Research on hybrid intrusion detection based on improved Harris Hawk optimization algorithm

Abstract

Aiming at the problem of low detection accuracy of network traffic data types by traditional intrusion detection methods, we propose an improved Harris Hawk hybrid intrusion detection method to enhance the detection capability. The improved Harris Hawk optimization algorithm is used as a feature selection scheme to reduce the impact of redundant and noisy features on the performance of the classification model. The algorithm introduces the singer map to initialise the population, uses multi-information fusion to obtain the best prey position, and applies the sine function-based escape energy to execute a prey search strategy to obtain the optimal subset of features. In addition, the original data is preprocessed by the k-nearest neighbour and deep denoising autoencoder (KNN-DDAE) to relieve the imbalance problem of the network traffic data. Finally, a deep neural network (DNN) is used to complete the classification. Simulation experiments are conducted on the dataset NSL-KDD, KDD CUP99, and UNSW-NB15. The results show that our feature selection and data balancing scheme greatly improves the detection accuracy. In addition, the detection performance of this method is better than the current popular intrusion detection schemes.