Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
A Hybrid Intrusion Detection Model Using EGA-PSO and Improved Random Forest Method
Sensors ( IF 3.4 ) Pub Date : 2022-08-10 , DOI: 10.3390/s22165986 Amit Kumar Balyan 1 , Sachin Ahuja 1 , Umesh Kumar Lilhore 2 , Sanjeev Kumar Sharma 1 , Poongodi Manoharan 3 , Abeer D Algarni 4 , Hela Elmannai 4 , Kaamran Raahemifar 5, 6, 7
Sensors ( IF 3.4 ) Pub Date : 2022-08-10 , DOI: 10.3390/s22165986 Amit Kumar Balyan 1 , Sachin Ahuja 1 , Umesh Kumar Lilhore 2 , Sanjeev Kumar Sharma 1 , Poongodi Manoharan 3 , Abeer D Algarni 4 , Hela Elmannai 4 , Kaamran Raahemifar 5, 6, 7
Affiliation
Due to the rapid growth in IT technology, digital data have increased availability, creating novel security threats that need immediate attention. An intrusion detection system (IDS) is the most promising solution for preventing malicious intrusions and tracing suspicious network behavioral patterns. Machine learning (ML) methods are widely used in IDS. Due to a limited training dataset, an ML-based IDS generates a higher false detection ratio and encounters data imbalance issues. To deal with the data-imbalance issue, this research develops an efficient hybrid network-based IDS model (HNIDS), which is utilized using the enhanced genetic algorithm and particle swarm optimization(EGA-PSO) and improved random forest (IRF) methods. In the initial phase, the proposed HNIDS utilizes hybrid EGA-PSO methods to enhance the minor data samples and thus produce a balanced data set to learn the sample attributes of small samples more accurately. In the proposed HNIDS, a PSO method improves the vector. GA is enhanced by adding a multi-objective function, which selects the best features and achieves improved fitness outcomes to explore the essential features and helps minimize dimensions, enhance the true positive rate (TPR), and lower the false positive rate (FPR). In the next phase, an IRF eliminates the less significant attributes, incorporates a list of decision trees across each iterative process, supervises the classifier’s performance, and prevents overfitting issues. The performance of the proposed method and existing ML methods are tested using the benchmark datasets NSL-KDD. The experimental findings demonstrated that the proposed HNIDS method achieves an accuracy of 98.979% on BCC and 88.149% on MCC for the NSL-KDD dataset, which is far better than the other ML methods i.e., SVM, RF, LR, NB, LDA, and CART.
中文翻译:
一种使用 EGA-PSO 和改进的随机森林方法的混合入侵检测模型
由于 IT 技术的快速发展,数字数据提高了可用性,产生了需要立即关注的新型安全威胁。入侵检测系统 (IDS) 是防止恶意入侵和追踪可疑网络行为模式的最有前途的解决方案。机器学习 (ML) 方法广泛用于 IDS。由于训练数据集有限,基于 ML 的 IDS 会产生更高的误检率并遇到数据不平衡问题。针对数据不平衡问题,本研究开发了一种高效的基于网络的混合IDS模型(HNIDS),该模型使用增强遗传算法和粒子群优化(EGA-PSO)和改进的随机森林(IRF)方法。在初始阶段,所提出的 HNIDS 利用混合 EGA-PSO 方法来增强小数据样本,从而产生一个平衡的数据集,以更准确地学习小样本的样本属性。在提出的 HNIDS 中,PSO 方法改进了向量。GA 通过添加多目标函数得到增强,该函数选择最佳特征并实现改进的适应度结果以探索基本特征,并有助于最小化维度、提高真阳性率 (TPR) 和降低假阳性率 (FPR)。在下一阶段,IRF 消除不太重要的属性,在每个迭代过程中合并决策树列表,监督分类器的性能,并防止过度拟合问题。使用基准数据集 NSL-KDD 测试了所提出的方法和现有 ML 方法的性能。
更新日期:2022-08-10
中文翻译:
一种使用 EGA-PSO 和改进的随机森林方法的混合入侵检测模型
由于 IT 技术的快速发展,数字数据提高了可用性,产生了需要立即关注的新型安全威胁。入侵检测系统 (IDS) 是防止恶意入侵和追踪可疑网络行为模式的最有前途的解决方案。机器学习 (ML) 方法广泛用于 IDS。由于训练数据集有限,基于 ML 的 IDS 会产生更高的误检率并遇到数据不平衡问题。针对数据不平衡问题,本研究开发了一种高效的基于网络的混合IDS模型(HNIDS),该模型使用增强遗传算法和粒子群优化(EGA-PSO)和改进的随机森林(IRF)方法。在初始阶段,所提出的 HNIDS 利用混合 EGA-PSO 方法来增强小数据样本,从而产生一个平衡的数据集,以更准确地学习小样本的样本属性。在提出的 HNIDS 中,PSO 方法改进了向量。GA 通过添加多目标函数得到增强,该函数选择最佳特征并实现改进的适应度结果以探索基本特征,并有助于最小化维度、提高真阳性率 (TPR) 和降低假阳性率 (FPR)。在下一阶段,IRF 消除不太重要的属性,在每个迭代过程中合并决策树列表,监督分类器的性能,并防止过度拟合问题。使用基准数据集 NSL-KDD 测试了所提出的方法和现有 ML 方法的性能。
京公网安备 11010802027423号