A new intrusion detection system based on Moth–Flame Optimizer algorithm. (30th December 2022)
- Record Type:
- Journal Article
- Title:
- A new intrusion detection system based on Moth–Flame Optimizer algorithm. (30th December 2022)
- Main Title:
- A new intrusion detection system based on Moth–Flame Optimizer algorithm
- Authors:
- Alazab, Moutaz
Khurma, Ruba Abu
Awajan, Albara
Camacho, David - Abstract:
- Abstract: This study relies on using a Moth–Flame Optimization (MFO) method as a search algorithm and a Decision Tree (DT) as an evaluation algorithm to generate an efficient feature subset for intrusion detection systems (IDS). The target is to find a feature subset using the minimum number of traffic network features that later obtains the maximum performance by the machine algorithms used in the classification task. This depends on enhancing the MFO by adopting new operators besides the embedded spiral operator to balance the exploration and exploitation alleviating the local minima problem. The main contribution of this work is the adoption of the cosine similarity measure to binarize the continuous MFO into a binary problem. Cosine similarity overcomes the limitations of the commonly used sigmoid function that depends on using a threshold value for conversion. However, cosine similarity computes the similarity ratio between the current solution and the optimal solution. The augmented MFO wrapper framework is applied as an IDS to detect anomalous traffic in the network. The proposed method is compared against several well-known state-of-the-art algorithms on three network datasets (KDDCUPP9, NSL-KDD, and UNSW-NB15), using IDSACC, IDSTPR, IDSFPR, IDSF-score, and convergence evaluation measures to assess the performance of the proposed method. The experimental results show the superiority of the proposed cosine similarity method compared to other algorithms with anAbstract: This study relies on using a Moth–Flame Optimization (MFO) method as a search algorithm and a Decision Tree (DT) as an evaluation algorithm to generate an efficient feature subset for intrusion detection systems (IDS). The target is to find a feature subset using the minimum number of traffic network features that later obtains the maximum performance by the machine algorithms used in the classification task. This depends on enhancing the MFO by adopting new operators besides the embedded spiral operator to balance the exploration and exploitation alleviating the local minima problem. The main contribution of this work is the adoption of the cosine similarity measure to binarize the continuous MFO into a binary problem. Cosine similarity overcomes the limitations of the commonly used sigmoid function that depends on using a threshold value for conversion. However, cosine similarity computes the similarity ratio between the current solution and the optimal solution. The augmented MFO wrapper framework is applied as an IDS to detect anomalous traffic in the network. The proposed method is compared against several well-known state-of-the-art algorithms on three network datasets (KDDCUPP9, NSL-KDD, and UNSW-NB15), using IDSACC, IDSTPR, IDSFPR, IDSF-score, and convergence evaluation measures to assess the performance of the proposed method. The experimental results show the superiority of the proposed cosine similarity method compared to other algorithms with an accuracy of 97.8%, F-score of 99%, TPR of 99.6%, and FPR of 8.1% using only five selected features from the KDDCUPP99 dataset. It achieved the accuracy of 89.7%, TPR of 89.1%, FPR of 2.9%, when four selected features from the NSL-KDD dataset are used. And finally, it achieved an accuracy of 92.4%, TPR of 92.3%, FPR of 3%, and F-score 94.2% when the UNSW-NB15 dataset is used. Highlights: A revision of feature selection methods for intrusion detection systems (IDS). A wrapper approach for IDSs based on moth–flame optimizer (MFO). Adoption of the cosine similarity measure to binarize the continuous MFO. IDS framework assessment against six feature selection methods. … (more)
- Is Part Of:
- Expert systems with applications. Volume 210(2022)
- Journal:
- Expert systems with applications
- Issue:
- Volume 210(2022)
- Issue Display:
- Volume 210, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 210
- Issue:
- 2022
- Issue Sort Value:
- 2022-0210-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-12-30
- Subjects:
- Intrusion detection systems -- Feature selection -- Sigmoid function -- Cosine similarity -- Moth–Flame Optimization algorithm
Expert systems (Computer science) -- Periodicals
Systèmes experts (Informatique) -- Périodiques
Electronic journals
006.33 - Journal URLs:
- http://www.sciencedirect.com/science/journal/09574174 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.eswa.2022.118439 ↗
- Languages:
- English
- ISSNs:
- 0957-4174
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3842.004220
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23967.xml