Abstract
The most pressing issue in network security is the establishment of an approach that is capable of detecting violations in computer systems and networks. There have been several efforts for improving it from various points of view. One example is the improvement of the classification of packets on the network, which is imperative in detecting abnormal traffic and hence any potential intrusion. Thus, this study proposes a new approach for intrusion detection that is implemented using an enhanced Bat algorithm (EBat) for training an artificial neural network. The goal of the current study is to increase the accuracy of the classification for malicious and un-malicious network traffic. The proposed study herein includes a comparison with nine other metaheuristic algorithms (conventional and new algorithms) that are used to evaluate the new approach alongside the related works. Firstly, the EBat algorithm was developed and used to select suitable weights and biases. Next, the neural network was employed using the found optimal weights and biases to realize the intrusion detection approach. Four types of intrusion detection evaluation datasets were used to compare the proposed approach against the other algorithms. The findings revealed that the proposed method outperformed the other nine classification algorithms and it is unparalleled for the network intrusion detection.
Similar content being viewed by others
References
Anderson JP (1980) Computer security threat monitoring and surveillance. James P. Anderson Co., Fort Washington
Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 2:222–232
Ghanem WAH, Belaton B (2013) Improving accuracy of applications fingerprinting on local networks using NMAP-AMAP-ETTERCAP as a hybrid framework. In: 2013 IEEE international conference on control system, computing and engineering. IEEE, pp 403–407
Kevric J, Jukic S, Subasi A (2017) An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Comput Appl 28(1):1051–1058
Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470
Lu H, Setiono R, Liu H (1996) Effective data mining using neural networks. IEEE Trans Knowl Data Eng 8(6):957–961
Bhardwaj AK, Singh M (2015) Data mining-based integrated network traffic visualization framework for threat detection. Neural Comput Appl 26(1):117–130
Agrawal R, Imielinski T, Swami A (1993) Database mining: a performance perspective. IEEE Trans Knowl Data Eng 5(6):914–925
Zhang W, Wei D (2018) Prediction for network traffic of radial basis function neural network model based on improved particle swarm optimization algorithm. Neural Comput Appl 29(4):1143–1152
Zhang C, Jiang J, Kamel M (2003) Comparison of BPL and RBF network in intrusion detection system. In: International workshop on rough sets, fuzzy sets, data mining, and granular-soft computing. Springer, Berlin, pp 466–470
Jiang J, Zhang C, Kamel M (2003) RBF-based real-time hierarchical intrusion detection systems. In: Proceedings of the international joint conference on neural networks, 2003, vol 2. IEEE, pp 1512–1516
Alauthaman M, Aslam N, Zhang L, Alasem R, Hossain MA (2018) A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks. Neural Comput Appl 29(11):991–1004
Ghosh AK, Schwartzbard A (1999) A study in using neural networks for anomaly and misuse detection. In: USENIX security symposium, vol 99, p 12
Li H (2016) Research on prediction of traffic flow based on dynamic fuzzy neural networks. Neural Comput Appl 27(7):1969–1980
Fox K (1990) A neural network approach towards intrusion detection. Technicla report
Wang W, Guan X, Zhang X, Yang L (2006) Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data. Comput Secur 25(7):539–550
Han SJ, Cho SB (2005) Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Trans Syst Man Cybern B (Cybern) 36(3):559–570
Li K, Teng G (2006) Unsupervised SVM Based on p-kernels for Anomaly Detection. In: 1st international conference on innovative computing, information and control-volume I (ICICIC’06), vol 2. IEEE, pp 59–62
Aslahi-Shahri BM, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A (2016) A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput Appl 27(6):1669–1676
