A novel adaptive optimization framework for SVM hyper-parameters tuning in non-stationary environment: A case study on intrusion detection system

Abstract

Building an Intrusion Detection System (IDS) in non-stationary environment is challenging because, in such an environment, intrusion-related data grow every day. A machine learning model trained in a stationary environment where training data does not change, often fails to retain its performance in real world environment. This is because dynamism in data makes the hyper-parametric values of the underlying classifier shift in the search space. For making such a model work for intrusion detection in non-stationary environment, one must have to run hyper-parametric optimization algorithm again and again at various time instances. But the expansion of the existing data in non-stationary environment, makes such a way of tunning the hyper-parameters computationally expensive. So, there is a requirement of more adaptive and computationally efficient optimization frameworks for hyper-parameters to build IDS in non-stationary environment. This paperwork proposes a novel framework to train a Support Vector Machine (SVM) for intrusion detection by optimizing its hyper-parameters C and γ dynamically. For designing this framework, we have used Moth-Flame Optimization (MFO) as the base optimization algorithm which can be run with random initialization. Further, for utilizing the knowledge generated by running the base optimization algorithm, we have introduced two algorithms- a Lightweight MFO and a simple Knowledge-Based Search. The Lightweight MFO uses the knowledge for initializing the starting solutions and the Knowledge-Based Search uses the knowledge as search space. Based on the result of a drift detection module, the proposed framework identifies the most appropriate algorithm to be used at a particular time instance when re-training of the model is required due to the change in the data. Results have shown a significant reduction in the average time complexity of the hyper-parametric optimization process. We have evaluated our proposed framework on benchmark NSL-KDD dataset and got significantly encouraging convergence rate and detection performance. The obtained average accuracy for IDS built using our proposed framework is 97.5%. Further, we have also compared our framework by considering other metaheuristic algorithms as base optimization algorithms and found that our proposed framework, which uses MFO as a base optimization algorithm outperforms the others.