انتخاب خصایص سامانه تشخیص نفوذ با استفاده از الگوریتم کلونی مورچگان به شیوه حرکت روبه‌جلو

نوع مقاله : مقاله پژوهشی

نویسندگان

1 ایران

2 جامع امام حسین (ع)

چکیده

سامانه تشخیص نفوذ یکی از مهم‌ترین ابزارهای امنیتی در تشخیص حملات رایانه‌ای است که بر پایه یکی از دو روش تشخیص مبتنی بر سوءاستفاده و مبتنی بر ناهنجاری عمل می‌کند. مهم‌ترین چالش‌ ارتقای آی.دی.اس، محدودیت زمانی پاسخ و استفاده از الگوریتم با کارایی پایین جهت شناسایی نفوذ است. انتخاب دقیق خصایصی از سامانه‌ تشخیص نفوذ که بر پایه آن‌ها بتوان قدرت تشخیص را در این سامانه‌ها بالا برد، یکی از مراحل مهم در فرآیند تشخیص نفوذ است. در این مقاله شیوه‌ای جدید جهت تعیین مؤثرترین خصایص در سامانه تشخیص نفوذ مبتنی بر تشخیص سوءاستفاده، ارائه‌شده است. در این شیوه، خصایص مجموعه داده NSL-KDD با استفاده از الگوریتم بهینه‌سازی کلونی مورچگان، درحرکت روبه‌جلو با بهره‌گیری از الگوریتم دسته‌بندی PART، کاهش داده‌شده است. برای ارزیابی میزان موفقیت این شیوه، نرم‌افزاری به زبان جاوا پیاده‌سازی شده که در آن از توابع کتابخانه نرم‌افزار WEKA استفاده‌ شده است. نتایج ارزیابی در مقایسه با سایر کارهای موفق، نشان می‌دهد که این طرح، نرخ صحت تشخیص نفوذ را با تعیین هم‌زمان دسته حمله، از متوسط 1/84% به 35/85% ارتقا داده است. همچنین زمان تشخیص نفوذ برای یک مجموعه داده حدوداً بیست هزار عضوی از متوسط 31/0 ثانیه به کم‌تر از 25/0 ثانیه کاهش ‌یافته است.

کلیدواژه‌ها


عنوان مقاله [English]

Sequential Forward Feature Selection for Intrusion Detection System, Using Ant Colony Algorithm

نویسندگان [English]

  • Sadegh Bejani 1
  • Mahdi Abbasi 2
1
2
چکیده [English]

Intrusion detection system (IDS) is one of the most important security tools, which is used for detecting
computer attacks. This System reacts based on two methods: misuse-based and anomaly-based detection.
The time limitation to responding and using low efficiency algorithm is the biggest challenge for researchers
to promote detection of attacks in IDS. One of the most significant stages in intrusion detection process
is the accurate selection of features of IDS to promote the detection, based on these features. In this article,
a new method is presented to determine the most effective features in IDS, based on misuse detection method.
In this method, the features of NSL-KDD data set have been reduced by ant colony optimization in sequential
forward feature selection algorithm, utilizing PART classification algorithm. For evaluating success
rate of this method, a specific software in Java language was implemented, using the functions of the
library of WEKA. The results compared with other successful methods show that this method increases detection
accuracy rate, with concurrent detection of attack category, from 84.1% to 85.35%. Also, the detection
time decreases from 0.31 seconds to less than 0.25 seconds in a data set of approximately twenty thousand
members.

کلیدواژه‌ها [English]

