection technology based on Fisher score was presented and used to construct a reduced feature subset of KDDCUP'99 dataset. SVM was used as a classifier. Experiment was run. The experiment results show, using Fisher score combined with SVM to select the important features is an effective method to reduce the dimension of the example feature space, and the classification accuracy has not dramatically decreased comparing to the original feature space.

CHEN WU,LIANG Gang,YANG Jin

DOI: https://doi.org/10.3969/j.issn.1671-0428.2013.06.002

IF: 5.105

2013-01-01

Computers & Security

Abstract:Traditional intrusion detection algorithm in dealing with network streaming data,due to the large amount of network data,and has high dimension,redundancy,etc,lead to intrusion detection of large amount of calculation,take up more resources,inadequate training and prediction for a long time and so on,this will need to keep the data useful information under the premise of the feature extraction of data.Based on the kernel principal component analysis(KPCA) was carried out on the network intrusion data dimensionality and to eliminate redundant information processing,reduce the input dimension of support vector machine,using particle swarm optimization algorithm for the SVM parameters,selecting the modified kernel function instead of traditional single kernel function,the experiment proved that the improved algorithm effectively improves the intrusion detection system detection rates and improve the speed of prediction.

Fangjun Kuang,Siyang Zhang,Zhong Jin,Weihong Xu

DOI: https://doi.org/10.1007/s00500-014-1332-7

IF: 3.732

2014-01-01

Soft Computing

Abstract:A novel support vector machine (SVM) model by combining kernel principal component analysis (KPCA) with improved chaotic particle swarm optimization (ICPSO) is proposed to deal with intrusion detection. The proposed method, in which multi-layer SVM classifier is employed to estimate whether the action is an attack, KPCA is applied as a preprocessor of SVM to reduce the dimension of feature vectors and shorten training time. To shorten the training time and improve the performance of SVM, N-RBF is employed to reduce the noise generated by feature differences, and ICPSO is presented to optimize the punishment factor C, kernel parameters \(\sigma \) and the tube size \(\varepsilon \) of SVM, which introduces chaos optimization and premature processing mechanism. Experimental results illustrate that the improved SVM model has faster computational time and higher predictive accuracy, and it can also shorten the training time and improve the performance of SVM.

Zhimin Lv,Jun Wan

DOI: https://doi.org/10.13052/jcsm2245-1439.13410

2024-06-14

Journal of Cyber Security and Mobility

Abstract:To optimize node energy consumption and improve its security, this paper uses the DEEC algorithm to layer WSN and reduce the probability of channel information collision and uses the weighted probability of cluster head election to optimize node energy expenditure, so that WSN can obtain a longer lifecycle. Improved Particle Swarm Optimization-based Support Vector Machine (IPSO-SVM) algorithm is used for intrusion detection and experimental testing in WSN. The results showed that the IPSO-SVM algorithm exhibited good convergence, with a convergence step size of 5 steps, which converged earlier than the Support Vector Machine Algorithm based on Particle Swarm Optimization (PSO-SVM), which had a convergence step size of 10 steps. The IPSO-SVM algorithm performed best in WSN intrusion detection, with the highest detection rate of 96.20% in Probe attack data detection, which was 0.80% higher than the Support Vector Machine Algorithm based on Genetic Algorithm (GA-SVM). The PSO-SVM algorithm had the lowest detection rate of 95.20%. The IPSO-SVM algorithm had a minimum false positive rate of 1.54% in Dos attack data detection. In terms of average training time, the IPSO-SVM algorithm had a minimum average training time of 323.45 seconds. Compared to the Low Energy Adaptive Clustering Hierarchy (LEACH) algorithm, the Distributed Energy Efficient Clustering (DEEC) algorithm performs better, has less energy consumption, and retains more nodes. The method adopted in this study can make WSN have a longer life cycle and ensure its security.

Fei Zhang,Peining Zhen,Dishan Jing,Xiaotang Tang,Hai-Bao Chen,Jie Yan

DOI: https://doi.org/10.1587/transinf.2021edp7184

2022-01-01

IEICE Transactions on Information and Systems

Abstract:Intrusion is one of major security issues of internet with the rapid growth in smart and Internet of Thing (IoT) devices, and it becomes important to detect attacks and set out alarm in IoT systems. In this paper, the support vector machine (SVM) and principal component analysis (PCA) based method is used to detect attacks in smart IoT systems. SVM with nonlinear scheme is used for intrusion classification and PCA is adopted for feature selection on the training and testing datasets. Experiments on the NSL-KDD dataset show that the test accuracy of the proposed method can reach 82.2% with 16 features selected from PCA for binary-classification which is almost the same as the result obtained with all the 41 features; and the test accuracy can achieve 78.3% with 29 features selected from PCA for multi-classification while 79.6% without feature selection. The Denial of Service (DoS) attack detection accuracy of the proposed method can achieve 8.8% improvement compared with existing artificial neural network based method.

