New hybrid method for attack detection using combination of evolutionary algorithms, SVM, and ANN

Abstract

Intrusion detection systems (IDS) have been playing an important role for providing security of computer networks. They detect different types of attacks and malicious software usage, which sometimes cannot be identified by firewalls. Based on machine learning algorithms, many IDS have been extended to classify network traffic as normal or abnormal. This paper describes a new hybrid intrusion detection method with two phases - a feature selection phase and an attack detection phase. In the feature selection phase, a wrapper technique, namely MGA-SVM, is used. This technique combines features of support vector machine (SVM) and the genetic algorithm with multi-parent crossover and multi-parent mutation (MGA). In the attack detection phase, an artificial neural network (ANN) is used to detect attacks. For improving its performance, a combination of a hybrid gravitational search (HGS) and a particle swarm optimization (PSO) is used to train the classifier. The proposed hybrid method is thus called MGA-SVM-HGS-PSO-ANN. It's performance is compared with other popular techniques such as Chi-SVM, ANN based on gradient descent (GD-ANN) and decision tree (DT), ANN based on genetic algorithm (GA-ANN), ANN based on combining gravitational search (GS) and PSO (GSPSO-ANN), ANN based on PSO (PSO-ANN), and ANN based on GS (GS-ANN). Using the NSL-KDD dataset as a standard benchmark for attack detection evaluation, the obtained test results show that the proposed MGA-SVM-HGS-PSO-ANN method can attain a maximum detection accuracy of 99.3%, dimension reduction of NSL-KDD from 42 to 4 features, and needs only 3 s as maximum training time.