توسعه یک سیستم تشخیص نفوذ مبتنی بر خوشه‌بندی فازی و الگوریتم بهینه‌سازی نهنگ

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشکده علوم و فنون نوین، دانشگاه تهران، تهران، ایران

2 بخش مهندسی و علوم کامپیوتر و فناوری اطلاعات، دانشکده برق و کامپیوتر، دانشگاه شیراز، شیراز، ایران.

چکیده

امروزه شبکه­های کامپیوتری در جهان کاربردهای فراوانی پیدا کرده‌اند. به‌دلیل استفاده گسترده از اینترنت، سیستم­های رایانه­ای، مستعد سرقت اطلاعات هستند که منجر به ظهور سیستم­های تشخیص نفوذ (IDS) شده است. امنیت شبکه در پاسخ به افزایش اطلاعات حساس، به یک موضوع اساسی در علوم کامپیوتر تبدیل ‌شده است. در پژوهش حاضر سیستم تشخیص نفوذ غیرنظارتی مبتنی بر خوشه­بندی فازی (FCM) با بهره­گیری از الگوریتم بهینه­سازی نهنگ (WOA) پیشنهاد شده است و با مجموعه داده استاندارد تشخیص نفوذ 99 KDD Cup مورد آزمایش قرار گرفت. در این روش به‌منظور جداسازی فعالیت­های نفوذی از فعالیت­های عادی، ﺧﻮﺷﻪ­ﺑﻨﺪﯼ C- میانگین فازی مورد استفاده قرارگرفته و از الگوریتم بهینه­سازی نهنگ برای به‌دست آوردن تفکیک بهینه بین این فعالیت­ها استفاده‌ شده است. جهت کمک به FCM، از WOA استفاده ‌شده است تا از مراکز خوشه­های اولیه مناسب به‌جای مراکز تصادفی استفاده کند. نتایج تجربی بر روی مجموعه داده 99KDD Cup  حاکی از بهبود نرخ همگرایی، صحت و همچنین نرخ هشدار اشتباه توسط الگوریتم WOA-FCM در قیاس با سایر روش­های غیر نظارتی می‌باشد. از همین‌رو، یافته­های پژوهش حاضر می­تواند در زمینه حل مسائل پیچیده مرتبط با IDS مؤثر واقع شود.

کلیدواژه‌ها


عنوان مقاله [English]

Developing an Intrusion Detection System Based on Fuzzy Clustering and Whale Optimization Algorithm

نویسندگان [English]

  • Reza Nazari 1
  • Mostafa Fakhrahmad 2
1 Faculty of New Sciences and Technologies, University of Tehran, Tehran, Iran
2 Dept. of Computer Science & Engineering & IT, School of Electrical and Computer Engineering, Shiraz University, Shiraz, Iran
چکیده [English]

Nowadays, computer networks are being widely used in the world. Due to the widespread use of the internet, computer systems are prone to information theft and this has led to the emergence of intrusion detection systems (IDS). Thus, network security has become an essential subject in computer science responding to the increase of sensitive information. The current research has used fuzzy C-means (FCM) and Whale optimization algorithm (WOA) to propose an unsupervised machine learning intrusion identification system and has tested it with the KDD Cup 99 standard intrusion detection dataset. In this method, fuzzy C-means has been applied in order to distinguish intrusive activities from normal activities and Whale optimization algorithm has been used to achieve optimal separations among these activities. In order to help FCM, the WOA has been applied to start with suitable cluster centers rather than randomly initialized centers. Experimental results on KDD Cup 99 dataset showed that the proposed method offers higher detection accuracy and a lower false alarm rate compared to other similar algorithms. Therefore, the findings of the present study would be effective in solving complex problems related to IDS.

