GA-PSO-Optimized Neural-Based Control Scheme for Adaptive Congestion Control to Improve Performance in Multimedia Applications

Active queue control aims to improve the overall communication network throughput while providing lower delay and small packet loss rate. The basic idea is to actively trigger packet dropping (or marking provided by explicit congestion notification (ECN)) before buffer overflow. In this paper, two artificial neural networks (ANN)-based control schemes are proposed for adaptive queue control in TCP communication networks. The structure of these controllers is optimized using genetic algorithm (GA) and the output weights of ANNs are optimized using particle swarm optimization (PSO) algorithm. The controllers are radial bias function (RBF)-based, but to improve the robustness of RBF controller, an error-integral term is added to RBF equation in the second scheme. Experimental results show that GA- PSO-optimized improved RBF (I-RBF) model controls network congestion effectively in terms of link utilization with a low packet loss rate and outperform Drop Tail, proportional-integral (PI), random exponential marking (REM), and adaptive random early detection (ARED) controllers.Comment: arXiv admin note: text overlap with arXiv:1711.0635

Flow-based anomaly detection in high-speed links using modified GSA-optimized neural network

Ever growing Internet causes the availability of information. However, it also provides a suitable space for malicious activities, so security is crucial in this virtual environment. The network intrusion detection system (NIDS) is a popular tool to counter attacks against computer networks. This valuable tool can be realized using machine learning methods and intrusion datasets. Traditional datasets are usually packet-based in which all network packets are analyzed for intrusion detection in a time-consuming process. On the other hand, the recent spread of 1-10-Gbps-technologies have clearly pointed out that scalability is a growing problem. In this way, flow-based solutions can help to solve the problem by reduction of data and processing time, opening the way to high-speed detection on large infrastructures. Besides, NIDS should be capable of detecting new malicious activities. Artificial neural network-based NIDSs can detect unseen attacks, so a multi-layer perceptron (MLP) neural classifier is used in this study to distinguish benign and malicious traffic in a flow-based NIDS. In this way, a modified gravitational search algorithm (MGSA), as a modern heuristic technique, is employed to optimize the interconnection weights of the neural anomaly detector. The proposed scheme is trained using an enhanced version of the first labeled flow-based dataset for intrusion detection introduced in 2009. In addition, the particle swarm optimization (PSO) algorithm and traditional error back-propagation (EBP) algorithm are employed to train MLP, so performance comparison becomes possible. The experimental results based on the actual network data show that the MGSA-optimized neural anomaly detector is effective for monitoring abnormal traffic flows in the gigabytes traffic environment, and the accuracy is about 97.8 %.</p

Intrusion detection using reduced-size RNN based on feature grouping

Intrusion detection is well-known as an essential component to secure the systems in Information and Communication Technology (ICT). Based on the type of analyzing events, two kinds of Intrusion Detection Systems (IDS) have been proposed: anomaly-based and misuse-based. In this paper, three-layer Recurrent Neural Network (RNN) architecture with categorized features as inputs and attack types as outputs of RNN is proposed as misuse-based IDS. The input features are categorized to basic features, content features, time-based traffic features, and host-based traffic features. The attack types are classified to Denial-of-Service (DoS), Probe, Remote-to-Local (R2L), and User-to-Root (U2R). For this purpose, in this study, we use the 41 features per connection defined by International Knowledge Discovery and Data mining group (KDD). The RNN has an extra output which corresponds to normal class (no attack). The connections between the nodes of two hidden layers of RNN are considered partial. Experimental results show that the proposed model is able to improve classification rate, particularly in R2L attacks. This method also offers better Detection Rate (DR) and Cost Per Example (CPE) when compared to similar related works and also the simulated Multi-Layer Perceptron (MLP) and Elman-based intrusion detectors. On the other hand, False Alarm Rate (FAR) of the proposed model is not degraded significantly when compared to some recent machine learning methods

Flow-based anomaly detection using neural network optimized with GSA algorithm

Reliable high-speed networks are essential to provide quality services to ever growing Internet applications. A Network Intrusion Detection System (NIDS) is an important tool to protect computer networks from attacks. Traditional packet-based NIDSs are time-intensive as they analyze all network packets. A state-of-the-art NIDS should be able to handle a high volume of traffic in real time. Flow-based intrusion detection is an effective method for high speed networks since it inspects only packet headers. The existence of new attacks in the future is another challenge for intrusion detection. Anomaly-based intrusion detection is a well-known method capable of detecting unknown attacks. In this paper, we propose a flow-based anomaly detection system. Artificial Neural Network (ANN) is an important approach for anomaly detection. We used a Multi-Layer Perceptron (MLP) neural network with one hidden layer. We investigate the use of a Gravitational Search Algorithm (GSA) in optimizing interconnection weights of a MLP network. Our proposed GSA-based flow anomaly detection system (GFADS) is trained with a flow-based data set. The trained system can classify benign and malicious flows with 99.43% accuracy. We compare the performance of GSA with traditional gradient descent training algorithms and a particle swarm optimization (PSO) algorithm. The results show that GFADS is effective in flow-based anomaly detection. Finally, we propose a four-feature subset as the optimal set of features.</p