Article Preview
Top1. Introduction
Owing to the rapid development of sophisticated attacks in computer networks, significant growth in network security has been taken place. Though traditional security methods reside in the network security it fails to defend the malicious attacks due to the fast growth of intrusion techniques. To address this issue, novel defense techniques such as intrusion detection system (IDS) are developed to improve network security (Kang & Kim 2016; Paliwal & Gupta 2012; Sabhnani & Serpen 2003; Azad & Jha 2013; Balajinath & Raghaven 2001; NSL-KDD n.d.; Chandrashekar & Sahin 2014). IDS plays an important role for the development of network security where it includes many applications influencing integrity, privacy and accessibility. It is demarcated as a software or hardware that observes internal or external cyber-attacks. It examines the system and user operations by investigating and identifying the models of known attacks and detects the abnormal network functionality. In addition to that, IDS have two main categories i.e. host based IDS (HIDS) and network based IDS (NIDS) (Bhuyan et al., 2013). Host IDS run on personal networks or devices on the network which monitors the inner actions in a computing system. On the other hand, Network IDS detect potential cyber-attacks based on network traffic patterns. It also builds a computation task to predict model and distinguish between “bad” (attacks or intrusions) and “good” (normal) connections.
Generally, IDS based detection systems are classified into three broad categories viz., misuse-based detection, anomaly-based detection and hybrid IDS. Misuse based or signature-based detection holds predefined rules or signatures to identify anonymous attacks. Anomaly detection creates a standard activity profile to identify the anonymous attacks by monitoring the variation in their established standard activities (Karimipour & Dinavahi, 2017). Hybrid IDS detects both the known and unknown attacks in the network. Currently, a wide range of IDS system uses the data mining mechanisms for spotting intrusions. Most of the NIDS based works utilize all features to detect the unknown attacks, but all the features are not required to detect the attacks. The selected numbers of features are enough to detect the attacks as well as to minimize the detection time and maximize the detection accuracy rate.
Feature selection (FS) is mechanisms which preprocess the data by identifying the significant features and eradicating the redundant and false features. Significant features are quite important to determine the high accuracy rate as well as for the smoothening of the classifier operation (Peng et al., 2005). However, the insignificant features provide the false positive rate and hold the same information like significant features which in result degrades the performance of the classifier operation. Some of the advantages of FS are data analyzing, irrelevant data elimination and minimization of computation cost (El-Hkatib, 2009). To validate the significant features enormous classifiers are introduced such as SVM (Fung & Mangasarian, 2004; Lee & Mangasarian, 2001), C4.5, Random Forest, K-means, Decision Tree, Fuzzy Logic and Bayesian Network classifier (Çavuşoğlu 2019).
In this article, we merged filter and wrapper-based feature selection techniques to determine the suitable features to detect the network intrusion. In addition to that, reinforced firefly algorithm has been incorporated with the wrapper-based techniques to boost up the selection of the significant features. The objective of this paper is to select the promising features to reduce the detection time by identifying the attacks reside in the network. The proposed work mainly focuses on the meta-heuristic algorithm namely reinforced firefly algorithm for feature selection with Bayesian Network classifier and SVM Classifier. Reinforced firefly algorithm has been improvised with an efficient exploration technique namely Levy Flight which aids the proposed algorithm to select the appropriate features by utilizing the global search space. The aim of this paper is to provide the prominent accuracy and less false positive rate with the aid of the wrapper technique and filter technique. Efficacy of the proposed technique is measured using the KDD Cup 99 intrusion detection dataset. In order to measure the performance of the proposed work, state-of-art meta-heuristics algorithm such as GA, PSO and FA are used respectively.