کلیدواژه‌ها [English]

  • Intrusion Detection System (IDS)
  • Fuzzy C-Means (FCM)
  • Whale Optimization Algorithm (WOA)
  • Fuzzy Logic
  • Fuzzy Clustering
  • WOA-FCM
[1]  Al-Yaseen, W. L.; Othman, Z. A.; Nazri, M. Z. A. “Multi-Level Hybrid Support Vector Machine and Extreme Learning Machine Based on Modified K-Means for Intrusion Detection System”; Expert Systems with Applications 2017, 67, 296-303.##
[2]   Jun-lan, Y. A. O. “Intrusion Detection Technology and Its Future Trend”; Journal of Information Technology 2006, 4, 172–176.##
[3]   Ahmed, M.; Naser Mahmood, A.; Hu, J. “A Survey of Network Anomaly Detection Techniques”; Journal of Network and Computer Applications 2016, 60, 19-31.##
[4]   Abe, S.; Thawonmas, R. “A Fuzzy Classifier with Ellipsoidal Regions”; IEEE Transactions on Fuzzy Systems 1997, 5, 358-368.##
[5]   Wu, S. X.; Banzhaf, W. “The Use of Computational Intelligence in Intrusion Detection Systems: A Review”; Appaon”; IEEE Netw. 1994, 8, 26–41.##
[10]         Denning, D. E. “An Intrusion-Detection Model”; IEEE Transactions on Software Engineering 1987, SE-13, NO-2,
 222–232.##
[11]         Chebrolu, S.; Abraham, A.; Thomas, J. P. “Feature Deduction and Ensemble Design of Intrusion Detection Systems”; Computers & Security 2005, 24, 295–307.##
[12]         Aljawarneh, S.; Aldwairi, M.; Yassein, M. B. “Anomaly-Based Intrusion Detection System through Feature Selection Analysis and Building Hybrid Efficient Model”; Journal of Computational Science 2018, 25, 152–160.##
[13]         Butun, I.; Morgera, S. D.; Sankar, R. “A Survey of Intrusion Detection Systems in Wireless Sensor Networks”; IEEE Communications Surveys & Tutorials 2014, 16, 266–282.##
[14]         Chawla, A.; Lee, B.; Fallon, S.; Jacob, P. “Host Based Intrusion Detection System with Combined CNN/RNN Model”; European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases 2018, 149-158.##
[15]         Ficke, E.; Schweitzer, K.; Bateman, R.; Xu, S. “Characterizing the Effectiveness of Network-Based Intrusion Detection Systems”; IEEE Military Communications Conference 2018, 76-81.##
[16]         Indhumathi, M.; Kavitha, S. “Distributed Intrusion Detection System for Cognitive Radio Networks Based on Weighted Fair Queuing Algorithm”; International Journal of Research in Computer Science, Engineering and Information Technology 2018, 426-436.##
[17] Bhuyan, M. H.; Bhattacharyya, D. K.; Kalita, J. K. “Network Anomaly Detection: Methods, Systems and Tools”; IEEE Communications Surveys & Tutorials 2013, 16, 303–336.##
[18]         Jianliang, M.; Haikun, S.; Ling, B. “The Application on Intrusion Detection Based on K-Means Cluster Algorithm”; International Forum on Information Technology and Applications 2009, 1, 150–152.##
[19]         Ding, C.; He, X. “K-Means Clustering via Principal Component Analysis”; International Conference on Machine Learning, 29-37.##
[20]         Bharti, K.; Shukla, S.; Jain, S. “Intrusion Detection Using Unsupervised Learning”; International Journal of Computational Science and Engineering 1865, 2, 2010.##
[21]         Ren, W.; Cao, J.; Wu, X. “Application of Network Intrusion Detection Based on Fuzzy C-Means Clustering Algorithm”; Intelligent Information Technology Application 2009,
3, 19–22.##
[22]         Guorui, F.; Xinguo, Z.; Jian, W. “Intrusion Detection Based on the Semi-Supervised Fuzzy C-Means Clustering Algorithm”; Conference on Consumer Electronics, Communications and Networks 2012, 2667–2670.##
[23]         Sampat, R.; Sonawani, S. “Network Intrusion Detection Using Dynamic Fuzzy c Means Clustering”; Network
2015, 2, 135-141.##
