Distributed-Intrusion Detection System Using Combination of Ant Colony Optimization (ACO) and Support Vector Machine (SVM)

Abstract

Intrusion Detection System (IDS) are playing a very substantial role in protecting computer networks. Still conventional IDS finds itself limited when it comes to distribute intrusion detection. An intruder may conceal its origin of attack by moving from node to node in a network. In order to conquer these limitations, alerts are to be exchanged and correlated in distributed intrusion detection system (DIDS) in a cooperative manner. Because of diversity of network behavior and high growth in development of new types of attacks, intrusion detection algorithm based on fast machine learning methods are of great significance to reduce the false alarm rates with high accuracy of detection rate. This work proposes using a DIDS model for data collection across the network and a hybrid method that classifies the network activities collected in the DIDS model as normal and abnormal. This hybrid method is a combination of popular machine learning algorithms Support Vector Machine (SVM) and Ant Colony Optimization (ACO) which is to be used on a model for DIDS. Also it can detect unseen attacks of intrusion with high detection rate with minimal misclassification. Experiments show that usage of hybrid method on the DIDS model is superior to that of SVM alone or ACO alone both in terms of run-time efficiency and detection rate.