Skip to main content
SpringerLink
Log in

A new approach for intrusion detection system based on training multilayer perceptron by using enhanced Bat algorithm

  • Original Article
  • Published:
Neural Computing and Applications Aims and scope Submit manuscript

Abstract

The most pressing issue in network security is the establishment of an approach that is capable of detecting violations in computer systems and networks. There have been several efforts for improving it from various points of view. One example is the improvement of the classification of packets on the network, which is imperative in detecting abnormal traffic and hence any potential intrusion. Thus, this study proposes a new approach for intrusion detection that is implemented using an enhanced Bat algorithm (EBat) for training an artificial neural network. The goal of the current study is to increase the accuracy of the classification for malicious and un-malicious network traffic. The proposed study herein includes a comparison with nine other metaheuristic algorithms (conventional and new algorithms) that are used to evaluate the new approach alongside the related works. Firstly, the EBat algorithm was developed and used to select suitable weights and biases. Next, the neural network was employed using the found optimal weights and biases to realize the intrusion detection approach. Four types of intrusion detection evaluation datasets were used to compare the proposed approach against the other algorithms. The findings revealed that the proposed method outperformed the other nine classification algorithms and it is unparalleled for the network intrusion detection.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10

Similar content being viewed by others

References

  1. Anderson JP (1980) Computer security threat monitoring and surveillance. James P. Anderson Co., Fort Washington

    Google Scholar 

  2. Denning DE (1987) An intrusion-detection model. IEEE Trans Softw Eng 2:222–232

    Google Scholar 

  3. Ghanem WAH, Belaton B (2013) Improving accuracy of applications fingerprinting on local networks using NMAP-AMAP-ETTERCAP as a hybrid framework. In: 2013 IEEE international conference on control system, computing and engineering. IEEE, pp 403–407

  4. Kevric J, Jukic S, Subasi A (2017) An effective combining classifier approach using tree algorithms for network intrusion detection. Neural Comput Appl 28(1):1051–1058

    Google Scholar 

  5. Patcha A, Park JM (2007) An overview of anomaly detection techniques: existing solutions and latest technological trends. Comput Netw 51(12):3448–3470

    Google Scholar 

  6. Lu H, Setiono R, Liu H (1996) Effective data mining using neural networks. IEEE Trans Knowl Data Eng 8(6):957–961

    Google Scholar 

  7. Bhardwaj AK, Singh M (2015) Data mining-based integrated network traffic visualization framework for threat detection. Neural Comput Appl 26(1):117–130

    Google Scholar 

  8. Agrawal R, Imielinski T, Swami A (1993) Database mining: a performance perspective. IEEE Trans Knowl Data Eng 5(6):914–925

    Google Scholar 

  9. Zhang W, Wei D (2018) Prediction for network traffic of radial basis function neural network model based on improved particle swarm optimization algorithm. Neural Comput Appl 29(4):1143–1152

    Google Scholar 

  10. Zhang C, Jiang J, Kamel M (2003) Comparison of BPL and RBF network in intrusion detection system. In: International workshop on rough sets, fuzzy sets, data mining, and granular-soft computing. Springer, Berlin, pp 466–470

  11. Jiang J, Zhang C, Kamel M (2003) RBF-based real-time hierarchical intrusion detection systems. In: Proceedings of the international joint conference on neural networks, 2003, vol 2. IEEE, pp 1512–1516

  12. Alauthaman M, Aslam N, Zhang L, Alasem R, Hossain MA (2018) A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks. Neural Comput Appl 29(11):991–1004

    Google Scholar 

  13. Ghosh AK, Schwartzbard A (1999) A study in using neural networks for anomaly and misuse detection. In: USENIX security symposium, vol 99, p 12

  14. Li H (2016) Research on prediction of traffic flow based on dynamic fuzzy neural networks. Neural Comput Appl 27(7):1969–1980

    Google Scholar 

  15. Fox K (1990) A neural network approach towards intrusion detection. Technicla report

  16. Wang W, Guan X, Zhang X, Yang L (2006) Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data. Comput Secur 25(7):539–550

    Google Scholar 

  17. Han SJ, Cho SB (2005) Evolutionary neural networks for anomaly detection based on the behavior of a program. IEEE Trans Syst Man Cybern B (Cybern) 36(3):559–570

