Network intrusion detection using hybrid binary PSO and random forests algorithm
Article first published online: 28 FEB 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 8, Issue 16, pages 2646–2660, 10 November 2015
How to Cite
2015) Network intrusion detection using hybrid binary PSO and random forests algorithm. Security Comm. Networks, 8: 2646–2660. doi: 10.1002/sec.508., , and (
- Issue published online: 14 OCT 2015
- Article first published online: 28 FEB 2012
- network intrusion detection;
- particle swarm optimization;
- random forests;
- intrusion detection system;
- data mining;
- machine learning
Network security risks grow with increase in the network size. In recent past, the attacks on computer networks have increased tremendously and require efficient network intrusion detection mechanisms. Data mining and machine-learning techniques have been used for network intrusion detection during the past few years and have gained much popularity. In this paper, we propose an intrusion detection mechanism based on binary particle swarm optimization (PSO) and random forests (RF) algorithms called PSO-RF and investigate the performance of various dimension reduction techniques along with a set of different classifiers including the proposed approach. Binary PSO is used to find more appropriate set of attributes for classifying network intrusions, and RF is used as a classifier. In the preprocessing step, we reduce the dimensions of the dataset by using different state-of-the-art dimension reduction techniques, and then this reduced dataset is presented to the proposed PSO-RF approach that further optimizes the dimensions of the data and finds an optimal set of features. PSO is an optimization method that has a strong global search capability and is used here for dimension optimization. We perform extensive experimentation to prove the worth of the proposed approach by using different performance metrics. The standard benchmark, that is, KDD99Cup dataset, is used that contains the information about various kinds of network intrusions. The experimental results indicate that the proposed approach performs better than the other approaches for the detection of all kinds of attacks present in the dataset. Copyright © 2012 John Wiley & Sons, Ltd.