A lightweight intelligent network intrusion detection system using OCSVM and Pigeon inspired optimizer

摘要

Due to the widespread of Internet services, all around the world, service providers are facing a major problem defending their systems, especially from new breaches and attacks. Network Intrusion Detection System (NIDS) analyzes network packets and reports low-level security violations to system administrators. In large networks, these reports become unmanageable. Moreover, state-of-the-art systems suffer from high false alarms. A NIDS should be anomaly-based to have the ability to discover zero-day attacks. Most NIDSs proposed by researchers that were based on such techniques suffered from high false alarms. This paper introduces an intelligent lightweight IDS that has a low false alarm rate while maintaining a high detection rate. The proposed NIDS is a fusion between two main subsystems that work in parallel. Each subsystem is trained using One-Class Support Vector Machine (OCSVM). One of the systems is trained over normal packets, while the other is trained over attack packets. The results of both subsystems are combined to give a good judgment for each packet that passes through the network. The proposed NIDS has been evaluated and compared with state-of-the-art systems using three popular IDS datasets (KDDCUP-99, NSL-KDD, and UNSW-NB15) in terms of detection rate, accuracy, f-measure and false alarms. The results show that the proposed NIDS outperformed the examined IDSs proposed by the previous researches.