    Google Scholar 

  18. Li K, Teng G (2006) Unsupervised SVM Based on p-kernels for Anomaly Detection. In: 1st international conference on innovative computing, information and control-volume I (ICICIC’06), vol 2. IEEE, pp 59–62

  19. Aslahi-Shahri BM, Rahmani R, Chizari M, Maralani A, Eslami M, Golkar MJ, Ebrahimi A (2016) A hybrid method consisting of GA and SVM for intrusion detection system. Neural Comput Appl 27(6):1669–1676

    Google Scholar 

  20. Catania CA, Bromberg F, Garino CG (2012) An autonomous labeling approach to support vector machines algorithms for network traffic anomaly detection. Expert Syst Appl 39(2):1822–1829

    Google Scholar 

  21. Shon T, Moon J (2007) A hybrid machine learning approach to network anomaly detection. Inf Sci 177(18):3799–3821

    Google Scholar 

  22. Zhang Z, Shen H (2004) Online training of SVMs for real-time intrusion detection. In: 18th international conference on advanced information networking and applications, 2004. AINA 2004, vol 1. IEEE, pp 568–573

  23. Martens D, Baesens B, Fawcett T (2011) Editorial survey: swarm intelligence for data mining. Mach Learn 82(1):1–42

    MathSciNet  Google Scholar 

  24. Kolias C, Kambourakis G, Maragoudakis M (2011) Swarm intelligence in intrusion detection: a survey. Comput Secur 30(8):625–642

    Google Scholar 

  25. Bishop CM (2006) Pattern recognition and machine learning. Springer, Berlin

    MATH  Google Scholar 

  26. Ozturk C, Karaboga D (2011) Hybrid artificial bee colony algorithm for neural network training. In: 2011 IEEE congress of evolutionary computation (CEC). IEEE, pp 84–88

  27. Yao X (1999) Evolving artificial neural networks. Proc IEEE 87(9):1423–1447

    Google Scholar 

  28. Sheikhan M, Rad MS (2013) Gravitational search algorithm–optimized neural misuse detector with selected features by fuzzy grids–based association rules mining. Neural Comput Appl 23(7–8):2451–2463

    Google Scholar 

  29. Socha K, Blum C (2007) An ant colony optimization algorithm for continuous optimization: application to feed-forward neural network training. Neural Comput Appl 16(3):235–247

    Google Scholar 

  30. Mehrotra K, Mohan CK, Ranka S (1997) Elements of artificial neural networks. MIT Press, Cambridge

    MATH  Google Scholar 

  31. Hush DR, Horne BG (1993) Progress in supervised neural networks. IEEE Signal Process Mag 10(1):8–39

    Google Scholar 

  32. Karaboga D, Akay B, Ozturk C (2007) Artificial bee colony (ABC) optimization algorithm for training feed-forward neural networks. In: International conference on modeling decisions for artificial intelligence. Springer, Berlin, pp 318–329

  33. Carvalho M, Ludermir TB (2006) Hybrid training of feed-forward neural networks with particle swarm optimization. In: International conference on neural information processing. Springer, Berlin, pp 1061–1070

  34. Meissner M, Schmuker M, Schneider G (2006) Optimized particle swarm optimization (OPSO) and its application to artificial neural network training. BMC Bioinform 7(1):125

    Google Scholar 

  35. Michailidis E, Katsikas SK, Georgopoulos E (2008) Intrusion detection using evolutionary neural networks. In: 2008 Panhellenic conference on informatics, pp 8–12

  36. Moradi M, Zulkernine M (2004) A neural network based system for intrusion detection and classification of attacks. In: Proceedings of the IEEE international conference on advances in intelligent systems, pp 15–18

  37. Ghanem WA, Jantan A (2019) An enhanced Bat algorithm with mutation operator for numerical optimization problems. Neural Comput Appl 31(1):617–651

    Google Scholar 

  38. Ojha VK, Abraham A, Snášel V (2017) Metaheuristic design of feedforward neural networks: a review of two decades of research. Eng Appl Artif Intell 60:97–116

    Google Scholar 

  39. Yu J, Xi L, Wang S (2007) An improved particle swarm optimization for evolving feedforward artificial neural networks. Neural Process Lett 26(3):217–231

