Intrusion detection in networks using crow search optimization algorithm with adaptive neuro-fuzzy inference system

doi:10.1016/j.micpro.2020.103261

Microprocessors and Microsystems

Volume 79, November 2020, 103261

https://doi.org/10.1016/j.micpro.2020.103261 Get rights and content

Abstract

Intrusion detection system has become the fundamental part for the network security and essential for network security because of the expansion of attacks which causes many issues. This is because of the broad development of internet and access to data systems around the world. For detecting the abnormalities present in the network or system, the intrusion detection system (IDS) is used. Because of the large volume of data, the network gets expanded with false alarm rate of intrusion and detection accuracy decreased. This is one of the significant issues when the network experiences unknown attacks. The principle objective was to expand the accuracy and reduce the false alarm rate (FAR). To address the above difficulties the proposed with Crow Search Optimization algorithm with Adaptive Neuro-Fuzzy Inference System (CSO-ANFIS) is used. The ANFIS is the combination of fuzzy interference system and artificial neural network, and to enhance the performance of the ANFIS model the crow search optimization algorithm is used to optimize the ANFIS. The NSL-KDD data set was used to validate the performance of intrusion detection of the proposed model and the experiment results are compared with other existing techniques for overall performance validation. The results of the intrusion detection based on the NSL-KDD dataset was better and efficient compared with those models because the detection rate was 95.80% and the FAR result was 3.45%.

Introduction

Recently, the communication over internet has become more extensive and the requirement of data security over network is essential. For detecting the abnormalities present in the network or system, the IDS is used. Because of the large volume of data, the network gets expanded with false alarm rate of intrusion and detection accuracy gets decreased. This is another significant issue once the network experiences unknown attacks. The principle intention was to expand the accuracy and reduce the FAR. To address these difficulties, the proposed Crow Search Optimization algorithm with Adaptive Neuro-Fuzzy Inference System (CSO-ANFIS) is used.

The conception of IDS was first presented by Anderson in 1980 and is acquainted with the network system by Heberlein in 1990. An IDS is a mechanism or tool utilized to avoid unapproved access and for detecting attacks over a system or a network by determining the activity in the system or in the network [1]. The IDS is utilized to monitor the malignant traffic in a specific node and network. It could play as a second line of defence that could protect the network from attackers. Intrusion is an undesirable or malevolent action that was dangerous for sensor nodes. IDS can be a hardware or software tools [12]. IDS may review and analyse machines and activities of user, identify signatures of known attacks and detect malignant network action. The purpose of IDS was to check the networks and nodes, identify different interruptions in the network, and notify the user after interruptions had been identified [2].

The IDS functions as an alarm or network perceiver. It prevents from harm to the system by creating a notification before the intruders start to attack. It could distinguish both inside and outside attacks. Internal attacks were started by malignant or undermined nodes which are segment of the network during external attacks were initiated by third parties who are started by the external networks. IDS distinguish the packets of the network and decide if they are real users or intruders. There are mostly three parts of IDS: Monitoring, Analysis and detection, and Alarm. The monitoring module observes the network traffic, resources and patterns. Analysis and Detection are the key part of IDS that identifies the attacks as per specific algorithm. The alarm module rises an alert when the intrusion is determined [3].

Generally, IDS perform based on two particular strategies, i.e., statistical anomalies and pattern matching. The pattern matching was called misuse based or signature-based IDS that can find the known attack patterns as their signatures have saved in the IDS database. The primary drawback of pattern matching was its inadequacy to distinguish obscure attacks in which the signatures were not in the database of IDS. While, in the statistical anomaly-based system known as anomaly-based IDS (AIDS), normal behaviour patterns have saved in the IDS database. In these frameworks, all activities over the network were observed and considered precisely, any changes from normal patterns were considered as an attack where the IDS produce an alert to indicate security manager of network regarding the recently distinguished intrusions. The primary benefit of AIDS was its capacity to recognize unknown attack. It must be noticed that every single strange pattern might be labeled as a potential attack regardless of whether they are not attacks; hence, FP will be higher in those methods [4].