Catania CA, Bromberg F, Garino CG (2012) An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst Appl 39(2):1822–1829
Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821
Zhang Z, Shen H (2004) Online training of SVMs for real-time intrusion detection. In: 18th international conference on advanced information networking and applications, 2004. AINA 2004, vol 1. IEEE, pp 568–573
Martens D, Baesens B, Fawcett T (2011) Editorial survey: swarm intelligence for data mining. Mach Learn 82(1):1–42
Kolias C, Kambourakis G, Maragoudakis M (2011) Swarm intelligence in intrusion detection: a survey. Comput Secur 30(8):625–642
Bishop CM (2006) Pattern recognition and machine learning. Springer, Berlin
Ozturk C, Karaboga D (2011) Hybrid artificial bee colony algorithm for neural network training. In: 2011 IEEE congress of evolutionary computation (CEC). IEEE, pp 84–88
Yao X (1999) Evolving artificial neural networks. Proc IEEE 87(9):1423–1447
Sheikhan M, Rad MS (2013) Gravitational search algorithm–optimized neural misuse detector with selected features by fuzzy grids–based association rules mining. Neural Comput Appl 23(7–8):2451–2463
Socha K, Blum C (2007) An ant colony optimization algorithm for continuous optimization: application to feed-forward neural network training. Neural Comput Appl 16(3):235–247
Mehrotra K, Mohan CK, Ranka S (1997) Elements of artificial neural networks. MIT Press, Cambridge
Hush DR, Horne BG (1993) Progress in supervised neural networks. IEEE Signal Process Mag 10(1):8–39
Karaboga D, Akay B, Ozturk C (2007) Artificial bee colony (ABC) optimization algorithm for training feed-forward neural networks. In: International conference on modeling decisions for artificial intelligence. Springer, Berlin, pp 318–329
Carvalho M, Ludermir TB (2006) Hybrid training of feed-forward neural networks with particle swarm optimization. In: International conference on neural information processing. Springer, Berlin, pp 1061–1070
Meissner M, Schmuker M, Schneider G (2006) Optimized particle swarm optimization (OPSO) and its application to artificial neural network training. BMC Bioinform 7(1):125
Michailidis E, Katsikas SK, Georgopoulos E (2008) Intrusion detection using evolutionary neural networks. In: 2008 Panhellenic conference on informatics, pp 8–12
Moradi M, Zulkernine M (2004) A neural network based system for intrusion detection and classification of attacks. In: Proceedings of the IEEE international conference on advances in intelligent systems, pp 15–18
Ghanem WA, Jantan A (2019) An enhanced Bat algorithm with mutation operator for numerical optimization problems. Neural Comput Appl 31(1):617–651
Ojha VK, Abraham A, Snášel V (2017) Metaheuristic design of feedforward neural networks: a review of two decades of research. Eng Appl Artif Intell 60:97–116
Yu J, Xi L, Wang S (2007) An improved particle swarm optimization for evolving feedforward artificial neural networks. Neural Process Lett 26(3):217–231
Lam HK, Ling SH, Leung FH, Tam PKS (2001) Tuning of the structure and parameters of neural network using an improved genetic algorithm. In: IECON’01. 27th annual conference of the IEEE industrial electronics society (Cat. No. 37243), vol 1. IEEE, pp 25–30
Mizuta S, Sato T, Lao D, Ikeda M, Shimizu T (2001) Structure design of neural networks using genetic algorithms. Complex Syst 13(2):161–176
Wang T, Wei L, Ai J (2015) Improved BP neural network for intrusion detection based on AFSA. In: 2015 international symposium on computers and informatics. Atlantis Press
Shi L, Yang Y, Lv J (2015). PCA-PSO-BP neural network application in IDS. In: 2015 international power, electronics and materials engineering conference. Atlantis Press
Sheikhan M, Jadidi Z (2014) Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network. Neural Comput Appl 24(3–4):599–611
Tian W, Liu J (2010) Network intrusion detection analysis with neural network and particle swarm optimization algorithm. In: 2010 Chinese control and decision conference. IEEE, pp 1749–1752
Wang L, Yu G, Wang G, Wang D (2001) Method of evolutionary neural network-based intrusion detection. In: 2001 international conferences on Info-Tech and Info-Net. Proceedings (Cat. No. 01EX479), vol 5. IEEE, pp 13–18
