Anomaly Intrusion Detection Using SVM and C4.5 Classification With an Improved Particle Swarm Optimization (I-PSO)

Top

Introduction

Intrusion is a harmful interruption of a particular computer or a network of computers by malicious software (Malware) or data packets, which intehosseinds to weaken the integrity, confidentiality, and availability of the whole network. A remote attacker could attain access into a system illegally by handling defects in a computer program, and executing code through unauthenticated access. An intrusion detection system (IDS) is an approach for identifying malicious activity in the system, by sensing possible threat data packets passing through the system (Aburomman et al., 2016).

A review explaining the cyber kill chain models and cyber-attacks that compromise network systems was counteracted by introducing Decision Engine (DE) approaches (Moustafa et al. 2019). IDS contain a sensor in the monitored system for sensing and gathering necessary data packets. It also has an engine that could collect, analyze and configure the data, while also reporting back to the central server system about the detected threats (Amfo et al., 2018). There have been several data classification algorithms developed for machine learning and data mining purposes, like Genetic Algorithm (GA) (Aburomman et al., 2016), Support Vector Machine (SVM), Naïve Bayes, and Decision tree-based data mining algorithms like C4.5 (Aziz et al., 2017) and C5.0. Machine learning algorithms has found applications in different fields, for example, compressing data, image processing data analysis, predicting the time series and pattern recognition. A self-organizing map (SOM) was implemented by Amin Karami in 2018, a novel Anomaly Based-Intrusion Detection System was built using visualization capabilites (Karami, 2018).

Particle Swarm Optimization is a well-acknowledged feature selection technique which uses the fitness function of each particle for swarm optimization. A short study into the properties and benefits of using Particle Swarm Optimization has been given in (Al Daoud, 2013). The ablity of the PSO algorithm to outperform conventional algorithms with respect to the quality of patterns is shown in (Amfo & Hayfron-Acquah, 2018). In (Asta & Uyar 2011), three deep learning models were incorporated into an NIDS (DNN, LSTM-RNN and DBM), for the NSL-KDD and CICIDS2017 datasets and were pretrained using a PSO-based meta-heuristic algorithm. The newly acquired position of the particle is evaluated by using both the newly found velocity as well as the distances between the existing position, global best and personal best positions. In this way, the fitness function is computed for a particle among the population and the features are optimized effectively (Al Daoud, 2013). Consider an N-dimensional space where each particle could be considered a possible solution (Wang et al., 2008).

Let the position of each population particle be represented by X = X_1, X_2, X_3, X₄

The velocity of each population particle is given by V = V_1, V_2, V_3, V₄

Local memory of the best earlier position for every particle P_best is saved. Also, the global best position of each particles G_best. The P_best and G_best of each particle are used to evaluate the next best position of the particle.

V_N+1 = W * V_N – C₁ * r₁ * (P_best – x_N) + c₂ * r₂ * (G_best – x_N) // the new velocity(1) X_N+1 = X_N + V_N+1 // the new position(2)

Where c₁ and c₂ correspond to the acceleration coefficient or also called learning factors; r1 and r2 being random numbers and w is the inertia weight;