Research On Intrusion Detection Model Based On Swarm Intelligence

The network intrusion detection system can detect the illegal behavior in the network by collecting the information of network traffic.As an active detection method of network attack,intrusion detection is always an important research content in the field of network security.With the rapid development of network technology and the complexity of network attack means,it has been the research target of network intrusion detection system to accurately identify network attacks based on large-scale network traffic and reduce system false positives.The traditional feature-based detection methods need a lot of prior knowledge in the field,and can only detect known attacks.And the machine learning method can automatically find patterns from the data,and is gradually applied to intrusion detection.However,the establishment of machine learning intrusion detection model is faced with various problems.First of all,the selection of model parameters directly affects the accuracy and generalization of the model.Secondly,the feature optimization is an important step in building the machine learning model.A appropriate feature subset can not only save system resources but also accurately represent the original data.Finally,the ensemble learning is an important research content in the field of machine learning.How to select the appropriate basic learners and how to combine them effectively are important problems to be solved.In this paper,the swarm intelligence methods are used to optimize the machine learning model.The intrusion detection schemes based on parameter optimization,feature selection,ensemble pruning and multiple kernel learning are studied which are as follows:(1)For the parameter selection and feature selection of kernel extreme learning machine(KELM),a KELM intrusion detection model based on particle swarm optimization(PSO)is proposed.Because the KELM method has the characteristics of fast speed and good generalization,the KELM is used as the detection engine,but the performance of KELM is strictly dependent on the selection of penalty coefficient and kernel parameters.Then,PSO is adopted in the training of KELM to optimize the parameters,and the binary particle swarm optimization(BPSO)is used to select the features.The Gaussian function is used as the kernel function of KELM.The experimental results show that PSO is more efficient in optimizing the parameters of KELM than the Grid search method(GS)and genetic algorithm(GA).At the same time,the results show that using the feature subset with 1/4 of the original number of features has the same or even better detection results than using all features.(2)An ensemble pruning intrusion detection model based on the bat algorithm(BA)is proposed to select the appropriated sub-classifiers in the ensemble framework.First,aiming at the characteristics of large amount of data and high dimension in big data era,the improved voting extreme learning machine(VELM)based on the random subspace is used as the intrusion detection classifier.The VELM is a voting ensemble algorithm based on ELM,whose performance depends on the number of subclassifiers.But the number of sub-classifiers is not the more the better.Then,the bat algorithm(BA)is used to select the appropriate sub-classifiers for ensemble.The fitness function of BA algorithm is defined by the combination of the accuracy and diversity of sub-classifiers.The random subspace ensemble method can not only reduce the data dimension,but also increase the diversity of sub-classifiers.The empirical results indicate that the ensemble method based on random subspace can improve the accuracy and robustness over the use of an individual ELM.The results also show that,compared with all the sub-classiers are used in the ensemble,the pruning framework can not only achieve comparable or better performance but also save substantial computing resources.(3)Since a single predefined kernel function does not represent heterogeneous information well,a multiple kernel extreme learning machine intrusion detection model based on the meta-heuristic algorithm is proposed.First,the feature selection is performed using ReliefF and the KELM is used as the intrusion detection algorithm.Aiming at the kernel selection of KELM,the linear combination of Gaussian kernels is used to form a multiple kernel function.Finding the optimal multiple kernel function is the process of determining Gaussian kernel parameters and kernel weights.The meta-heuristic algorithms,including PSO,genetic algorithm(GA),grey wolf optimization(GWO),BA and differential evolution(DE),are used to optimize the optimal multiple kernel function.The fitness function of the meta-heuristic algorithm is determined by the kernel target alignment that is independent of the detection engine algorithm.The experimental results show that the optimal multiple kernel function can be determined by any of the meta-heuristic optimization methods mentioned above.As the filter-based feature selection method is combined with the multiple kernel learning method independent of the classifier,the proposed model has comparable accuracy while saving a large amount of computational overhead compared with the multiple kernel optimization model relying on the classifier.To sum up,according to the the problems of the existing machine learning model,the focus of this paper is to propose an intrusion detection model optimization scheme based on swarm intelligence.The experimental results show that the proposed models in this paper can effectively improve the performance of intrusion detection and have the practical significance.