بهبود دقت تشخیص نفوذ با استفاده از روش ترکیبی PCA-GWO و شبکه‌ عصبی عمیق

وکیل زاده, زهرا; حیدران داروغه امنیه, زهرا; ذباح, ایمان; بینایی, زینب

doi:10.48301/kssa.2025.476687.2997

بهبود دقت تشخیص نفوذ با استفاده از روش ترکیبی PCA-GWO و شبکه‌ عصبی عمیق

نوع مقاله : مقاله پژوهشی (کاربردی)

نویسندگان

زهرا وکیل زاده ¹

زهرا حیدران داروغه امنیه ²

ایمان ذباح ³

زینب بینایی ⁴

¹ دانش آموخته گروه برق وکامپیوتر، دانشگاه تربت حیدریه، تربت حیدریه، ایران.

² گروه برق، واحد دولت آباد، دانشگاه آزاد اسلامی، اصفهان، ایران.

³ گروه برق وکامپیوتر، واحد تربت حیدریه، دانشگاه آزاد اسلامی، تربت حیدریه، ایران.

⁴ دانشجوی دکتری، دانشکده ریاضی و علوم کامپیوتر، دانشگاه دامغان، دامغان ایران.

10.48301/kssa.2025.476687.2997

چکیده

شبکه‌های کامپیوتری نقش حیاتی در ارتباطات و تبادل داده‌ها دارند. با گسترش این شبکه‌ها، شرایط برای حملات سایبری و نفوذ بیشتر فراهم شده است. در دنیای واقعی، تغییرات مداوم در الگوهای ترافیک و ظهور تهدیدات جدید، نیاز به آموزش سریع و به‌روز مدل‌های تشخیص نفوذ را اجتناب‌ناپذیر می‌کند. نفوذ شامل فعالیت‌های غیرقانونی است که سلامت اطلاعات، محرمانگی و دسترسی به منابع سازمان را به خطر می‌اندازد. سیستم‌های تشخیص نفوذ (IDS) به عنوان یکی از عوامل اصلی و مهم در امنیت شبکه، حملاتی را که توسط فایروال‌های سنتی شناسایی نمی‌شوند، رصد می‌کنند. با این حال، حملات مختلف رفتارهای خاص خود را دارند و بهبود تشخیص نوع حمله همچنان یکی از چالش‌های مدل‌های تشخیص نفوذ است. در این پژوهش، یک روش عمیق مبتنی بر کاهش ابعاد و انتخاب برترین ویژگی‌ها پیشنهاد شده است. ابتدا کاهش ابعاد توسط الگوریتم تحلیل مؤلفه اصلی (PCA) انجام می‌شود، سپس ویژگی‌های برتر توسط الگوریتم گرگ خاکستری(GWO) انتخاب شده و در نهایت ویژگی های کلیدی در تشخیص حمله بودن یا نبودن استخراج شده، و به شبکه‌ عمیق LSTM اعمال شده است. فرایند یادگیری بر روی داده‌های NSL_KDD پیاده‌سازی شده است. یکی از جنبه‌های کلیدی این تحقیق، در ترکیب PCA و GWO تجمیع قابلیت های هر کدام از این دو الگوریتم به منظور استخراج بهترین ویژگی‌ها و کاهش ابعاد در مجموعه داده‌ها است. نتایج نشان می‌دهد که برای تشخیص حملات، اعمال تمام ویژگی‌ها به مدل یادگیر الزامی نیست و با کاهش حجم بار محاسباتی، ضمن کاهش مدت زمان یادگیری مدل‌، دقت نیز در تشخیص حملات بهبود می‌یابد.

کلیدواژه‌ها

تشخیص نفوذ

یادگیری عمیق

شبکه LSTM

تحلیل مولفه اصلی

الگوریتم گرگ خاکستری

موضوعات

مهندسی کامپیوتر

عنوان مقاله English

Improving Intrusion Detection Accuracy Using a Hybrid PCA-GWO and Deep Neural Network Approach

نویسندگان English

zahra Vakilzadeh ¹

Zahra Heydaran Daroogheh Amnyieh ²

Iman Zabbah ³

Zeinab Binaie ⁴

¹ Department of Computer Engineering, Torbat Heydariyeh University, Torbat Heydariyeh, Iran.

² Department of Computer Engineering, Bushehr Branch, Islamic Azad University, Bushehr, Iran.

³ Department of Computer Engineering, Torbat Heydariyeh Branch, Islamic Azad University, Torbat Heydariyeh, Iran.

⁴ School of Mathemetics and Computer Science, Damghan University, Damghan, Iran.

چکیده English

Computer networks play a vital role in communication and data exchange. However, with the expansion of these networks, the potential for cyber attacks and unauthorised access has also increased. In the real world, constant changes in traffic patterns and the emergence of new threats make the need for rapid and up-to-date training of intrusion detection models essential. Intrusions encompass illegal activities that compromise the integrity, confidentiality, and availability of organisational resources. As a critical component of network security, Intrusion Detection Systems (IDS) monitor for attacks that may go undetected by traditional firewalls. However, different types of attacks exhibit unique behaviours, and enhancing the detection of these attack types remains a significant challenge for intrusion detection models. In this research, we propose a deep learning method that incorporates dimensionality reduction and optimal feature selection. Initially, we apply Principal Component Analysis for dimensionality reduction. Subsequently, we utilize the Gray Wolf Optimisation (GWO) algorithm to select superior features. Finally, we extract key features to determine the presence of an attack and apply them to a deep Long Short-Term Memory (LSTM) network. The learning process is conducted using the NSL_KDD dataset. One of the key aspects of this research is the integration of PCA and GWO to extract the most relevant features while reducing dimensionality within the dataset. The results indicate that it is unnecessary to include all features in the learning model to detect attacks. By minimizing computational load and reducing the model's learning time, we also enhance the accuracy of attack detection.

کلیدواژه‌ها English

intrusion detection

deep learning

LSTM network

PCA

gray wolf algorithm

[1] Aghdam, M.H. and P. Kabiri, Feature selection for intrusion detection system using ant colony optimization. Int. J. Netw. Secur., 2016. 18(3): (420–432).

[2] Amiri, F., et al., Mutual information-based feature selection for intrusion detection systems. Journal of network and computer applications, 2011. 34(4): (1184–1199).

[3]Horng, S.-J., et al., A novel intrusion detection system based on hierarchical clustering and support vector machines. Expert systems with Applications, 2011. 38(1): (306–313).

[4]Toosi, A.N. and M. Kahani, A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Computer communications, 2007. 30(10): (2201–2212).

[5]Maroosi, A., et al., Improving Diagnosis of Breast Cancer Disease Using Adaptive Neuro-fuzzy Inference System. Karafan Journal, 2022. 19(3): (377–392).

[6]Yahalom, R., et al., Improving the effectiveness of intrusion detection systems for hierarchical data. Knowledge-Based Systems, 2019. 168: (59–69).

[7]Talaei Khoei, T. and N. Kaabouch, A comparative analysis of supervised and unsupervised models for detecting attacks on the intrusion detection systems. Information, 2023. 14(2): (103).

[8]Taher, K.A., B.M.Y. Jisan, and M.M. Rahman. Network intrusion detection using supervised machine learning technique with feature selection. in 2019 International conference on robotics, electrical and signal processing techniques (ICREST). 2019. IEEE.

[9]Li, Y., et al., An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert systems with applications, 2012. 39(1): (424–430).

[10]Wazirali, R., An improved intrusion detection system based on KNN hyperparameter tuning and cross-validation. Arabian Journal for Science and Engineering, 2020. 45(12): (10859–10873).

[11]Besharati, E., M. Naderan, and E. Namjoo, LR-HIDS: logistic regression host-based intrusion detection system for cloud environments. Journal of Ambient Intelligence and Humanized Computing, 2019. 10(9): (3669–3692).

[12]Azam, Z., M.M. Islam, and M.N. Huda, Comparative analysis of intrusion detection systems and machine learning-based model analysis through decision tree. Ieee Access, 2023. 11: (80348–80391).

[13]Maroosi, A., E. Zabbah, and H. Ataei Khabbaz, Network Intrusion Detection using a combination of artificial neural networks in a hierarchical manner. Electronic and Cyber Defense, 2020. 8(1): (89–99).

[14]Sun, P., et al., DL‐IDS: Extracting Features Using CNN‐LSTM Hybrid Network for Intrusion Detection System. Security and communication networks, 2020. 2020(1): 8890306.

[15]Hassan, M.M., et al., A hybrid deep learning model for efficient intrusion detection in big data environment. Information Sciences, 2020. 513: (386–396).

[16]Yin, C., et al., A deep learning approach for intrusion detection using recurrent neural networks. Ieee Access, 2017. 5: (21954–21961).

[17]Heidari, A., N.J. Navimipour, and M. Unal, A secure intrusion detection platform using blockchain and radial basis function neural networks for internet of drones. IEEE Internet of Things Journal, 2023. 10(10): (8445–8454).

[18]Vinayakumar, R., et al., Deep learning approach for intelligent intrusion detection system. IEEE access, 2019. 7: (41525–41550).

[19]Luo, J., et al., A novel intrusion detection method based on threshold modification using receiver operating characteristic curve. Concurrency and Computation: Practice and Experience, 2020. 32(14): (e5690).

[20]Choudhary, S. and N. Kesswani, Analysis of KDD-Cup’99, NSL-KDD and UNSW-NB15 datasets using deep learning in IoT. Procedia Computer Science, 2020. 167: (1561–1573).

[21]Arivudainambi, D., V.K. KA, and S. Sibi Chakkaravarthy, RETRACTED ARTICLE: LION IDS: A meta-heuristics approach to detect DDoS attacks against Software-Defined Networks. Neural Computing and Applications, 2019. 31(5):(1491–1501).

[22]Velliangiri, S. and H.M. Pandey, Fuzzy-Taylor-elephant herd optimization inspired Deep Belief Network for DDoS attack detection and comparison with state-of-the-arts algorithms. Future Generation Computer Systems, 2020. 110: (80–90).

[23]Wilson, A.J. and S. Giriprasad, A Feature Selection Algorithm for Intrusion Detection System Based On New Meta-Heuristic Optimization. Journal of Soft Computing and Engineering Applications, 2020. 1(1).

[24]Farnaaz, N. and M. Jabbar, Random forest modeling for network intrusion detection system. Procedia Computer Science, 2016. 89: (213–217).

[25]Khorram, T. and N.A. Baykan, Feature selection in network intrusion detection using metaheuristic algorithms. International Journal of Advanced Research, Ideas and Innovations in Technology, 2018. 4(4): (704–710).

[26]Roopak, M., G.Y. Tian, and J. Chambers. Deep learning models for cyber security in IoT networks. in 2019 IEEE 9th annual computing and communication workshop and conference (CCWC). 2019. IEEE.

[27]Khosravian, E., Design Optimal Adaptive Trajectory Tracking Control for Station Keeping and Attitude Control of Quadrotor Using Gray Wolf Optimization. Karafan Journal, 2022. 19(3): (663–694).

[28]Tavallaee, M., et al. A detailed analysis of the KDD CUP 99 data set. in 2009 IEEE symposium on computational intelligence for security and defense applications. 2009. Ieee.

[29]Zabbah, I., K. Layeghi, and R. Ebrahimpour, A Multi-level Deep Neural Network to Diagnose Coronavirus Disease with Imbalanced Data. 2024.

[30]Hochreiter, S. and J. Schmidhuber, Long short-term memory. Neural computation, 1997. 9(8): (1735–1780).

[31]Kuang, F., W. Xu, and S. Zhang, A novel hybrid KPCA and SVM with GA model for intrusion detection. Applied Soft Computing, 2014. 18: (178–184).

[32]Purushothaman, R., S. Rajagopalan, and G. Dhandapani, Hybridizing Gray Wolf Optimization (GWO) with Grasshopper Optimization Algorithm (GOA) for text feature selection and clustering. Applied Soft Computing, 2020. 96: (106651).

[33]Babagoli, M., Propose a meta-heuristic model of intrusion detection using feature selection based on improved gray wolf optimization and random forest. Signal and Data Processing, 2023. 20(1): (133–144).

[34]Faker, O. and E. Dogdu. Intrusion detection using big data and deep learning techniques. in Proceedings of the 2019 ACM Southeast conference. 2019.

[35]Akhlaghpour, M., Providing a Solution Based on Fuzzy Logic to Reduce False Positive Alarms in The Intrusion Detection System. Intelligent Multimedia Processing and Communication Systems (IMPCS), 2021. 2(4): (45–50).

[36]Netaj Salehdar, M.H., mproving the performance of intrusion detection systems using intelligent feature reduction algorithms, in The 13th International Conference of Iranian Operations Research Society, Shahrud,. 2019.

[37]Pham, N.T., et al. Improving performance of intrusion detection system using ensemble methods and feature selection. in Proceedings of the Australasian computer science week multiconference. 2018.

[38]Kilincer, I.F., F. Ertam, and A. Sengur, Machine learning methods for cyber security intrusion detection: Datasets and comparative study. Computer Networks, 2021. 188: (107840).

[39]Solhdar, M.N., Investigation of a new ensemble method of intrusion detection system on different data sets. Scientific Journal of Electronical & Cyber Defence, 2022. 10(3).