Abstract
By identifying different kinds of attacks and application misuse that firewalls normally aren't able to identify, network intrusion detection systems (IDS) are intended to keep computer networks safe. When creating a network intrusion detection system, feature selection techniques are crucial. Several bionic meta-heuristic algorithms are used to quickly categorize network traffic as problematic or normal, then decrease features to demonstrate higher accuracy. Thus, in order to detect frequent attacks, this research proposes a hybrid model of network intrusion detection system (IDS) based on an algorithm inspired by a hybrid bionic element. There are two goals for the suggested model. The first step is to minimize the number of features that are chosen in Network IDS. By combining biosensing metaheuristics with hybrid models, this objective is accomplished. The algorithms used in this chapter are particle swarm optimization (PSO), multiverse optimizer (MVO), grey wolf optimization (GWO), moth flame optimization (MFO), firefly algorithm (FFA), whale optimization algorithm (WOA), bat algorithm (BAT), genetic bee colony (GBC) algorithm, artificial bee colony algorithm (ABC), fish swarm algorithm (FSA), cat swarm optimization (CSO), artificial algae algorithm (AAA), elephant herd optimization (EHO), cuckoo search optimization algorithm (CSOA), lion optimization algorithm (LOA), and cuttlefish algorithm (CFA) algorithm. Using machine learning classifiers, the second objective is to identify frequent attacks. SVM (support vector machine), C4.5 (J48) decision trees, and RF (random forest) classifiers are used to accomplish this purpose. Thus, the goal of the suggested model is to pinpoint frequent attacks. The data indicates that J48 is the top classifier when it comes to model building time when compared to SVM and RF. The data indicates that when it came to feature reduction for classification, the MVO-BAT model decreased the features to 24, whereas the MFO-WOA and FFA-GWO models lowered the accuracy, sensitivity, and F-measure of all features to 15. The accuracy, sensitivity, and F-measure of each feature are the same for every classifier.
TopIntroduction
The proliferation of computers and mobile devices is causing a rapid evolution in computer network functioning. The quantity of cyberattacks has consequently skyrocketed. The European Union Network and Information Security Agency (ENISA) claims that the sophistication and malevolence of assaults are rising. As a result, interest in network security is growing (Adil et al., 2020). Preventive, detection, and mitigation methods are employed to guarantee network security. The first line of defense for your network is prevention, which is a proactive technology. Preventing attacks is the aim. When preventive measures are not enough to keep the network safe, detection technology is deployed (Almaiah & Almomani, 2020). This keeps an eye on your network and looks for possible threats. Lastly, there are ways to lessen the impact of attacks by powering gadgets. Based on the type and location of the detection, detection technologies are separated into two groups. Host-based or network-based detection are two possible detection locations. Conversely, there are two types of detection: anomaly-based and signature-based (Rajadurai & Gandhi, 2020). In order to identify unauthorized access to resources, host-based detection keeps an eye on a computer system's internal operations. Network-based detection keeps an eye on network traffic logs in real time and finds any network breaches. Detection methods based on features look for particular patterns or traits. This method cannot identify brand-new attacks, even though we advise using it to identify existing attacks.
In contrast, anomaly-based detection makes use of pre-established criteria to recognize typical network behavior and produce alerts when abnormalities arise. The definition of anomaly detection is a two-class classifier that assigns a normal or abnormal classification to each sample. IDS is currently plagued by efficiency-related issues such a high false alarm rate and poor detection accuracy (El Omri & Rida, 2019). For any IDS, choosing features to enhance performance is a crucial first step. There are several ways to go about feature selection for an intrusion detection system. Metaheuristics with biological inspiration is one such method.
Because it keeps an eye on the entire network, NIDS earns its name. It keeps an eye on the whole network segment, to be more precise. Network interface cards (NICs) on computers usually run in non-promiscuous mode. In this mode of operation, only packets intended for a particular NIC MAC (Media Access Control) address are sent to the stack for further examination (Dhiman, 2019). To keep an eye on network traffic that isn't going to its MAC address, NIDS has to be operating in promiscuous mode. NIDS can intercept all conversations on a network segment when they are operating in promiscuous mode. To keep your network safe, you must operate in promiscuous mode. But while thinking about new privacy laws, one duty that must be carefully considered is network communication monitoring.
Network-based Intrusion Detection Systems, or NIDS, identify harmful activity on networks. Prompt network access is usually necessary for NIDS to examine all traffic, including unicast traffic. Since NIDS is a passive tool, it doesn't impede the traffic it observes. A typical NIDS architecture is shown in Figure 1. Through various (read/write, etc.) network interfaces, NIDS delivers alerts to the NIDS management server while sniffing the firewall's internal interface in read-only mode (Kennedy & Eberhart, 1995).
An intelligently dispersed device that passively examines network traffic is called a network-based intrusion detection system (NIDS). Depending on the system vendor, NIDS is a hardware- or software-based system that can connect to different network media like Ethernet, FDDI, etc. There are typically two network interfaces on NIDS (Almomani, 2020). One is used for control and reporting, while the other is utilized to listen in promiscuous mode to network communications.