Skip to main content
SpringerLink
Log in

Optimizing an IDS (Intrusion Detection System) by Means of Advanced Metaheuristics

  • Conference paper
  • First Online:
Advances in Computational Intelligence (IWANN 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14134))

Included in the following conference series:

  • 482 Accesses

Abstract

Intrusion Detection Systems (IDSs) are a primary research area in Cybersecurity nowadays. These are programs or methods designed to monitor and analyze network traffic aiming to identify suspicious patterns/attacks. MSNM (Multivariate Statistical Network Monitoring) is a state-of-the-art algorithm capable of detecting various security threats in real network traffic data with high performance. However, semi-supervised MSNM heavily relies on a set of weights, whose values are usually determined using a relatively simple optimization algorithm. This work proposes the application of various Evolutionary Algorithm approaches to optimize this set of variables and improve the performance of MSNM against four types of attacks using the UGR’16 dataset (includes real network traffic flows). Furthermore, we analyzed the performance of a Particle Swarm Optimization approach and a Simulated Annealing algorithm, as a baseline. The results obtained are very promising and show that EAs are a great tool for enhancing the performance of this IDS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Indeed, is the semi-MSNM optimized by these algorithms which cannot detect these attacks.

References

  1. Anderson, J.P.: Computer security threat monitoring and surveillance. James P. Anderson Company, Technical Report (1980)

    Google Scholar 

  2. Hathaway, O.A., et al.: The law of cyber-attack. California law review, pp. 817–885 (2012)

    Google Scholar 

  3. Sabahi, F., Movaghar, A.: Intrusion detection: a survey. In: 2008 Third International Conference on Systems and Networks Communications, pp. 23–26. IEEE (2008)

    Google Scholar 

  4. Camacho, J., Pérez-Villegas, A., García-Teodoro, P., Maciá-Fernández, G.: Pca-based multivariate statistical network monitoring for anomaly detection. Comput. Secur. 59, 118–137 (2016)

    Article  Google Scholar 

  5. Jolliffe, I.T., Cadima, J.: Principal component analysis: a review and recent developments. Philosophical Trans. Roy. Soc. A Math. Phys. Eng. Sci. 374(2065), 20150202 (2016)

    Google Scholar 

  6. Maciá-Fernández, G., Camacho, J., Magán-Carrión, R., García-Teodoro, P., Therón, R.: Ugr ’16: a new dataset for the evaluation of cyclostationarity-based network idss. Comput. Secur. 73, 411–424 (2018)

    Article  Google Scholar 

  7. Camacho, J., Maciá-Fernández, G., Fuentes-García, N.M., Saccenti, E.: Semi-supervised multivariate statistical network monitoring for learning security threats. IEEE Trans. Inf. Forensics Secur. 14(8), 2179–2189 (2019)

    Article  Google Scholar 

  8. Camacho, J., Picó, J., Ferrer, A.: Self-tuning run to run optimization of fed-batch processes using unfold-pls. AIChE J. 53(7), 1789–1804 (2007)

    Article  Google Scholar 

  9. Eiben, A.E., Smith, J.E.: Introduction to evolutionary computing. Springer (2015)

    Google Scholar 

  10. Eberhart, R., Kennedy, J.: Particle swarm optimization. In: Proceedings of the IEEE International Conference on Neural Networks, 4, pp. 1942–1948 (1995)

    Google Scholar 

  11. He, Y., Ma, W.J., Zhang, J.P.: The parameters selection of pso algorithm influencing on performance of fault diagnosis. In: MATEC Web of Conferences, vol. 63, EDP Sciences (2016) 02019

    Google Scholar 

  12. Van Laarhoven, P.J., Aarts, E.H., van Laarhoven, P.J., Aarts, E.H.: Simulated annealing. Springer (1987)

    Google Scholar 

  13. Garcia, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100–123 (2014)

    Google Scholar 

  14. Rajagopal, S., Kundapur, P.P., Hareesha, K.S.: A stacking ensemble for network intrusion detection using heterogeneous datasets. Secur. Commun. Networks 2020, 1–9 (2020)

