Abstract
Network security plays a critical role in our lives because of the threats and attacks to which we are exposed, which are increasing daily; these attacks result in a need to develop various protection methods and techniques. Network intrusion detection systems (NIDSs) are a way to detect malicious network attacks. Many researchers have focused on developing NIDSs based on machine learning (ML) approaches to detect diverse attack variants. ML approaches can automatically discover the essential differences between normal and abnormal data by analysing the features of a large dataset. For this purpose, many features are typically extracted without discrimination, increasing the computational complexity. Then, by applying a feature selection method, a subset of features is selected from the whole feature set with the aim of improving the performance of ML-based detection methods. The salp swarm algorithm (SSA) is a nature-inspired optimization algorithm that has demonstrated efficiency in minimizing the processing challenges faced in performing optimization for feature selection problems. This research investigates the impact of the SSA on improving ML-based network anomaly detection using various ML classifiers, including the extreme gradient boosting (XGBoost) and Naive Bayes (NB) algorithms. Experiments were conducted on standard datasets for comparison. Specifically, two datasets explicitly focused on network intrusion attacks were used: UNSW-NB15 and NSL-KDD. The experimental results show that the proposed method is more effective in improving the performance of anomaly NIDSs in terms of the F-measure, recall, detection rate, and false alarm rate on both datasets, outperforming state-of-the-art techniques recently proposed in the literature.
Highlights
Computer network protection plays an essential role regarding internal and external threats; there are various gaps that attackers can exploit to break into and access these networks to manipulate or steal sensitive information and cause considerable damage [1]
We have proposed network anomaly detection based on three phases. (i) In the first phase of efficient network anomaly detection, to achieved a high classification accuracy and increase the detection rate while reducing the false alarm rate without using excessive computational resources
The results showed the potential of the proposed model to enhance the intrusion detection efficiency and performance
Summary
Computer network protection plays an essential role regarding internal and external threats; there are various gaps that attackers can exploit to break into and access these networks to manipulate or steal sensitive information and cause considerable damage [1]. In [18], the researchers implemented five classification algorithms and examined the accuracy of their performance in the FS technique, applying XGBoost-based FS and different classification algorithms They found that the decision tree obtained the most accurate result in detecting network attacks. In [31], the authors proposed a model to detect anomaly intrusion based on the use of the mutation cuckoo fuzzy (MCF) method for selecting the best subset of features and a multiverse optimizer-artificial neural network (MVO-ANN) for the classification part. The efficiency of the proposed anomaly-based NIDS using SSA-FS and both XGBoost and NB classification algorithms is compared with some other current and new research that applied FS methods in the same area, which presents a summarization of some related work that has been compared with our proposed model. We update the number of leaders and followers to exploit and explore the search space using Equations (1) and (3),and to get the balances between exploration and exploitation search we used Equations (2).these steps are performed iteratively until the maximum number of iterations is reached to return a list of the best chosen features to be prepared for the attack detection phase
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
