Article Preview
TopIntroduction
The intrusion detection system (IDS) is one of the most crucial techniques proposed for data integrity and confidentiality (Sahar et al., 2020). Several modern techniques (Kumar et al., 2019) existing in the literature address these issues, such as deep learning, support vector machines, k-means, clustering, outliers, random forest, aggregation, genetic algorithm (GA), and artificial immune (AI) systems (Castillo-Zúñiga et al., 2020; Tewari & Gupta, 2020).
Redundant attributes are bound to affect the rate of IDS when facing substantial data volumes with multiple attributes (Sahoo & Gupta, 2021). Therefore, the features selection algorithm (FSA) plays an important role and is the key phase in data preprocessing (Anupama et al., 2021; Lv et al., 2020; Zhang et al., 2021).
To solve these problems, the K-means algorithm was used to develop a training data set, and then a multi-layer hybrid intrusion detection model improved intrusion classification (Alyaseen et al., 2017). Wu et al. (2020) proposed a network intrusion detection method based on semantic re-encoding (SR) and deep learning to improve the detection speed. Chou et al. (2020) adopted an incremental approach to choose the minimal Redundancy-Maximal Relevance (mRMR) criterion, which is used to calculate the mean value of redundant attributes to reduce the effects of β. The advantage of the mRMR criterion is that with lower computational resources, we can get the best features; the drawback is that there are more differences in information entropy. Fatemeh et al. (2011) improved the MIFS, MIFS -u, and mRMR algorithms to reduce the effects among attributes due to the mutual information deviation. They proposed a normalized mutual antibodies information entropy feature selection (NMIFS) algorithm, which had a higher performance for feature selection. Nguyen et al. (2017) designed a mutual information feature selection (MIFS) algorithm; however, with the number of features increasing, MIFS may choose some redundant features. Huang et al. (2017) adopted FMIFS and quantum wavelet neural network (QWNN) to reduce network logs’ redundant attributes, improving the algorithm’s speed. So we adopted the NMAIFS to reduce the redundant attributes of network logs to increase the speed of IDS. On the other hand, the appropriate classifier greatly influences the anomaly detection performance (Alshdadi et al., 2021; Madan & Bhatia, 2021).
Lee and Park (2019) designed an auto-encoder-conditional and the generative adversarial networks and random forest (AE-CGAN-RF), auto-encoder-conditional method was used to reduce the redundant attributes, and a random forest was used to classify the intrusion. Feng and Dou (2021) gave an intrusion detection model based on dynamic weighted values (WIDMoDS). The hierarchical clustering algorithm with evaluation indexes was adopted to get the weight values, and the voting algorithm with weight values was used to classify the detected data.
To improve the adaptive performance, resistance to competition, and online learning ability of IDS, AI is used in intrusion detection research. Naila et al. (2020) designed a negative selection for network anomaly detection (NSNAD), and they improved the negative selection algorithm to get the anonymous detection classifier. Sahar et al. gave an internet of things intrusion detection system based on AI using deep learning (DL) and dendritic cells algorithm (DCA) to identify internet invasions and reduce the false positives rate. Yang et al. (2019) proposed an effective IDS using the Modified Density Peak Clustering Algorithm and Deep Belief Networks (MDPCA-DBN); they used the MDPCA and A-DBN to reduce the size of the training set, solve the imbalance of samples, and therefore improve the detection efficiency. Song et al. (2018) proposed an anti-adversarial hidden Markov model for network-based intrusion detection (AA-HMM). Ehsan et al. (2021) proposed a new complex mixed artificial immune intrusion detection system; the system integrated the negative selection algorithm (NSA) and the DCA for detectors. Chou et al. (2020) used AI and the parallel automaton (PA) method to design a high adaptive hybrid intrusion detection algorithm; the state automaton theory was used to define the different data states; the artificial immune algorithm was used to convert the states. Xi et al. (2021) introduced immune adaptive and feedback mechanism to build a multi-source neighborhood immune detector adaptive model (MS-NIDAM). As a result, the detectors can be adaptively evolved in a more targeted search domain. These algorithms can generally improve the adaptive performance of intrusion detection, but for the limitations of antibodies, which may lead to local convergence (Yilei et al., 2021).