Abstract
During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks. Indeed, it is difficult to provide secure information systems and to maintain them in a secure state during their lifetime. An IDS is a device or software application that monitors network or system activities for malicious task or policy violations and produces reports to a management station. A metaheuristic is a high-level problem independent algorithmic framework. These are problem-independent techniques and do not take advantage of any specificity of the problem. The main aim of meta-heuristic algorithms is to quickly find solution to a problem. This solution may not be the best of all possible solutions to the problem but still they stand valid as they do not require excessively long time to be solved. Firefly Algorithm is one of the new metaheuristic algorithms for optimization problems inspired by the flashing behavior of fireflies. In this work, a new algorithm for anomaly detection has been introduced which is a hybridization of K-Means and Firefly Algorithm. The algorithm uses clustering to build the training model and uses classification to evaluate on the test set. The subject algorithm is evaluated on the NSL-KDD dataset, which is quite impressive. Further, a comparison study has been performed between the newly developed algorithm with other clustering algorithms including K-Means + Cuckoo, K-Means + Bat, K-Means, K-Means++, Canopy and Farthest First. The results show that K-Means + Firefly and K-Means + Bat outperforms by a huge margin.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Ambusaidi MA, He X, Nanda P, Tan Z (2016) Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput 65(10):2986–2998
Fister I, Yang XS, Brest J (2013) Modified firefly algorithm using quaternion representation. Expert Syst Appl 40(18):7220–7230
Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The WEKA data mining software: an update. ACM SIGKDD Explor Newsl 11(1):10–18
Kayacik HG, Zincir-Heywood AN, Heywood MI (2005). Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the third annual conference on privacy, security and trust, Oct 2005
Kolias C, Kambourakis G, Maragoudakis M (2011) Swarm intelligence in intrusion detection: a survey. Comput Secur 30(8):625–642
Laftah Al-Yaseen W, Ali Othman Z, Ahmad Nazri MZ (2015) Hybrid modified-means with C4. 5 for intrusion detection systems in multiagent systems. Sci World J. doi:10.1155/2015/294761
McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans on Inf Syst Secur 3(4):262–294
Mukherjee S, Sharma N (2012) Intrusion detection using naive Bayes classifier with feature reduction. Procedia Technol 4:119–128
NSL KDD dataset (2009) https://web.archive.org/web/20150205070216/http://nsl.cs.unb.ca/NSL-KDD, Mar 2009
Pal SK, Rai CS, Singh AP (2012) Comparative study of firefly algorithm and particle swarm optimization for noisy non-linear optimization problems. Int J Intell Syst Appl 4(10):50
Pan W, Li W (2005) A hybrid neural network approach to the classification of novel attacks for intrusion detection. In: International symposium on parallel and distributed processing and applications. Springer, Berlin, pp 564–575, Nov 2005
Panda M, Patra M (2009) A novel classification via clustering method for anomaly based network intrusion detection system. Int J Recent Trends Eng 2(1):1–6
Qin Y, Yang B, Xu G, Hou W (2007) Research on evolutionary immune mechanism in KDD. In: Proceedings of intelligent systems and knowledge engineering, pp 94–99
Ravale U, Marathe N, Padiya P (2015) Feature selection based hybrid anomaly intrusion detection system using K means and RBF kernel function. Proc Comput Sci 45:428–435
Revathi S, Malathi A (2013) A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int J Eng Res Technol 2:1848–1853
Song D, Heywood MI, Zincir-Heywood AN (2003) A linear genetic programming approach to intrusion detection. In: Genetic and evolutionary computation conference. Springer Berlin, pp 2325–2336, July 2003
Song J, Zhu Z, Price C (2014) Feature grouping for intrusion detection system based on hierarchical clustering. In: Teufel S, Min TA, You I, Weippl E (eds) Availability, reliability, and security in information systems. CD-ARES 2014. Lecture Notes in Computer Science, vol 8708. Springer, Cham, pp 270–280, September 2014
Stolfo SJ, Fan W, Lee W, Prodromidis A, Chan PK (2000) Cost-based modeling for fraud and intrusion detection: results from the JAM project. In: DARPA information survivability conference and exposition, 2000. DISCEX’00. Proceedings, vol 2. IEEE, pp 130–144
Tan Z, Jamdagni A, He X, Nanda P, Liu RP, Hu J (2015) Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans Comp 64(9):2519–2533
Tang R, Fong S, Yang XS, Deb S (2012) Integrating nature-inspired optimization algorithms to K-means clustering. In: Seventh international conference on digital information management (ICDIM), pp 116–123. IEEE, Aug 2012
Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: IEEE symposium on computational intelligence for security and defense applications, 2009. CISDA 2009. IEEE, pp 1–6, July 2009
Wang Q, Megalooikonomou V (2005). A clustering algorithm for intrusion detection. In: Defense and security. International Society for Optics and Photonics, pp 31–38, Mar 2005
Yang XS (2010) Firefly algorithm, Levy flights and global optimization. In: Research and development in intelligent systems, XXVI. Springer, London, pp 209–218
Yang XS, He X (2013) Firefly algorithm: recent advances and applications. Int J Swarm Intell 1(1):36–50
Zhong S, Khoshgoftaar TM, Seliya N (2007) Clustering-based network intrusion detection. Int J Reliab Qual Saf Eng 14(02):169–187
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kaur, A., Pal, S.K. & Singh, A.P. Hybridization of K-Means and Firefly Algorithm for intrusion detection system. Int J Syst Assur Eng Manag 9, 901–910 (2018). https://doi.org/10.1007/s13198-017-0683-8
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13198-017-0683-8