  • Intrusion Detection System
  • Feature Selection
  • Data Mining
  • Ant Colony Algorithm
  • Part Algorithm
M. Hosseinzadeh Aghdam and P. Kabiri, “Feature Selection for Intrusion Detection System Using Ant Colony Optimization,” International Journal of Network Security, vol. 18, pp. 420-432, 2016.##
F. Amiri, M. Rezaei.Yousefi, and C. Lucas, “Mutual information-based feature selection for intrusion detection systems,” International Journal of Network and Computer Applications, vol. 34, pp. 1184-1199, 2011.##
S. Horng, M. Su, Y. Chen, and T. Kao, “A novel intrusion detection system based on hierarchical clustering and support vector machines,” International Journal of Expert Systems with Applications, vol. 38, pp. 306-3313, 2011.##
A. Toosi and M. Kahani, “A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers,” International Journal of Computer Communications, vol. 30, pp. 2201-2212, 2007.##
H.-H. Gao, H.-H. Yang, and X.-Y. Wang, “Ant colony optimization based network intrusion feature selection and detection,” in Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, Guangzhou, 2005.##
D. M. Powers, “Evaluation: From Precision, Recall and  F-Factor to ROC, Informedness, Markedness & Correlation,” School of Informatics and Engineering Flinders University, Adelaide-Australia , December 2007.##
A. S. Al-Aziz, A. T. Azar, M. Al-Salama, A. E. Hassanien, and S. E. Hanafy, “Genetic Algorithm with Different Feature Selection Techniques for Anomaly Detectors Generation,” in Computer Science and Information Systems, Krakow, 2013.##
A. Alazab, M. Hobbs, J. Abawajy, and M. Alazab, “Using Feature selection for intrusion detection system,” in Communications and Information Technologies (ISCIT), Gold Coast of Australia, 2012.##
M. Ambusaidi, H. Xiangjian, and N. Priyadarsi, “Building an Intrusion Detection System Using a Filter Based Feature selection algorithm,” IEEE Transactions on Computers, vol. 65, pp. 2986 - 2998, 2016.##
E. Amoroso, “Intrusion Detection: An Introduction to Internet Surveillance,” Correlation, Trace Back, Traps, and Response, Sparta, Intrusion.Net, 1999.##
   S. Zargari and D. Voorhis, “Feature Selection in the Corrected KDD-dataset,” in Emerging Intelligent Data and Web Technologies, Third International Conference, 2012.##  
F. Zhang and D. Wang, “An Effective Feature Selection Approach for Network Intrusion Detection,” in Networking, Architecture and Storage(NAS), IEEE Eighth International Conference, 2013.##
A. Tesfahun and L. Bhaskari, “Intrusion Detection using Random Forests Classifier with SMOTE and Feature Reduction,” in Cloud & Ubiquitous Computing & Emerging Technologies(CUBE), International Conference, 2013.##
M. Tavallaee and E. Bagheri, “A Detailed Analysis of the KDD CUP 99 Data Set,” in Computational Intelligence for Security and Defense Applications (CISDA), Second IEEE Symposium, 2009.##
S. Tabakhi, P. Moradi, and F. Akhlaghian, “An unsupervised feature selection algorithm based on ant colony optimization,” Engineering Applications of Artificial Intelligence, vol. 32, pp. 112-123, 2014.##
A. Sepahi and J. Rasool, “A Hybrid Approach of Similarity-based and Scenario-based Algorithms in Alert Correlation, Tehran, Sharif University of Technology, 2014. (In Persian)##
R. Lippmann, J. Haines, D. Fried, J. Korba, and K. Das, “Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation,” Lecture Notes in Computer Science(LNCS), vol. 1097, pp. 162-182, 2000.##
H. S. Chae, B. O. Jo, S. H. Choi, and T. K. Park, “Feature Selection for Intrusion Detection using NSL-KDD,” in Applied Computing Conference(ACC), China, 2014.##
M. Mirzaei and M. Bashiri, “Ant Colony Optimization,” Tehran, Bazagani, 2010. (In Persian)##
Durigo and Marco, “Ant Colony Optimization,” Tehran, Naghoos, 2016. (In Persian)##
O. Namadchian, “Anomaly-Based Intrusion Detection using Memetic algorithm,” Tehran, Malek Ashtar University, 2010. (In Persian)##
M. Ghazanfari and S. Alizadeh, “Data mining and knowledge discovery,” Tehran, ElmoSanat University, 2013. (In Persian)##
S. Parsa and S. H. R. Arabi, “Provide a new approach based on a combination method to detect network intrusion,” Electronic and cyber defense, vol. 3, pp. 79-93, 2017. (In Persian)##