Xu R, An R, Geng X (2011) Research intrusion detection based PSO-RBF classifier. In: 2011 IEEE 2nd international conference on software engineering and service science. IEEE, pp 104–107
Ali GA, Jantan A (2011) A new approach based on honeybee to improve intrusion detection system using neural network and bees algorithm. In: International conference on software engineering and computer systems. Springer, Berlin, pp 777–792
Liu SH, Mernik M, HrnčIč D, Črepinšek M (2013) A parameter control method of evolutionary algorithms using exploration and exploitation measures with a practical application for fitting Sovova’s mass transfer model. Appl Soft Comput 13(9):3792–3805
Črepinšek M, Liu SH, Mernik M (2013) Exploration and exploitation in evolutionary algorithms: a survey. ACM Comput Surv (CSUR) 45(3):35
Al-Betar MA (2017) β-Hill climbing: an exploratory local search. Neural Comput Appl 28(1):153–168
Ghanem WA, Jantan A (2018) Hybridizing artificial bee colony with monarch butterfly optimization for numerical optimization problems. Neural Comput Appl 30(1):163–181
Wang G, Guo L (2013) A novel hybrid bat algorithm with harmony search for global numerical optimization. J Appl Math 2013:1–21
Ghanem WAH, Jantan A (2014) Using hybrid artificial bee colony algorithm and particle swarm optimization for training feed-forward neural networks. J Theor Appl Inf Technol 67(3):664–674
Ghanem WAH, Jantan A (2014). Swarm intelligence and neural network for data classification. In: 2014 IEEE international conference on control system, computing and engineering (ICCSCE 2014). IEEE, pp 196–201
Mirjalili S, Hashim SZM, Sardroudi HM (2012) Training feedforward neural networks using hybrid particle swarm optimization and gravitational search algorithm. Appl Math Comput 218(22):11125–11137
Ghanem WAH, Jantan A (2018) New approach to improve anomaly detection using a neural network optimized by hybrid ABC and PSO algorithms. Pak J Stat 34(1):1–14
Zhang JR, Zhang J, Lok TM, Lyu MR (2007) A hybrid particle swarm optimization–back-propagation algorithm for feedforward neural network training. Appl Math Comput 185(2):1026–1037
Mirjalili S, Mirjalili SM, Lewis A (2014) Let a biogeography-based optimizer train your multi-layer perceptron. Inf Sci 269:188–209
Mirjalili S (2015) How effective is the Grey Wolf optimizer in training multi-layer perceptrons. Appl Intell 43(1):150–161
Faris H, Aljarah I, Mirjalili S (2016) Training feedforward neural networks using multi-verse optimizer for binary classification problems. Appl Intell 45(2):322–332
Özgür A, Erdem H (2016) A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015. PeerJ Prepr 4:e1954v1
Ji H, Kim D, Shin D, Shin D (2017) A study on comparison of KDD CUP 99 and NSL-KDD using artificial neural network. In: Park J, Loia V, Yi G, Sung Y (eds) Advances in computer science and ubiquitous computing. Springer, Singapore, pp 452–457
Lee W, Stolfo SJ (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur (TiSSEC) 3(4):227–261
Onut IV, Ghorbani AA (2007) A feature classification scheme for network intrusion detection. IJ Netw Secur 5(1):1–15
Siddiqui MK, Naahid S (2013) Analysis of KDD CUP 99 dataset using clustering based data mining. Int J Database Theory Appl 6(5):23–34
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications. IEEE, pp 1–6
Zainal A, Maarof MA, Shamsuddin SM (2007) Feature selection using Rough-DPSO in anomaly intrusion detection. In: International conference on computational science and its applications. Springer, Berlin, pp 512–524
Alomari O, Othman ZA (2012) Bees algorithm for feature selection in network anomaly detection. J Appl Sci Res 8(3):1748–1756
Jebur HH, Maarof MA, Zainal A (2015) Identifying generic features of KDD Cup 1999 for intrusion detection. JurnalTeknologi 74(1):1–9
Othman ZA, Muda Z, Theng LM, Othman MR (2014) Record to record feature selection algorithm for network intrusion detection. Int J Adv Comput Technol 6(2):163
Othman ZA, Theng LM, Zainudin S, Sarim HM (2013) Great Deluge algorithm feature selection for network intrusion detection. J Appl Sci Agric 8(4):322–330