A normal IDS is made out of sensors, an analysis engine, and a reporting system. Sensors were placed at various network locations or host and its primary objective was to gather information. The information gathered are transmitted to the analysis engine, which was capable to analyze the gathered information and identify intrusions. Once an intrusion is identified by the analysis engine, the reporting system produces a notification to the administrator of network. IDS was classified as Host-based IDS (HIDS) and Network-based IDS (NIDS) [5].

The implement of IDS relies upon environment. The NIDS absorbs traffic packets of network to identify intrusions and malignant attacks. The NIDS might be hardware or else software-based system. The HIDS was developed to be implement on a single system and to secure the system from malignant attacks which could damage its OS or information. The HIDS normally relies upon features in the host condition, like the log-files in a PC. These features or metrics were utilized as input to the HIDS decision engine. Along these, feature extraction from the host environment functions as the reason for any HIDS [6].

The remaining work is presented as follows: section 2 represents the discussion of work related to intrusion detection, section 3 represents the proposed methodology, section 4 represents the dataset description and results, and section 5 represents the conclusion and future work.

Section snippets

Related works and analysis

IDS are fundamental to data security. It is essential that IDS speed up identification maximum by decreasing storage and computation. Wei Liu et al. used membership function of fuzzy that could detect the noises and support vectors dispersed on the boundary dependent on support vector data description. Support vectors were produced bigger weight coefficients while noises were produced lower coefficients. Thus, the technique avoids the defect of FSVM dependent on the distance among the sample

Adaptive neuro-fuzzy inference system- ANFIS

ANFIS was a fusion of a fuzzy inference system (FIS) and ANN which has the benefits of both ANN and FIS. In ANFIS architecture, ANN extricates fuzzy rules from input information and the fuzzy membership function's parameters were adaptably utilized during the process of hybrid learning. ANFIS could create a relation among input and output dependent on human knowledge utilizing data pairs of input-output and applying an algorithm based on hybrid learning. ANFIS was a sort of multilayer

Results and discussion

The performance analysis was carried out using MATLAB simulink tool. The simulation was performed in MATLAB using the NSL-KDD dataset.

Conclusion

In this research, the intrusion detection system issues are presented and various techniques for solving the issues were discussed. ANFIS based intrusion detection was a system proposed to detect attacks in networks. Because the ANFIS, the combination of fuzzy interference model and ANN which has more advantages over other techniques. Additionally, the crow search optimization CSO algorithm was used to optimize the ANFIS model to enhance its performance over the intrusion detection which is an

Declaration of Competing Interest

The authors declare the following financial interests/personal relationships which may be considered as potential competing interests.

References (27)

Alireza Askarzadeh
A novel metaheuristic method for solving constrained engineering optimization problems: Crow search algorithm
Comput. Struct.
(June 2016)
K Ansam et al.
Survey of intrusion detection systems: techniques, datasets and challenges
Cybersecurity
(2019)
H Vajiheh et al.
A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection
Comput. Netw.
(2018)
A Mohammed H et al.
A new intrusion detection system based on fast learning network and particle swarm optimization
IEEE Access
(2018)
K Revathi G et al.
Hybrid intrusion detection using machine learning for wireless sensor networks
Int. J. Innov. Technol. Explor. Eng.
(2019)
A Anish H et al.
Machine learning based intrusion detection system
Vinayakumar
Deep learning approach for intelligent intrusion detection system
IEEE Access
(2019)
L Wei et al.
A new method of fuzzy support vector machine algorithm for intrusion detection
Appl. Sci., MDPI J.
(2020)
R Saoreen et al.
ANFIS based cyber physical attack detection system
A Alireza
A novel metaheuristic method for solving constrained engineering optimization problems: Crow search algorithm
Comput. Struct.
(2016)

L Dhanabal et al.

A study on NSL-KDD dataset for intrusion detection system based on classification algorithms

Int. J. Adv. Res. Comput. Commun. Eng.

(2015)

B Suresh et al.

Intrusion detection in IoT based smart networks using fuzzy brain storm optimization technique

Int. J. Eng. Adv. Technol. (IJEAT

(August 2019)

M. Shanmuganathan et al.

Review of advanced computational approaches on multiple sclerosis segmentation and classification

IET Signal Process.

