Sequential Forward Feature Selection for Intrusion Detection System, Using Ant Colony Algorithm

Document Type : Original Article

Authors

Abstract

Intrusion detection system (IDS) is one of the most important security tools, which is used for detecting
computer attacks. This System reacts based on two methods: misuse-based and anomaly-based detection.
The time limitation to responding and using low efficiency algorithm is the biggest challenge for researchers
to promote detection of attacks in IDS. One of the most significant stages in intrusion detection process
is the accurate selection of features of IDS to promote the detection, based on these features. In this article,
a new method is presented to determine the most effective features in IDS, based on misuse detection method.
In this method, the features of NSL-KDD data set have been reduced by ant colony optimization in sequential
forward feature selection algorithm, utilizing PART classification algorithm. For evaluating success
rate of this method, a specific software in Java language was implemented, using the functions of the
library of WEKA. The results compared with other successful methods show that this method increases detection
accuracy rate, with concurrent detection of attack category, from 84.1% to 85.35%. Also, the detection
time decreases from 0.31 seconds to less than 0.25 seconds in a data set of approximately twenty thousand
members.

Keywords

References

M. Hosseinzadeh Aghdam and P. Kabiri, “Feature Selection for Intrusion Detection System Using Ant Colony Optimization,” International Journal of Network Security, vol. 18, pp. 420-432, 2016.##
F. Amiri, M. Rezaei.Yousefi, and C. Lucas, “Mutual information-based feature selection for intrusion detection systems,” International Journal of Network and Computer Applications, vol. 34, pp. 1184-1199, 2011.##
S. Horng, M. Su, Y. Chen, and T. Kao, “A novel intrusion detection system based on hierarchical clustering and support vector machines,” International Journal of Expert Systems with Applications, vol. 38, pp. 306-3313, 2011.##
A. Toosi and M. Kahani, “A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers,” International Journal of Computer Communications, vol. 30, pp. 2201-2212, 2007.##
H.-H. Gao, H.-H. Yang, and X.-Y. Wang, “Ant colony optimization based network intrusion feature selection and detection,” in Proceedings of the Fourth International Conference on Machine Learning and Cybernetics, Guangzhou, 2005.##
D. M. Powers, “Evaluation: From Precision, Recall and  F-Factor to ROC, Informedness, Markedness & Correlation,” School of Informatics and Engineering Flinders University, Adelaide-Australia , December 2007.##
A. S. Al-Aziz, A. T. Azar, M. Al-Salama, A. E. Hassanien, and S. E. Hanafy, “Genetic Algorithm with Different Feature Selection Techniques for Anomaly Detectors Generation,” in Computer Science and Information Systems, Krakow, 2013.##
A. Alazab, M. Hobbs, J. Abawajy, and M. Alazab, “Using Feature selection for intrusion detection system,” in Communications and Information Technologies (ISCIT), Gold Coast of Australia, 2012.##
M. Ambusaidi, H. Xiangjian, and N. Priyadarsi, “Building an Intrusion Detection System Using a Filter Based Feature selection algorithm,” IEEE Transactions on Computers, vol. 65, pp. 2986 - 2998, 2016.##
E. Amoroso, “Intrusion Detection: An Introduction to Internet Surveillance,” Correlation, Trace Back, Traps, and Response, Sparta, Intrusion.Net, 1999.##
   S. Zargari and D. Voorhis, “Feature Selection in the Corrected KDD-dataset,” in Emerging Intelligent Data and Web Technologies, Third International Conference, 2012.##  
F. Zhang and D. Wang, “An Effective Feature Selection Approach for Network Intrusion Detection,” in Networking, Architecture and Storage(NAS), IEEE Eighth International Conference, 2013.##
A. Tesfahun and L. Bhaskari, “Intrusion Detection using Random Forests Classifier with SMOTE and Feature Reduction,” in Cloud & Ubiquitous Computing & Emerging Technologies(CUBE), International Conference, 2013.##
M. Tavallaee and E. Bagheri, “A Detailed Analysis of the KDD CUP 99 Data Set,” in Computational Intelligence for Security and Defense Applications (CISDA), Second IEEE Symposium, 2009.##
S. Tabakhi, P. Moradi, and F. Akhlaghian, “An unsupervised feature selection algorithm based on ant colony optimization,” Engineering Applications of Artiļ¬cial Intelligence, vol. 32, pp. 112-123, 2014.##
A. Sepahi and J. Rasool, “A Hybrid Approach of Similarity-based and Scenario-based Algorithms in Alert Correlation, Tehran, Sharif University of Technology, 2014. (In Persian)##
R. Lippmann, J. Haines, D. Fried, J. Korba, and K. Das, “Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation,” Lecture Notes in Computer Science(LNCS), vol. 1097, pp. 162-182, 2000.##
H. S. Chae, B. O. Jo, S. H. Choi, and T. K. Park, “Feature Selection for Intrusion Detection using NSL-KDD,” in Applied Computing Conference(ACC), China, 2014.##
M. Mirzaei and M. Bashiri, “Ant Colony Optimization,” Tehran, Bazagani, 2010. (In Persian)##
Durigo and Marco, “Ant Colony Optimization,” Tehran, Naghoos, 2016. (In Persian)##
O. Namadchian, “Anomaly-Based Intrusion Detection using Memetic algorithm,” Tehran, Malek Ashtar University, 2010. (In Persian)##
M. Ghazanfari and S. Alizadeh, “Data mining and knowledge discovery,” Tehran, ElmoSanat University, 2013. (In Persian)##
S. Parsa and S. H. R. Arabi, “Provide a new approach based on a combination method to detect network intrusion,” Electronic and cyber defense, vol. 3, pp. 79-93, 2017. (In Persian)##

Files

History

  • Receive Date: 07 June 2017
  • Revise Date: 20 February 2019
  • Accept Date: 19 September 2018
  • Publish Date: 23 July 2018

Share

How to cite

Statistics