    Google Scholar 

  40. Lam HK, Ling SH, Leung FH, Tam PKS (2001) Tuning of the structure and parameters of neural network using an improved genetic algorithm. In: IECON’01. 27th annual conference of the IEEE industrial electronics society (Cat. No. 37243), vol 1. IEEE, pp 25–30

  41. Mizuta S, Sato T, Lao D, Ikeda M, Shimizu T (2001) Structure design of neural networks using genetic algorithms. Complex Syst 13(2):161–176

    MathSciNet  MATH  Google Scholar 

  42. Wang T, Wei L, Ai J (2015) Improved BP neural network for intrusion detection based on AFSA. In: 2015 international symposium on computers and informatics. Atlantis Press

  43. Shi L, Yang Y, Lv J (2015). PCA-PSO-BP neural network application in IDS. In: 2015 international power, electronics and materials engineering conference. Atlantis Press

  44. Sheikhan M, Jadidi Z (2014) Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network. Neural Comput Appl 24(3–4):599–611

    Google Scholar 

  45. Tian W, Liu J (2010) Network intrusion detection analysis with neural network and particle swarm optimization algorithm. In: 2010 Chinese control and decision conference. IEEE, pp 1749–1752

  46. Wang L, Yu G, Wang G, Wang D (2001) Method of evolutionary neural network-based intrusion detection. In: 2001 international conferences on Info-Tech and Info-Net. Proceedings (Cat. No. 01EX479), vol 5. IEEE, pp 13–18

  47. Xu R, An R, Geng X (2011) Research intrusion detection based PSO-RBF classifier. In: 2011 IEEE 2nd international conference on software engineering and service science. IEEE, pp 104–107

  48. Ali GA, Jantan A (2011) A new approach based on honeybee to improve intrusion detection system using neural network and bees algorithm. In: International conference on software engineering and computer systems. Springer, Berlin, pp 777–792

  49. Liu SH, Mernik M, HrnčIč D, Črepinšek M (2013) A parameter control method of evolutionary algorithms using exploration and exploitation measures with a practical application for fitting Sovova’s mass transfer model. Appl Soft Comput 13(9):3792–3805

    Google Scholar 

  50. Črepinšek M, Liu SH, Mernik M (2013) Exploration and exploitation in evolutionary algorithms: a survey. ACM Comput Surv (CSUR) 45(3):35

    MATH  Google Scholar 

  51. Al-Betar MA (2017) β-Hill climbing: an exploratory local search. Neural Comput Appl 28(1):153–168

    Google Scholar 

  52. Ghanem WA, Jantan A (2018) Hybridizing artificial bee colony with monarch butterfly optimization for numerical optimization problems. Neural Comput Appl 30(1):163–181

    Google Scholar 

  53. Wang G, Guo L (2013) A novel hybrid bat algorithm with harmony search for global numerical optimization. J Appl Math 2013:1–21

    MathSciNet  MATH  Google Scholar 

  54. Ghanem WAH, Jantan A (2014) Using hybrid artificial bee colony algorithm and particle swarm optimization for training feed-forward neural networks. J Theor Appl Inf Technol 67(3):664–674

    Google Scholar 

  55. Ghanem WAH, Jantan A (2014). Swarm intelligence and neural network for data classification. In: 2014 IEEE international conference on control system, computing and engineering (ICCSCE 2014). IEEE, pp 196–201

  56. Mirjalili S, Hashim SZM, Sardroudi HM (2012) Training feedforward neural networks using hybrid particle swarm optimization and gravitational search algorithm. Appl Math Comput 218(22):11125–11137

    MathSciNet  MATH  Google Scholar 

  57. Ghanem WAH, Jantan A (2018) New approach to improve anomaly detection using a neural network optimized by hybrid ABC and PSO algorithms. Pak J Stat 34(1):1–14

    MathSciNet  Google Scholar 

  58. Zhang JR, Zhang J, Lok TM, Lyu MR (2007) A hybrid particle swarm optimization–back-propagation algorithm for feedforward neural network training. Appl Math Comput 185(2):1026–1037

    MATH  Google Scholar 

  59. Mirjalili S, Mirjalili SM, Lewis A (2014) Let a biogeography-based optimizer train your multi-layer perceptron. Inf Sci 269:188–209