(2020)

Cited by (56)

Intrusion Detection using hybridized Meta-heuristic techniques with Weighted XGBoost Classifier
2023, Expert Systems with Applications
Due to the widespread global internet services, service providers and users face a primary problem defending their systems, specifically from a new category of attacks and breaches. Network Intrusion Detection system (NIDS) assesses the network packets and reports low-security violations to respective system administrators. In the case of large imbalance datasets with more non-relevant features, the accuracy in classifying ad predicting precise intrusions needs to be improved. Moreover, most state-of-art intrusion-detection models based on machine learning may face high false-positive rates, imbalanced data with low training performance, low accuracy in detection, and complexity in optimization of feature selection aiding classification for impersonation attacks. Hence to overcome those complications, the present study deliberates an efficient IDS Modified Wrapper-based Whale Sine–cosine algorithm (MWWSCA) with Weighted Extreme Gradient Boosting (XgBoost) Classifier. The proposed model hybridizes the modified wrapper Whale Optimization approach and Sine–Cosine algorithm feature selection method to pick out the most discriminative, associated, and approximate best optimal features, enhancing the quality of prediction, not to fall on towards optimal local solution. Moreover, it balances out the exploitation and exploration phase of the model. However, the algorithm’s performance may decline on classifying the multi-attack and binary attacks accurately and may be prone to an imbalance in classes; thus, a Weighted XGBoost classifier with regularization of the loss function is implemented in binary and multi-classification. It utilizes the best optimal features, assign high weights to weak minor class features, and handles class imbalance issues. Overfitting of the model is tackled through regularization in the loss function during the stage of feature classification. The experimental outcomes and comparative assessment, in multi-class and binary attack classification from UNSW-NB15 and CICIDS datasets, explicated outperforming results with high accuracy, Precision, Recall, and F1-Score metrics.
Fuzzy logic-based DDoS attacks and network traffic anomaly detection methods: Classification, overview, and future perspectives
2023, Information Sciences
Nowadays, cybersecurity challenges and their ever-growing complexity are the main concerns for various information technology-driven organizations and companies. Although several intrusion detection systems have been introduced in an attempt to deal with zero-day cybersecurity attacks, computer systems are still highly vulnerable to various types of distributed denial of service (DDoS) attacks. This complicated cyber-attack caused many system failures and service disruptions, resulting in billions of dollars of financial loss and irrecoverable reputation damage in recent years. Considering the nonnegligible importance of business continuity in the Industry 4.0 era, this paper presents a comprehensive, systematic survey of DDoS attacks. It also proposes a hierarchy for this severe cyber threat, besides conducting deep comparisons from various perspectives between the studies published by reputed venues in this area. Furthermore, this paper recommends the most effective defensive strategies, with a focus on recently offered fuzzy-based detection methods, to mitigate such threats and bridge the gaps existing in the current intrusion detection systems and related works. The outcomes and key findings of this survey paper are highly advantageous for private companies, enterprises, and government agencies to be implemented in their local or global businesses to significantly improve business sustainability.
SPA-IDS: An intelligent intrusion detection system based on vertical mode decomposition and iterative feature selection in computer networks
2023, Microprocessors and Microsystems
Citation Excerpt :
An alarm is generated when there is a deviation from "normal behavior". The biggest advantage of anomaly-based intrusion detection systems is that they can detect unknown attacks [1,5–12] As systems and applications evolve and grow, new vulnerabilities arise.
Ensuring the security of critical infrastructures and information systems has always been a challenging problem. Intrusion Detection Systems (IDS) have become an indispensable element in ensuring the security of network structures and information systems. it is important to increase the intrusion detection performance of IDS systems. Although a lot of work has been done to improve IDS systems, there are still many shortcomings. In this study, a new Switch port anomaly based IDS (SPA-IDS) dataset is proposed for IDS systems. The data is taken over switch ports with normal internet traffic. This research presents a new automated intrusion classification model using the collected signals. These signals acquired from layer 2. The presented automated classification model consists of feature generation using vertical mode decomposition (VMD) and statistics, iterative feature selection and classification phases. These phases are given as follows. (i) VMD is applied to the acquired signals and five VMD coefficients are obtained. 15 statistical moments are applied to signal and the calculated VMD coefficients. (ii) Iterative feature selection is applied to extracted features and the most valuable features are selected. (iii) The chosen features are classified using decision tree (DT), bagged tree (BT), support vector machine (SVM) and k nearest neighbor (KNN) machine learning methods with ten-fold cross validation. The presented VMD and iterative feature selection based model attained 87.25%, 95.98%, 96.51% and 97.74% accuracies by employing KNN, SVM, DT and BT classifiers consecutively. After the attack categorization process in the second phase of the study, the same classifiers success rates reached 96.65%, 98.52%, 98.39% and 99.11%, respectively. The calculated/obtained accuracies obviously denotes the success of the presented VMD and iterative feature selection based intrusion detection system. Owing to the method presented in this study, we propose an effective and fast IDS approach by analyzing the packets received at layer-2 in order to prevent attacks from the network.
NIDS-FLGDP: Network Intrusion Detection Algorithm Based on Gaussian Differential Privacy Federated Learning
2024, Journal of Circuits, Systems and Computers
A Systematic Literature Review on Swarm Intelligence Based Intrusion Detection System: Past, Present and Future
2024, Archives of Computational Methods in Engineering
An Enhanced Hybrid Intrusion Detection Based on Crow Search Analysis Optimizations and Artificial Neural Network
2024, Wireless Personal Communications

