TSE-IDS: A Two-Stage Classifier Ensemble for Intelligent Anomaly-based Intrusion Detection System

Intrusion detection systems (IDS) play a pivotal role in computer security by discovering and repealing malicious activities in computer networks. Anomaly-based IDS, in particular, rely on classification models trained using historical data to discover such malicious activities. In this paper, an improved IDS based on hybrid feature selection and two-level classifier ensembles is proposed. An hybrid feature selection technique comprising three methods, i.e. particle swarm optimization, ant colony algorithm, and genetic algorithm, is utilized to reduce the feature size of the training datasets (NSL-KDD and UNSW-NB15 are considered in this paper). Features are selected based on the classification performance of a reduced error pruning tree (REPT) classifier. Then, a two-level classifier ensembles based on two meta learners, i.e., rotation forest and bagging, is proposed. On the NSL-KDD dataset, the proposed classifier shows 85.8% accuracy, 86.8% sensitivity, and 88.0% detection rate, which remarkably outperform other classification techniques recently proposed in the literature. Results regarding the UNSW-NB15 dataset also improve the ones achieved by several state of the art techniques. Finally, to verify the results, a two-step statistical significance test is conducted. This is not usually considered by IDS research thus far and, therefore, adds value to the experimental results achieved by the proposed classifier

Tom and Jerry Based Multipath Routing with Optimal K-medoids for choosing Best Clusterhead in MANET

Given the unpredictable nature of a MANET, routing has emerged as a major challenge in recent years. For effective routing in a MANET, it is necessary to establish both the route discovery and the best route selection from among many routes. The primary focus of this investigation is on finding the best path for data transmission in MANETs. In this research, we provide an efficient routing technique for minimising the time spent passing data between routers. Here, we employ a routing strategy based on Tom and Jerry Optimization (TJO) to find the best path via the MANET's routers, called Ad Hoc On-Demand Distance Vector (AODV). The AODV-TJO acronym stands for the suggested approach. This routing technique takes into account not just one but three goal functions: total number of hops. When a node or connection fails in a network, rerouting must be done. In order to prevent packet loss, the MANET employs this rerouting technique. Analyses of AODV-efficacy TJO's are conducted, and results are presented in terms of energy use, end-to-end latency, and bandwidth, as well as the proportion of living and dead nodes. Vortex Search Algorithm (VSO) and cuckoo search are compared to the AODV-TJO approach in terms of performance. Based on the findings, the AODV-TJO approach uses 580 J less energy than the Cuckoo search algorithm when used with 500 nodes

Differential Evolution in Wireless Communications: A Review

Differential Evolution (DE) is an evolutionary computational method inspired by the biological processes of evolution and mutation. DE has been applied in numerous scientific fields. The paper presents a literature review of DE and its application in wireless communication. The detailed history, characteristics, strengths, variants and weaknesses of DE were presented. Seven broad areas were identified as different domains of application of DE in wireless communications. It was observed that coverage area maximisation and energy consumption minimisation are the two major areas where DE is applied. Others areas are quality of service, updating mechanism where candidate positions learn from a large diversified search region, security and related field applications. Problems in wireless communications are often modelled as multiobjective optimisation which can easily be tackled by the use of DE or hybrid of DE with other algorithms. Different research areas can be explored and DE will continue to be utilized in this contex

Machine learning for network based intrusion detection: an investigation into discrepancies in findings with the KDD cup '99 data set and multi-objective evolution of neural network classifier ensembles from imbalanced data.