    MathSciNet  Google Scholar 

  60. Mirjalili S (2015) How effective is the Grey Wolf optimizer in training multi-layer perceptrons. Appl Intell 43(1):150–161

    Google Scholar 

  61. Faris H, Aljarah I, Mirjalili S (2016) Training feedforward neural networks using multi-verse optimizer for binary classification problems. Appl Intell 45(2):322–332

    Google Scholar 

  62. Özgür A, Erdem H (2016) A review of KDD99 dataset usage in intrusion detection and machine learning between 2010 and 2015. PeerJ Prepr 4:e1954v1

    Google Scholar 

  63. Ji H, Kim D, Shin D, Shin D (2017) A study on comparison of KDD CUP 99 and NSL-KDD using artificial neural network. In: Park J, Loia V, Yi G, Sung Y (eds) Advances in computer science and ubiquitous computing. Springer, Singapore, pp 452–457

    Google Scholar 

  64. Lee W, Stolfo SJ (2000) A framework for constructing features and models for intrusion detection systems. ACM Trans Inf Syst Secur (TiSSEC) 3(4):227–261

    Google Scholar 

  65. Onut IV, Ghorbani AA (2007) A feature classification scheme for network intrusion detection. IJ Netw Secur 5(1):1–15

    Google Scholar 

  66. Siddiqui MK, Naahid S (2013) Analysis of KDD CUP 99 dataset using clustering based data mining. Int J Database Theory Appl 6(5):23–34

    Google Scholar 

  67. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE symposium on computational intelligence for security and defense applications. IEEE, pp 1–6

  68. Zainal A, Maarof MA, Shamsuddin SM (2007) Feature selection using Rough-DPSO in anomaly intrusion detection. In: International conference on computational science and its applications. Springer, Berlin, pp 512–524

  69. Alomari O, Othman ZA (2012) Bees algorithm for feature selection in network anomaly detection. J Appl Sci Res 8(3):1748–1756

    Google Scholar 

  70. Jebur HH, Maarof MA, Zainal A (2015) Identifying generic features of KDD Cup 1999 for intrusion detection. JurnalTeknologi 74(1):1–9

    Google Scholar 

  71. Othman ZA, Muda Z, Theng LM, Othman MR (2014) Record to record feature selection algorithm for network intrusion detection. Int J Adv Comput Technol 6(2):163

    Google Scholar 

  72. Othman ZA, Theng LM, Zainudin S, Sarim HM (2013) Great Deluge algorithm feature selection for network intrusion detection. J Appl Sci Agric 8(4):322–330

    Google Scholar 

  73. Rufai KI, Muniyandi RC, Othman ZA (2014) Improving bee algorithm based feature selection in intrusion detection system using membrane computing. J Netw 9(3):523

    Google Scholar 

  74. Ibrahim LM, Basheer DT, Mahmod MS (2013) A comparison study for intrusion database (Kdd99, Nsl-Kdd) based on self organization map (SOM) artificial neural network. J Eng Sci Technol 8(1):107–119

    Google Scholar 

  75. Ahmed M, Mahmood AN, Hu J (2016) A survey of network anomaly detection techniques. J Netw Comput Appl 60:19–31

    Google Scholar 

  76. NSL-KDD website. http://nsl.cs.unb.ca/NSL-KDD/. Accessed 20 July 2016

  77. Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 31(3):357–374

    Google Scholar 

  78. Moustafa N, Slay J (2015) UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 military communications and information systems conference (MilCIS). IEEE, pp 1–6

  79. Moustafa N, Slay J (2016) The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf Secur J A Glob Perspect 25(1–3):18–31

    Google Scholar 

  80. Moustafa N, Slay J (2015) The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In: 2015 4th international workshop on building analysis datasets and gathering experience returns for security (BADGERS). IEEE, pp 25–31

  81. Sindhu SSS, Geetha S, Kannan A (2012) Decision tree based light weight intrusion detection using a wrapper approach. Expert Syst Appl 39(1):129–141

    Google Scholar 

  82. Wang W, Zhang X, Gombault S, Knapskog SJ (2009) Attribute normalization in network intrusion detection. In: 2009 10th international symposium on pervasive systems, algorithms, and networks. IEEE, pp 448–453

