Feature selection for intrusion detection based on an improved rime optimization algorithm
Abstract
With the rapid development of information technology, cybersecurity issues have become increasingly prominent, posing serious threats to national security, economic growth, and personal privacy. Intrusion detection systems have been widely applied to ensure network security and prevent malicious cyber-attacks. In intrusion detection, redundant and irrelevant features not only slow down the classification process but also hinder classifiers from making accurate decisions, resulting in decreased system performance. Addressing the problem of low accuracy in intrusion detection systems due to high-dimensional datasets, we propose a network intrusion detection method based on an enhanced Rime Optimization Algorithm for feature selection. Firstly, building upon the traditional Rime Optimization Algorithm, we introduce Cauchy mutation and differential mutation operations to improve both global and local search capabilities. Cauchy mutation introduces a heavy-tailed distribution to increase the probability of escaping local optima, while differential mutation, through the differential operator, further enhances solution diversity and algorithm convergence speed. Combining the two mutation operations, the optimization algorithm achieves a good balance between global search and local search, effectively avoids premature convergence and falling into local optimum, and effectively improves the feature selection results. Secondly, the improved Rime optimization algorithm (IRIME) was applied to the feature selection process of intrusion detection system, and it was combined with the decision tree classifier to construct a wrapper feature selection algorithm, which could directly optimize the classification task and avoid the mismatch between feature selection and classifier. The optimized algorithm can quickly select the most representative feature subset from the high-dimensional feature space, significantly reducing the computational cost. At the same time, the selected feature subset can more accurately reflect the inherent law of the data set, thereby improving the prediction accuracy of the classifier. Finally, NSL-KDD and UNSW-NB15 datasets were used for performance evaluation. Experimental results show that compared with several feature selection algorithms, the proposed method achieves the best binary classification performance after feature selection. Specifically, it is superior to other algorithms in terms of precision, accuracy, F1 score and recall of all evaluation metrics.
References
1. N. Sun, M. Ding, J. Jiang, et al., “Cyber threat intelligence mining for proactive cybersecurity defense: a survey and new perspectives,” IEEE Communications Surveys & Tutorials, vol. 25, no. 3, pp. 1748-1774, May. 2023.
2. S. Mohammadi, H. Mirvaziri, M. Ghazizadeh-Ahsaee, H. Karimipour, “Cyber intrusion detection by combined feature selection algorithm,” Journal of Information Security and Applications, vol. 44, pp. 80-88, Feb. 2019.
3. S. Solorio-Fernández, J. A. Carrasco-Ochoa, J. F. Martínez-Trinidad, “A review of unsupervised feature selection methods,” Artificial Intelligence Review, vol. 53, no. 2, pp. 907-948, Jan. 2020.
4. J. M. Valls, R. Aler, I. M. Galván, D. Camacho, “Supervised data transformation and dimensionality reduction with a 3-layer multi-layer perceptron for classification problems,” Journal of Ambient Intelligence and Humanized Computing, vol. 12, no. 4, pp. 10515–10527, Jan. 2021.
5. R. Abu Khurma, I. Aljarah, A. Sharieh, M. Abd Elaziz, R. Damaševičius, T. Krilavičius, “A review of the modification strategies of the nature inspired algorithms for feature selection problem,” Mathematics, vol. 10, no. 3, pp. 464, Jan. 2022.
6. R. A. Khurma, I. Aljarah, A. Sharieh, “Rank based moth flame optimisation for feature selection in the medical application,” in Proc. of the IEEE congress on evolutionary computation, Glasgow, UK, 2020, pp. 1–8.
7. A. Martín, R. Lara-Cabrera, D. Camacho, “Android malware detection through hybrid features fusion and ensemble classifiers: the AndroPyTool framework and the OmniDroid dataset,” Information Fusion, vol. 52, no. 4, pp. 128–142, Dec. 2019.
8. Z. A. A. Alyasseri, A. T. Khader, M. A. Al-Betar, X. S. Yang, et al. “Multi-objective flower pollination algorithm: a new technique for EEG signal denoising,” Neural Computing and Applications, vol. 35, pp. 7943–7962, Jan. 2022.
9. J. Fierrez, A. Morales, R. Vera-Rodriguez, D. Camacho, “Multiple classifiers in biometrics. part 1: Fundamentals and review,” Information Fusion, vol. 44, pp. 57–64, Nov. 2018.
10. R. A. Khurma, H. Alsawalqah, I. Aljarah, M. A. Elaziz, R. Damaševičius, “An enhanced evolutionary software defect prediction method using island moth flame optimization,” Mathematics, vol. 9, no.15, pp. 1722, Jul. 2021.
11. G. J. Lee, G. Li, D. Camacho, J. J. Jung, “Discovering synergic association by feature clustering from soccer players,” in Proc. of the Int. Conf. on research in adaptive and convergent systems, New York, NY, USA, 2020, pp. 107–112.
12. R. Abu Khurma, I. Almomani, I. Aljarah, “IoT botnet detection using salp swarm and ant lion hybrid optimization model,” Symmetry, vol. 13, no. 8, pp. 1377, Jul. 2021.
13. A. Al Shorman, H. Faris, I. Aljarah, “Unsupervised intelligent system based on one class support vector machine and grey wolf optimization for IoT botnet detection,” Journal of Ambient Intelligence and Humanized Computing, vol. 11, pp. 2809–2825, Jul. 2019.
14. J. Kennedy, R. Eberhart. “Particle swarm optimization,” in Proc. of the ICNN'95- Int. Conf. on neural networks, Perth, WA, Australia, 1995, pp. 1942-1948.