    Article  Google Scholar 

  15. Larriva-Novo, X., Vega-Barbas, M., Villagra, V.A., Rivera, D., Alvarez-Campana, M., Berrocal, J.: Efficient distributed preprocessing model for machine learning-based anomaly detection over large-scale cybersecurity datasets. Appl. Sci. 10(10), 3430 (2020)

    Article  Google Scholar 

  16. Fuentes García, N.M., et al.: Multivariate statistical network monitoring for network security based on principal component analysis (2021)

    Google Scholar 

  17. Magán-Carrión, R., Urda, D., Diaz-Cano, I., Dorronsoro, B.: Improving the reliability of network intrusion detection systems through dataset integration. IEEE Trans. Emerg. Top. Comput. 10(4), 1717–1732 (2022)

    Article  Google Scholar 

  18. Boardman, T.J.: The statistician who changed the world: W. edwards deming, 1900–1993. Am. Statistician 48(3), 179–187 (1994)

    Google Scholar 

  19. Lofberg, J.: Yalmip: A toolbox for modeling and optimization in matlab. In,: IEEE international conference on robotics and automation (IEEE Cat. No. 04CH37508). IEEE 2004, 284–289 (2004)

    Google Scholar 

  20. Camacho, J., Pérez-Villegas, A., Rodríguez-Gómez, R.A., Jiménez-Mañas, E.: Multivariate exploratory data analysis (meda) toolbox for matlab. Chemom. Intell. Lab. Syst. 143, 49–57 (2015)

    Article  Google Scholar 

  21. Hastie, T., Tibshirani, R., Friedman, J.H., Friedman, J.H.: The elements of statistical learning: data mining, inference, and prediction. Volume 2. Springer (2009)

    Google Scholar 

  22. Deb, K., Beyer, H.G.: Self-adaptive genetic algorithms with simulated binary crossover. Evol. Comput. 9(2), 197–221 (2001)

    Article  Google Scholar 

  23. Albadr, M.A., Tiun, S., Ayob, M., Al-Dhief, F.: Genetic algorithm based on natural selection theory for optimization problems. Symmetry 12(11), 1758 (2020)

    Article  Google Scholar 

  24. Lan, K.T., Lan, C.H.: Notes on the distinction of gaussian and cauchy mutations. In: 2008 Eighth International Conference on Intelligent Systems Design and Applications. Volume 1, IEEE (2008) 272–277

    Google Scholar 

Download references

Acknowledgements

This work has been partially funded by projects PID2020-113462RB-I00, PID2020-115570GB-C22 and PID2020-115570GB-C21 granted by Ministerio Español de Economía y Competitividad; project TED2021-129938B-I0, granted by Ministerio Español de Ciencia e Innovación; as well as project A-TIC-608-UGR20 granted by Junta de Andalucía.

Author information

Authors and Affiliations

  1. Department of Signal Theory, Telematics and Communications, ETSIIT and CITIC-UGR, University of Granada, 18071, Granada, Spain

    A.M. Mora, A. Romero-Horno & J. Camacho-Páez

  2. Department of Computer Engineering, Automation, and Robotics. ETSIIT and CITIC-UGR, University of Granada, 18071, Granada, Spain

    M.G. Arenas & P.A. Castillo

Authors
  1. A.M. Mora
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M.G. Arenas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. A. Romero-Horno
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. J. Camacho-Páez
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. P.A. Castillo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to A.M. Mora .

Editor information

Editors and Affiliations

  1. University of Granada, Granada, Spain

    Ignacio Rojas

  2. University of Malaga, Málaga, Spain

    Gonzalo Joya

  3. Polytechnic University of Catalonia, Vilanova i la Geltrú, Spain

    Andreu Catala

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mora, A., Arenas, M., Romero-Horno, A., Camacho-Páez, J., Castillo, P. (2023). Optimizing an IDS (Intrusion Detection System) by Means of Advanced Metaheuristics. In: Rojas, I., Joya, G., Catala, A. (eds) Advances in Computational Intelligence. IWANN 2023. Lecture Notes in Computer Science, vol 14134. Springer, Cham. https://doi.org/10.1007/978-3-031-43085-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-43085-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-43084-8

  • Online ISBN: 978-3-031-43085-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation