Get access

Network intrusion detection using hybrid binary PSO and random forests algorithm

Authors

  • Arif Jamal Malik,

    1. Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Pakistan
    Search for more papers by this author
  • Waseem Shahzad,

    1. Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Pakistan
    Search for more papers by this author
  • Farrukh Aslam Khan

    Corresponding author
    1. Department of Computer Science, National University of Computer and Emerging Sciences, Islamabad, Pakistan
    • Correspondence: Farrukh Aslam Khan, Department of Computer Science, National University of Computer and Emerging Sciences, A. K. Brohi Road,H-11/4, Islamabad, Pakistan.

      E-mail: farrukh.aslam@nu.edu.pk

    Search for more papers by this author

Abstract

Network security risks grow with increase in the network size. In recent past, the attacks on computer networks have increased tremendously and require efficient network intrusion detection mechanisms. Data mining and machine-learning techniques have been used for network intrusion detection during the past few years and have gained much popularity. In this paper, we propose an intrusion detection mechanism based on binary particle swarm optimization (PSO) and random forests (RF) algorithms called PSO-RF and investigate the performance of various dimension reduction techniques along with a set of different classifiers including the proposed approach. Binary PSO is used to find more appropriate set of attributes for classifying network intrusions, and RF is used as a classifier. In the preprocessing step, we reduce the dimensions of the dataset by using different state-of-the-art dimension reduction techniques, and then this reduced dataset is presented to the proposed PSO-RF approach that further optimizes the dimensions of the data and finds an optimal set of features. PSO is an optimization method that has a strong global search capability and is used here for dimension optimization. We perform extensive experimentation to prove the worth of the proposed approach by using different performance metrics. The standard benchmark, that is, KDD99Cup dataset, is used that contains the information about various kinds of network intrusions. The experimental results indicate that the proposed approach performs better than the other approaches for the detection of all kinds of attacks present in the dataset. Copyright © 2012 John Wiley & Sons, Ltd.

Ancillary