[24]         Hameed, S. M.; Saad, S.; Alani, M. F. “An Extended Modified Fuzzy Possibilistic C-Means Clustering Algorithm for Intrusion Detection”; Lecture Notes on Software Engineering 2013, 1, 273-278.##
[25]         Ganapathy, S.; Kulothungan, K.; Yogesh, P.; Kannan, A. “A Novel Weighted Fuzzy C–Means Clustering Based on Immune Genetic Algorithm for Intrusion Detection”; Procedia Engineering 2012, 38, 1750–1757.##
[26]         Khazaee, S.; Rad, M. S. “Using Fuzzy C-Means Algorithm for Improving Intrusion Detection Performance”; International Financial Services Commission 2013, 27–29.##
[27]         Kumar, G. R.; Mangathayaru, N.; Narsimha, G. “An Approach for Intrusion Detection Using Fuzzy Feature Clustering”; The International Conference on Engineering & MIS 2016, 1–8.##
[28]         Pandeeswari, N.; Kumar, G. “Anomaly Detection System in Cloud Environment Using Fuzzy Clustering Based ANN”; Mob. Networks Appl. 2016, 21, 494–505.##
[29]         Principal, V. “Intrusion Detection System Using Kernel FCM Clustering and Bayesian Neural Network”; Data Bases 2013, 3, 391-399.##
[30]         Rustam, Z.; Talita, A. S. “Fuzzy Kernel C-Means Algorithm for Intrusion Detection Systems”; J. Theor. Appl. Inf. Technol. 2015, 81, 161-165.##
[31]         Khazaee, S.; Faez, K. “A Novel Classification Method Using Hybridization of Fuzzy Clustering and Neural Networks for Intrusion Detection”; Int. J. Mod. Educ. Comput. Sci. 2014, 6, 11-24.##
[32]         Surana, S. “Intrusion Detection Using Fuzzy Clustering and Artificial Neural Network”; Adv. Neural Networks, Fuzzy Syst. Artif. Intell. 2013, 209–217.##
[33]         Harish, B. S.; Kumar, S. V. A. “Anomaly Based Intrusion Detection Using Modified Fuzzy Clustering”; International J. of Interactive Multimedia and Artificial Intelligence 2017, 4, 54–59.##
[34]         Mishra, D.; Naik, B. “Detecting Intrusive Behaviors Using Swarm-Based Fuzzy Clustering Approach”; South Carolina Dental Association 2019, 837–846.##
 [35]        Gaffarpour, R.; Pourmusa, A. A.; Ranjbar, A. M. “Presenting an Index for Evaluation of Power Network Security Using Fuzzy Set Theory”; Adv. Defence Sci. & Technol. 2019, 7, 289–304 (In Persian).##
 [36]            Mendel, J. M. “Uncertain Rule-Based Fuzzy Systems”; Introduction and New Directions; Springer International Publishing, 2017.##
 [37]        Bezdek, J. C.; Ehrlich, R.; Full, W. “FCM: The Fuzzy c-Means Clustering Algorithm”; Comput. Geosci. 1984, 10, 191–203.##
[38]         Mirjalili, S.; Lewis, A. “The Whale Optimization Algorithm”; Adv. Eng. Softw. 2016, 95, 51–67.##
[39] “KDD-CUP 1999 Dataset”; http://kdd.ics.uci.edu/databases/ kddcup99/, 2019.##
[40]         Revathi, M.; Ramesh, T. “Network Intrusion Detection System Using Reduced Dimensionality”; Indian J. Comput. Sci. Eng. 2011, 2, 61–67.##
[41]         Sabhnani, M.; Serpen, G. “Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context”; MLMTA 2003, 209–215.##
 [42]        Kayacik, H. G.; Zincir-Heywood, A. N.; Heywood, M. I. “Selecting Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrusion Detection Datasets”; Proceedings of the Annual Conference on Privacy, Security and Trust 2005, 94, 1723-1728.##
[43]         Kazemitabar, J.; Taheri, R.; Kheradmandian, Gh. “A Novel Technique for Improvement of Intrusion Detection via Combining Random Forrest and Genetic Algorithm”; Adv. Defence Sci. Technol. 2019, 10, 287–296 (In Persian).##
[44]         Syarif, I.; Prugel-Bennett, A.; Wills, G. “Unsupervised Clustering Approach for Network Anomaly Detection”; Networked Digital Technologies 2012, 135–145.##
[45]  Chimphlee, W.; Abdullah, A. H.; Sap, M. N. M.; Srinoy, S.; Chimphlee, S. “Anomaly-Based Intrusion Detection Using Fuzzy Rough Clustering”; International Conference on Hybrid Information Technology 2006, 1, 329–334.##