For the last decade it has become commonplace to evaluate machine learning techniques for network based intrusion detection on the KDD Cup '99 data set. This data set has served well to demonstrate that machine learning can be useful in intrusion detection. However, it has undergone some criticism in the literature, and it is out of date. Therefore, some researchers question the validity of the findings reported based on this data set. Furthermore, as identified in this thesis, there are also discrepancies in the findings reported in the literature. In some cases the results are contradictory. Consequently, it is difficult to analyse the current body of research to determine the value in the findings. This thesis reports on an empirical investigation to determine the underlying causes of the discrepancies. Several methodological factors, such as choice of data subset, validation method and data preprocessing, are identified and are found to affect the results significantly. These findings have also enabled a better interpretation of the current body of research. Furthermore, the criticisms in the literature are addressed and future use of the data set is discussed, which is important since researchers continue to use it due to a lack of better publicly available alternatives. Due to the nature of the intrusion detection domain, there is an extreme imbalance among the classes in the KDD Cup '99 data set, which poses a significant challenge to machine learning. In other domains, researchers have demonstrated that well known techniques such as Artificial Neural Networks (ANNs) and Decision Trees (DTs) often fail to learn the minor class(es) due to class imbalance. However, this has not been recognized as an issue in intrusion detection previously. This thesis reports on an empirical investigation that demonstrates that it is the class imbalance that causes the poor detection of some classes of intrusion reported in the literature. An alternative approach to training ANNs is proposed in this thesis, using Genetic Algorithms (GAs) to evolve the weights of the ANNs, referred to as an Evolutionary Neural Network (ENN). When employing evaluation functions that calculate the fitness proportionally to the instances of each class, thereby avoiding a bias towards the major class(es) in the data set, significantly improved true positive rates are obtained whilst maintaining a low false positive rate. These findings demonstrate that the issues of learning from imbalanced data are not due to limitations of the ANNs; rather the training algorithm. Moreover, the ENN is capable of detecting a class of intrusion that has been reported in the literature to be undetectable by ANNs. One limitation of the ENN is a lack of control of the classification trade-off the ANNs obtain. This is identified as a general issue with current approaches to creating classifiers. Striving to create a single best classifier that obtains the highest accuracy may give an unfruitful classification trade-off, which is demonstrated clearly in this thesis. Therefore, an extension of the ENN is proposed, using a Multi-Objective GA (MOGA), which treats the classification rate on each class as a separate objective. This approach produces a Pareto front of non-dominated solutions that exhibit different classification trade-offs, from which the user can select one with the desired properties. The multi-objective approach is also utilised to evolve classifier ensembles, which yields an improved Pareto front of solutions. Furthermore, the selection of classifier members for the ensembles is investigated, demonstrating how this affects the performance of the resultant ensembles. This is a key to explaining why some classifier combinations fail to give fruitful solutions

Swarm intelligence and its applications to wireless ad hoc and sensor networks.

Swarm intelligence, as inspired by natural biological swarms, has numerous powerful properties for distributed problem solving in complex real world applications such as optimisation and control. Swarm intelligence properties can be found in natural systems such as ants, bees and birds, whereby the collective behaviour of unsophisticated agents interact locally with their environment to explore collective problem solving without centralised control. Recent advances in wireless communication and digital electronics have instigated important changes in distributed computing. Pervasive computing environments have emerged, such as large scale communication networks and wireless ad hoc and sensor networks that are extremely dynamic and unreliable. The network management and control must be based on distributed principles where centralised approaches may not be suitable for exploiting the enormous potential of these environments. In this thesis, we focus on applying swarm intelligence to the wireless ad hoc and sensor networks optimisation and control problems. Firstly, an analysis of the recently proposed particle swarm optimisation, which is based on the swarm intelligence techniques, is presented. Previous stability analysis of the particle swarm optimisation was restricted to the assumption that all of the parameters are non random since the theoretical analysis with the random parameters is difficult. We analyse the stability of the particle dynamics without these restrictive assumptions using Lyapunov stability and passive systems concepts. The particle swarm optimisation is then used to solve the sink node placement problem in sensor networks. Secondly, swarm intelligence based routing methods for mobile ad hoc networks are investigated. Two protocols have been proposed based on the foraging behaviour of biological ants and implemented in the NS2 network simulator. The first protocol allows each node in the network to choose the next node for packets to be forwarded on the basis of mobility influenced routing table. Since mobility is one of the most important factors for route changes in mobile ad hoc networks, the mobility of the neighbour node using HELLO packets is predicted and then translated into a pheromone decay as found in natural biological systems. The second protocol uses the same mechanism as the first, but instead of mobility the neighbour node remaining energy level and its drain rate are used. The thesis clearly shows that swarm intelligence methods have a very useful role to play in the management and control iv problems associated with wireless ad hoc and sensor networks. This thesis has given a number of example applications and has demonstrated its usefulness in improving performance over other existing methods