Zhouzhou Liu,Wei,Hao Wang,Yangmei Zhang,Qianyun Zhang,Shining Li

DOI: https://doi.org/10.1109/access.2018.2879891

IF: 3.9

2018-01-01

IEEE Access

Abstract:Aiming at large-scale, high dimensional data, and variable intrusion behavior in wireless sensor networks (WSNs), an intrusion detection algorithm based on parallel intelligent optimization feature extraction and distributed fuzzy clustering for WSNs is proposed. First, in order to effectively reduce the data dimensionality and improve the robustness of the feature extraction process, the parallel intelligent optimization feature extraction framework is constructed on the basis of defining the optimal feature evaluation index, for which the theoretical analysis shows that the index can eliminate feature redundancy and maintain the diversity of original data. Second, the spider cluster optimization algorithm evolution rule is redefined by introducing local search and adaptive multi strategy update method, and it proves that the improved social spider optimization (ISSO) algorithm has global convergence. The ISSO is used to solve the feature extraction framework, and through the parallel feature subset selection process, the best feature combination is extracted. Finally, WSNs intrusion detection is carried out by using the best feature subset and the distributed fuzzy clustering technology, and intelligent iterative evolution method and adaptive clustering strategy are introduced in order to improve the fuzzy clustering algorithm performance. Experimental results show that the intrusion detection algorithm can effectively give the results of intrusion detection, and moreover, compared with the other detection algorithms, the intrusion detection rate is improved by about 13.1%, and the false detection rate is decreased by about 8.5%.

Shuang Liu,Liejun Wang,Jiwei Qin,Yan Guo,Hang Zuo

DOI: https://doi.org/10.3966/160792642018121907015

2018-01-01

Abstract:Aiming at the energy constrained of wireless sensor network (WSN) and the low detection accuracy of intrusion detection mechanisms in WSN, an intrusion detection model based on improved Particle Swarm Optimization (IPSO) and Support Vector Machine (SVM) is proposed in this paper. Firstly, the improved LEACH algorithm is applied to our intrusion detection model to cluster the nodes to reduce energy consumption. Nextly, Anomaly detection based on SVM algorithm is used in this model to ensure that detector has a high detection accuracy. Finally, the SVM algorithm is optimized by using the IPSO algorithm to obtain the optimal SVM parameters, so as to improve the detection precision and convergence speed of the model. The experimental results show that the intrusion detection model mentioned in this paper has higher detection precision, faster convergence speed and more balanced use of node energy compared with other detection models.

Qian Huang,Zhen Wang,Tao Wei,Yu Chen

2006-01-01

Abstract:This paper presents an algorithm for intrusion detection, based on one-class support vector machine (SVM) and online training of SVM. The algorithm formulates intrusion detection as a one-class classification problem. The model-building part of the algorithm works even when the training data is noisy, and therefore compared with regular SVM algorithms, it imposes fewer requirements on the training set and has a higher detection rate. For the testing data containing new types of attack, the algorithm can add such data to the training set and update the training result real-time. It tests the algorithm on KDD CUP' 99 benchmark data set for intrusion detection and the result shows that the algorithm is able to shorten the training time, and in the same time, obtain a high detection rate.

Zhang Shutuan,Zhang Xiaobin,Lei Tao,Di Yazhou

DOI: https://doi.org/10.16526/j.cnki.11-4762/tp.2008.11.059

2008-01-01

Abstract:Support Vector Machine(SVM) have excellent learning,classification ability and generalization ability,which use structural risk minimization instead of traditional empirical risk minimization based on large sample.SVM is widely used in pattern recognition and function fitting.Kernel parameter selection is very important and decide the fault diagnosis precision.In order to enhance fault diagnosis precision,a new fault diagnosis method is proposed by combining PSO and LSSVM algorithm.It is presented to Choose σ parameter of kernel function on dynamic,which enhances preciseness rate of fault diagnosis and efficiency.The experiments show that the algorithm can efficiently find the suitable SVM parameters,which result in good classification purpose.

