An Efficient Hybrid Evolutionary Approach for Identification of Zero-Day Attacks on Wired/Wireless Network System
- PDF / 2,170,711 Bytes
- 29 Pages / 439.37 x 666.142 pts Page_size
- 34 Downloads / 181 Views
An Efficient Hybrid Evolutionary Approach for Identification of Zero‑Day Attacks on Wired/Wireless Network System Alok Kumar Shukla1
© Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract Attacks from network applications establish considerable security threats for computer networks and end users. Existing cyber-attack detection methods are designed primarily in signature-based approaches that can not recognize zero-day vulnerabilities. In addition, with the minimum availability of network attack data in the real world, the effectiveness of such approaches is even more limited. Today, in network security, an Intrusion Detection System (IDS) plays an important role in detecting intrusive activity. To address the existing challenges, we propose an architectural scheme through an evolutionary hybrid algorithm that incorporates Teaching Learning based optimization (TLBO) and Simulated Annealing (SA), called TLBOSA for IDS that extracts the most notable characteristics and eliminates the irrelevant from the high-dimensional data sets. In the proposed method, SA is integrated into the TLBO, while using it to increase the quality of the solution after each iteration of the TLBO algorithm. Support Vector Machine (SVM) is used as a fitness function in the proposed method to select the relevant attributes that can help classify the attacks accurately. For performance verification, the proposed method is used in two large datasets, such as NSL-KDD and UNSW-NB15. The empirical evaluations show that our approach outperforms the existing state-of-the-art algorithms in terms of detection rate, accuracy and false alarm rates on both NSL-KDD and UNSWNB15 data. Keywords Intrusion detection system · NSL-KDD · Teaching learning-based optimization · Support vector machine
1 Introduction With the development and propagation of information and web technologies, the security requirement of network traffic has become gradually important. An intrusion refers to the forbidden task of violating the security rule of a system that leads to loss of reliability, privacy, rejection or unauthenticated use of resources. An IDS acts as a hardware or software device to identify and prevent access to the wired /wireless network. When it notice that an * Alok Kumar Shukla [email protected] 1
School of Computer Science and Engineering, VIT-AP university, Amaravati, Andhra Pradesh, India
13
Vol.:(0123456789)
A. K. Shukla
intruder is attempting an attack, the main responsibility of the IDS is to prevent it and this action must be taken before damaging or accessing any sensitive facts [1]. The main aim of IDS is to detect malicious traffic. A important difference between Intrusion Detection and Intrusion Protection Systems (IPS) are; IDS analyze and monitor network traffic for signs that indicate attackers are using a known cyber-attack to pass through or take data from wireless network. In addition, it compares the existing network activity to a known threat database to detect several kinds of behaviors like secur
Data Loading...