15. S. Mirjalili, S. M. Mirjalili, A. Lewis, “Grey wolf optimizer,” Advances in engineering software, vol. 69, pp. 46-61, Mar. 2014.
16. A. A. HEIDARI, S. MIRJALILI, H. FARIS, et al., “Harris hawks optimization: algorithm and applications,” Future Generation Computer Systems, vol. 97, pp. 849-872, Aug. 2019.
17. S. Mirjalili, S. M. Mirjalili, A. Hatamlou, “Multi-Verse Optimizer: a nature-inspired algorithm for global optimization,” Neural Computing and Applications, vol. 27, no. 2, pp. 495-513, 2016.
18. A. E. Takieldeen, E. S. M. El-kenawy, M. Hadwan, M. Hadwan, R. M. Zaki, “Dipper throated optimization algorithm for unconstrained function and feature selection,” Comput. Mater. Contin, vol. 72, pp. 1465-1481, 2022.
19. H. Su, D. Zhao, A. A. Heidari, et al., “RIME: A physics-based optimization,” Neurocomputing, vol. 532, pp. 183-214, May. 2023.
20. M. Alazab, “Automated malware detection in mobile app stores based on robust feature generation,” Electronics, vol. 9, no. 3, pp. 435, Mar. 2020.M.
21. M. Alazab, S. Alhyari, A. Awajan, A. B. Abdallah, “Blockchain technology in supply chain management: an empirical study of the factors affecting user adoption/acceptance,” Cluster Computing, vol. 24, no. 1, pp. 83–101, Mar. 2021.
22. R. A. Khurma, I. Aljarah, A. Sharieh, M. A. Elaziz, R. Damaševičius, T. Krilavičius, “A review of the modification strategies of the nature inspired algorithms for feature selection problem,” Mathematics, vol. 10, no. 3, pp. 464, 2022.
23. Y. Xue, T. Tang, W. Pang, A. X. Liu, “Self-adaptive parameter and strategy based particle swarm optimization for large-scale feature selection problems with multiple classifiers,” Applied Soft Computing, vol. 88, pp. 106031, Mar. 2020.
24. K. Chen, B. Xue, M. Zhang, F. Zhou, “Correlation-guided updating strategy for feature selection in classification with surrogate-assisted particle swarm optimization,” IEEE Transactions on Evolutionary Computation, vol. 26, no. 5, pp. 1015-1029, Oct. 2022.
25. M. S. Bonab, A. Ghaffari, F. S. Gharehchopogh, P. Alemi, “A wrapper-based feature selection for improving performance of intrusion detection systems,” International Journal of Communication Systems, vol. 33, no. 12, pp. e4434, Apr. 2020.
26. Y. Zhou, G. Cheng, S. Jiang, M. Dai, “Building an efficient intrusion detection system based on feature selection and ensemble classifier,” Computer Networks, vol. 174, pp. 107247, Jun. 2020.
27. A. Fatani, A. Dahou, M. A. Al-Qaness, S. Lu, M. A. Elaziz, “Advanced feature extraction and selection approach using deep learning and aquila optimizer for IoT intrusion detection system,” Sensors, vol. 22, no. 1, pp. 140, 2022.
28. A. Mojtahedi, F. Sorouri, A. N. Souha, A. Molazadeh, S. S. Mehr, “Feature selection-based intrusion detection system using genetic whale optimization algorithm and sample-based classification,” arXiv preprint arXiv:2201.00584, 2022. doi: 10.48550/arXiv.2201.00584.
29. A. Nazir, R. A. Khan, “A novel combinatorial optimization based feature selection method for network intrusion detection,” Computers & Security, vol. 102, pp. 102164, Mar. 2021.
30. M. Maazalahi, S. Hosseini, “K-means and meta-heuristic algorithms for intrusion detection systems,” Cluster Computing, pp. 1-43, May. 2024.
31. A. R. Al Shorman, H. Faris, P. Castillo, J. Merelo Guervs, N. Al-Madi, “The influence of input data standardization methods on the prediction accuracy of genetic programming generated classifiers,” in Proc. IJCCI, 2018, pp. 79-85.
32. N. Moustafa, J. Slay, “A hybrid feature selection for network intrusion detection systems: Central points,” arXiv preprint arXiv:1707.05505, 2017. doi: 50/arXiv.1707.05505.
33. S. Aljawarneh, M. Aldwairi, M. B. Yassein, “Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model,” Journal of Computational Science, vol. 25, pp. 152-160, Mar. 2018.
34. A. Tama, M. Comuzzi, K.-H. Rhee, “Tse-ids: A two-stage classifier ensemble for intelligent anomaly-based intrusion detection system,” IEEE Access, vol. 7, pp. 94497–94507, 2019.
35. H. Alazzam, A. Sharieh, K. E. Sabri, “A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer,” Expert systems with applications, vol. 148, pp. 113249, Jun. 2020.
36. M. Alazab, R. A. Khurma, A. Awajan, D. Camacho, “A new intrusion detection system based on Moth-Flame Optimizer algorithm,” Expert Systems with Applications, vol. 210, pp. 118439, Dec. 2022.
37. V. Kumar, D. Sinha, A. K. Das, S. C. Pandey, R. T. Goswami, “An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset,” Cluster Computing, vol. 23, no. 2, pp. 1397-1418, Jun. 2020.
Copyright (c) 2024 Qingyuan Peng, Xiaofeng Wang, Ao Tang
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright on all articles published in this journal is retained by the author(s), while the author(s) grant the publisher as the original publisher to publish the article.
Articles published in this journal are licensed under a Creative Commons Attribution 4.0 International, which means they can be shared, adapted and distributed provided that the original published version is cited.