P Hong,DN Zhang,TF Wu

DOI: https://doi.org/10.1109/icccas.2004.1346374

2004-01-01

Abstract:This paper proposes an intrusion detection method that combines rough sets and SVM algorithm. By virtue of the ability rough sets have to decrease the amount of data and get rid of redundancy, the method can reduce the amount of training data and overcome the SVM defect of slow running speed when processing large datasets. At the same time, by the aid of the SVM algorithm the method can classify the core of the property set to have extensiveness and high identification rate, and avoid disturbances. Experimental results show this method is better than other methods reported in the literature in terms of detection resolution.

A S Talita,O S Nataza,Z Rustam

DOI: https://doi.org/10.1088/1742-6596/1752/1/012021

2021-02-01

Journal of Physics: Conference Series

Abstract:Abstract The security of a network might be threatened by an intrusion aim to steal classified data or to find weaknesses on the network. In general, network main security systems use a firewall to control and monitor both incoming and outgoing network traffic. Intrusion Detection System can be used to strengthen network security. Several data mining methods have been used to solve Intrusion Detection System (IDS) problem on a network. On this paper we will use Naïve Bayes Classifier along with Particle Swarm Optimization (PSO) as the feature selection method specifically on one of the benchmark dataset on IDS problem, KDD CUP’99. The dataset consists of more than 40 features with more than 400 thousands records. To solve IDS problem on the dataset, it needs a quite expensive cost either on time computation or memory usage hence the use of PSO as the feature selection method. The best classification result was reached when we use 38 features where the accuracy is 99.12%. Particle Swarm Optimization method has several parameters that may affect the classification performance. For future improvement, it is possible to use a parameter optimization method to ensure the best classifier performance.

Guihua Sun,Yufang Zhang,Zhongyang Xiong

2007-01-01

Journal of Computational Information Systems

Abstract:This paper presents a novel system to apply particle swarm optimization with mutation (MPSO) for intrusion detection (MPSO-IDS). By applying mutation operator to the PSO algorithm near the end of run, the advanced MPSO algorithm can not only maintain the fast converging characteristics in the early phase. But it also avoids the premature convergence phenomenon in the later phase. The MPSO algorithm is employed to derive a set of constraint-based detectors from training data, and the support-confidence framework is utilized as fitness function to judge the quality of each detector. The generated detectors are then used to detect abnormal IP packets with any r intervals matching rule in the training data and testing data. Using the data sets of KDD CUP1999, the experiment results show that the proposed MPSO-IDS can avoid the premature convergence problem effectively, and achieve better detecting rate than PSO-IDS and SGA-IDS.

Jianzhen Wang,Yan Jin

DOI: https://doi.org/10.1007/978-3-030-30146-0_32

2019-01-01

Abstract:This paper proposes a feature selection approach, based on improved Discrete Particle Swarm Optimization (DPSO), to solve the “dimension disaster” problem in data classification; it is named Progressive Binary Particle Swarm Optimization (PBPSO). This feature selection approach is highly problem-dependent and influenced by the locations of particles. It adopts the principle of “partial retention - change - reduction of duplication - update” in the process of selection, and defines a new fitness function describing the correlation between the features and class labels. Experimentation was conducted using of the KDDCup99 data set to evaluate our proposed PBPSO. The experimental results show that 14 features were selected from the original data space with 41 features. Three classic classifiers, namely J48, Naive Bayes and ID3, were then used to further evaluate the performance of the selected features. The classification accuracy rates on the different classifiers achieved using the selected feature subset are similar to those achieved using the original feature set. The training time is, however, significantly reduced. In comparison with other similar algorithms, including Genetic Algorithm GA and Greedy Algorithm FGA. The results show that the PBPSO extracts fewer features, achieves slightly higher classification accuracy, and less time consuming in terms of model training. It has been demonstrated that the PBPSO enhances the practicability of certain classification algorithms in handling high-dimensional data.

Jianhua Huang,Jianhe Zhou,Zhe Wang,Quanliang wang,Yong Peng

DOI: https://doi.org/10.1145/3421766.3421811

2020-01-01

Abstract:A network traffic classification model and optimization method based on PSO-SVM is proposed in this paper to solve the difficulties of traffic classification and its low-performance model in intrusion detection system. Based on the expansion of SVM from the two-category traffic classification structure into the five-category structure, a hybrid kernel function combining Poly and RBF is constructed by model to ensure the generalization ability and model learning; and then after conducting particle swarm optimization on the various parameters of SVM model, the search spaces tablished by nonlinear inertia weight coefficient and learning factor of asynchronous optimization are conducted with fitness evaluation to achieve the optimal solution and enhance the convergence ability of algorithm. The experimental results show that the network traffic classification model and optimization method based on PSO-SVM proposed in this paper can achieve traffic classification and improve the performance of classification model.