Rufai KI, Muniyandi RC, Othman ZA (2014) Improving bee algorithm based feature selection in intrusion detection system using membrane computing. J Netw 9(3):523
Ibrahim LM, Basheer DT, Mahmod MS (2013) A comparison study for intrusion database (Kdd99, Nsl-Kdd) based on self organization map (SOM) artificial neural network. J Eng Sci Technol 8(1):107–119
Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31
NSL-KDD website. http://nsl.cs.unb.ca/NSL-KDD/. Accessed 20 July 2016
Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 31(3):357–374
Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 military communications and information systems conference (MilCIS). IEEE, pp 1–6
Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Secur J A Glob Perspect 25(1–3):18–31
Moustafa N, Slay J (2015) The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: 2015 4th international workshop on building analysis datasets and gathering experience returns for security (BADGERS). IEEE, pp 25–31
Sindhu SSS, Geetha S, Kannan A (2012) Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst Appl 39(1):129–141
Wang W, Zhang X, Gombault S, Knapskog SJ (2009) Attribute normalization in network intrusion detection. In: 2009 10th international symposium on pervasive systems, algorithms, and networks. IEEE, pp 448–453
Bamakan SMH, Wang H, Yingjie T, Shi Y (2016) An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing 199:90–102
Eesa AS, Orman Z, Brifcani AMA (2015) A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst Appl 42(5):2670–2679
Thaseen IS, Kumar CA (2017) Intrusion detection model using fusion of Chi square feature selection and multi class SVM. J King Saud Univ Comput Inf Sci 29(4):462–472
Raman MG, Somu N, Kirthivasan K, Liscano R, Sriram VS (2017) An efficient intrusion detection system based on hypergraph-Genetic algorithm for parameter optimization and feature selection in support vector machine. Knowl-Based Syst 134:1–12
Aburomman AA, Reaz MBI (2017) A novel weighted support vector machines multiclass classifier based on differential evolution for intrusion detection systems. Inf Sci 414:225–246
Cleetus N, Dhanya KA (2014). Multi-objective functions in particle swarm optimization for intrusion detection. In: 2014 international conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 387–392
Bamakan SMH, Wang H, Shi Y (2017) Ramp loss K-Support Vector Classification-Regression; a robust and sparse multi-class approach to the intrusion detection problem. Knowl-Based Syst 126:113–126
Garg S, Batra S (2018) Fuzzified cuckoo based clustering technique for network anomaly detection. Comput Electr Eng 71:798–817
Papamartzivanos D, Mármol FG, Kambourakis G (2018) Dendron: genetic trees driven rule induction for network intrusion detection systems. Future Gener Comput Syst 79:558–574
Khammassi C, Krichen S (2017) A GA-LR wrapper approach for feature selection in network intrusion detection. Comput Secur 70:255–277
Kumar G, Kumar K (2015) A multi-objective genetic algorithm based approach for effective intrusion detection using neural networks. In: Yager R, Reformat M, Alajlan N (eds) Intelligent methods for cyber warfare. Springer, Cham, pp 173–200
Hamed T, Dara R, Kremer SC (2018) Network intrusion detection system based on recursive feature addition and bigram technique. Comput Secur 73:137–155
Yassin W, Udzir NI, Muda Z, Sulaiman MN (2013) Anomaly-based intrusion detection through k-means clustering and naives bayes classification. In: Proceedings of 4th International Conference on Computer Informatics, ICOCI, no. 49, pp 298–303
Funding
This research has been funded by Universiti Sains Malaysia under USM Fellowship [APEX (208/AIPS/415401) and (1002/CIPS/ATSG4001)]. And by the RUI Grant, Account No. [1001/PKOMP/8014017] also under the Universiti Sains Malaysia.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Ghanem, W.A.H.M., Jantan, A. A new approach for intrusion detection system based on training multilayer perceptron by using enhanced Bat algorithm. Neural Comput & Applic 32, 11665–11698 (2020). https://doi.org/10.1007/s00521-019-04655-2
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00521-019-04655-2