  83. Bamakan SMH, Wang H, Yingjie T, Shi Y (2016) An effective intrusion detection framework based on MCLP/SVM optimized by time-varying chaos particle swarm optimization. Neurocomputing 199:90–102

    Google Scholar 

  84. Eesa AS, Orman Z, Brifcani AMA (2015) A novel feature-selection approach based on the cuttlefish optimization algorithm for intrusion detection systems. Expert Syst Appl 42(5):2670–2679

    Google Scholar 

  85. Thaseen IS, Kumar CA (2017) Intrusion detection model using fusion of Chi square feature selection and multi class SVM. J King Saud Univ Comput Inf Sci 29(4):462–472

    Google Scholar 

  86. Raman MG, Somu N, Kirthivasan K, Liscano R, Sriram VS (2017) An efficient intrusion detection system based on hypergraph-Genetic algorithm for parameter optimization and feature selection in support vector machine. Knowl-Based Syst 134:1–12

    Google Scholar 

  87. Aburomman AA, Reaz MBI (2017) A novel weighted support vector machines multiclass classifier based on differential evolution for intrusion detection systems. Inf Sci 414:225–246

    Google Scholar 

  88. Cleetus N, Dhanya KA (2014). Multi-objective functions in particle swarm optimization for intrusion detection. In: 2014 international conference on advances in computing, communications and informatics (ICACCI). IEEE, pp 387–392

  89. Bamakan SMH, Wang H, Shi Y (2017) Ramp loss K-Support Vector Classification-Regression; a robust and sparse multi-class approach to the intrusion detection problem. Knowl-Based Syst 126:113–126

    Google Scholar 

  90. Garg S, Batra S (2018) Fuzzified cuckoo based clustering technique for network anomaly detection. Comput Electr Eng 71:798–817

    Google Scholar 

  91. Papamartzivanos D, Mármol FG, Kambourakis G (2018) Dendron: genetic trees driven rule induction for network intrusion detection systems. Future Gener Comput Syst 79:558–574

    Google Scholar 

  92. Khammassi C, Krichen S (2017) A GA-LR wrapper approach for feature selection in network intrusion detection. Comput Secur 70:255–277

    Google Scholar 

  93. Kumar G, Kumar K (2015) A multi-objective genetic algorithm based approach for effective intrusion detection using neural networks. In: Yager R, Reformat M, Alajlan N (eds) Intelligent methods for cyber warfare. Springer, Cham, pp 173–200

    Google Scholar 

  94. Hamed T, Dara R, Kremer SC (2018) Network intrusion detection system based on recursive feature addition and bigram technique. Comput Secur 73:137–155

    Google Scholar 

  95. Yassin W, Udzir NI, Muda Z, Sulaiman MN (2013) Anomaly-based intrusion detection through k-means clustering and naives bayes classification. In: Proceedings of 4th International Conference on Computer Informatics, ICOCI, no. 49, pp 298–303

Download references

Funding

This research has been funded by Universiti Sains Malaysia under USM Fellowship [APEX (208/AIPS/415401) and (1002/CIPS/ATSG4001)]. And by the RUI Grant, Account No. [1001/PKOMP/8014017] also under the Universiti Sains Malaysia.

Author information

Authors and Affiliations

  1. School of Computer Science, Universiti Sains Malaysia, Gelugor, Pulau Pinang, Malaysia

    Waheed A. H. M. Ghanem & Aman Jantan

  2. Faculty of Education-Saber, University of Aden, Saber, Yemen

    Waheed A. H. M. Ghanem

  3. Faculty of Engineering, University of Aden, Aden, Yemen

    Waheed A. H. M. Ghanem

Authors
  1. Waheed A. H. M. Ghanem
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aman Jantan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Waheed A. H. M. Ghanem.

Ethics declarations

Conflict of interest

The authors declare that they have no conflict of interest.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ghanem, W.A.H.M., Jantan, A. A new approach for intrusion detection system based on training multilayer perceptron by using enhanced Bat algorithm. Neural Comput & Applic 32, 11665–11698 (2020). https://doi.org/10.1007/s00521-019-04655-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00521-019-04655-2

Keywords

Search

Navigation