View all citing articles on Scopus

Dr. Manimurugan S is currently serving as an Associate Professor in the Department of Computer Engineering, Faculty of Computers and Information Technology, University of Tabuk, Tabuk City, Saudi Arabia. He has 13 years of Teaching and Research experience which has helped him gain immense knowledge in myriad fields of Computer Science and Engineering. He attained his Bachelor's degree from Anna University, Chennai, India, and Master's degree from Karunya Institute of Technology and Sciences, India, both in first-class. His doctoral thesis titled "Certain Investigations on Medical Image Encryption and Compression" was highly acclaimed by examiners in which he was awarded Ph.D. from Anna University, Chennai, India in May 2012, and he earned 9.0 CGPA in the Ph.D. course work examinations.

He has published more than 80 research papers in several international, national Journals and international conferences which are indexed by ISI, Thomson Reuters/Clarivate Analytics, Scopus, and IEEE. He has served as a guest editor and reviewer for various national and international journals such as Elsevier, Springer, IEEE, Bentham Science, etc., He had received a many grants and patents from the various govetment bodies such as Department of Science and Technology (DST), New Delhi, India, Ministry of Higher eduation Saudi Arabia.

He is currently working (Research Areas) in Security, Cybersecurity, Internet of things, Image Compression, Context Aware System and Artificial Intelligence. Besides, he is very much interested in website designing as well. He is a life member of the Indian Society for Technical Education (ISTE) and a member of the IEEE. He has organized and attended many IEEE conferences, seminars, faculty development programs, workshops of both National and International level. He has secured the best class award given by ACE (Association of Computer Engineers), Karunya Institute of Technology and Sciences (Deemed to be University), India in 2011.

He has assigned various academic and research posts such as Principal In-charge, Head of the Department, Foreign Examiner and Indian Examiner for the Ph.D. program in various Indian Universities, IEEE conference chair and Advisory committee, Exam Coordinator, Consultancy In-charge, ISTE In-charge, PG Campus Management System (CMS) Coordinator and Disciplinary Committee member, Council member of the University Website and ranking improvement, etc.

View full text

Intrusion detection in networks using crow search optimization algorithm with adaptive neuro-fuzzy inference system

Abstract

Introduction

Section snippets

Related works and analysis

Adaptive neuro-fuzzy inference system- ANFIS

Results and discussion

Conclusion

Declaration of Competing Interest

Comput. Struct.

Survey of intrusion detection systems: techniques, datasets and challenges

Cybersecurity

A hybrid intrusion detection system based on ABC-AFS algorithm for misuse and anomaly detection

Comput. Netw.

A new intrusion detection system based on fast learning network and particle swarm optimization

IEEE Access

Hybrid intrusion detection using machine learning for wireless sensor networks

Int. J. Innov. Technol. Explor. Eng.

Machine learning based intrusion detection system

Deep learning approach for intelligent intrusion detection system

IEEE Access

A new method of fuzzy support vector machine algorithm for intrusion detection

Appl. Sci., MDPI J.

ANFIS based cyber physical attack detection system

A novel metaheuristic method for solving constrained engineering optimization problems: Crow search algorithm