An efficient anomaly intrusion detection method with evolutionary neural network

Anomaly-based intrusion detection plays a vital role in protecting networks against malicious activities. Despite all the strengths of the anomaly detection systems, there are still drawbacks that reduce the performance of the system. One of the technical challenges is to examine a large amount of data which makes a large number of computations and low detection rates problematic. Another critical issue in anomaly detection is to produce a high false alarm rate that reduce the efficiency of the system. In recent years, detection methods based on machine learning techniques are widely deployed in order to improve the efficiency of anomaly-based detection. Among these techniques, Artificial Neural Network-Multilayer Perceptron (ANN-MLP) is one of the significant used techniques that has been successful in solving many complex practical problems. However, ANN-MLP without activation function would simply be a linear regression model which has limitation and does not perform well most of the times. Although activation functions are important for MLP to learn but for nonlinear complex functional mappings it has complicated calculation which reduces the accuracy of classification. To overcome the aforementioned issues, in this research proposed anomaly based detection is designed with Evolutionary Neural Network (ENN) by three different detection methods. The first anomaly detection method is designed using a new feature selection technique called Mutation Cuckoo Fuzzy (MCF) and evolutionary neural network classification called MultiVerse Optimizer- Artificial Neural Network (MVO-ANN) to improve the performance and execution time. The second anomaly detection method is the Evolutionary Kernel Neural Network Random Weights (EKNNRW) in order to increase the accuracy of classification. The third proposed method is a new Evolutionary Neural Network (ENN) algorithm with a combination of Genetic Algorithm and Multiverse Optimizer (GAMVO) as a training part of ANN to create efficient anomaly-based detection with low false alarm rate. The proposed methods have been applied to the problem of intrusion detection and validated based on the famous dataset NSL-KDD. Based on the first method, the result of execution time for the proposed method (MCF & MVO-ANN) is 60.33s, while previous research (MVO-ANN) indicates 163.07s in second. Furthermore, performance of proposed method is much improved as compared to previous research. In the second method (EKNNRW), accuracy obtained 99.24% whereas accuracy in previous research was 98.03%. The experiment results show that not only accuracy also detection rate and false alarm rate have had an exhibitive improve. The third proposed method (GAMVO-ANN) obtained detection rate and false alarm rate of 98.65% and 0.012% respectively which outperforming the previous research and the two previous methods proposed in this research. Several directions can be taken to extend this work such as a combination of an IDS with the IPS system to be capable of dropping or blocking network connections that are determined too risky, extend the model for multi-class classification problems and using hybrid IDS (combining anomaly and signature-based detection systems) to respond to wider ranges of intrusions and increase the level of security of a network.

Text FSKTM 2020 17 ir.pdf Download (1MB)

Actions (login required)

View Item