Department of Computer Science, Faculty of Computers and Informatics, Suez Canal University, Ismailia, Egypt.
Faculty of Information Technology, Misr University for Science and Technology, Egypt.
PLoS One. 2023 Aug 1;18(8):e0284795. doi: 10.1371/journal.pone.0284795. eCollection 2023.
Over the years, intrusion detection system has played a crucial role in network security by discovering attacks from network traffics and generating an alarm signal to be sent to the security team. Machine learning methods, e.g., Support Vector Machine, K Nearest Neighbour, have been used in building intrusion detection systems but such systems still suffer from low accuracy and high false alarm rate. Deep learning models (e.g., Long Short-Term Memory, LSTM) have been employed in designing intrusion detection systems to address this issue. However, LSTM needs a high number of iterations to achieve high performance. In this paper, a novel, and improved version of the Long Short-Term Memory (ILSTM) algorithm was proposed. The ILSTM is based on the novel integration of the chaotic butterfly optimization algorithm (CBOA) and particle swarm optimization (PSO) to improve the accuracy of the LSTM algorithm. The ILSTM was then used to build an efficient intrusion detection system for binary and multi-class classification cases. The proposed algorithm has two phases: phase one involves training a conventional LSTM network to get initial weights, and phase two involves using the hybrid swarm algorithms, CBOA and PSO, to optimize the weights of LSTM to improve the accuracy. The performance of ILSTM and the intrusion detection system were evaluated using two public datasets (NSL-KDD dataset and LITNET-2020) under nine performance metrics. The results showed that the proposed ILSTM algorithm outperformed the original LSTM and other related deep-learning algorithms regarding accuracy and precision. The ILSTM achieved an accuracy of 93.09% and a precision of 96.86% while LSTM gave an accuracy of 82.74% and a precision of 76.49%. Also, the ILSTM performed better than LSTM in both datasets. In addition, the statistical analysis showed that ILSTM is more statistically significant than LSTM. Further, the proposed ISTLM gave better results of multiclassification of intrusion types such as DoS, Prob, and U2R attacks.
多年来,入侵检测系统通过发现来自网络流量的攻击并生成报警信号发送给安全团队,在网络安全中发挥了至关重要的作用。支持向量机、K 最近邻等机器学习方法已被用于构建入侵检测系统,但此类系统仍存在准确率低、误报率高的问题。深度学习模型(如长短期记忆网络,LSTM)已被应用于入侵检测系统的设计中,以解决这一问题。然而,LSTM 需要大量的迭代才能达到高性能。本文提出了一种新颖的、改进的长短期记忆(ILSTM)算法。该 ILSTM 基于混沌蝴蝶优化算法(CBOA)和粒子群优化(PSO)的新颖集成,提高了 LSTM 算法的准确性。然后,我们使用 ILSTM 为二进制和多类分类情况构建了一个高效的入侵检测系统。该算法有两个阶段:第一阶段涉及训练一个传统的 LSTM 网络以获得初始权重,第二阶段涉及使用混合群算法 CBOA 和 PSO 来优化 LSTM 的权重以提高准确性。我们使用两个公共数据集(NSL-KDD 数据集和 LITNET-2020)和九个性能指标评估了 ILSTM 和入侵检测系统的性能。结果表明,在准确性和精度方面,所提出的 ILSTM 算法优于原始 LSTM 和其他相关的深度学习算法。ILSTM 的准确率为 93.09%,精度为 96.86%,而 LSTM 的准确率为 82.74%,精度为 76.49%。此外,ILSTM 在两个数据集上的表现都优于 LSTM。此外,统计分析表明,ILSTM 比 LSTM 更具统计学意义。此外,所提出的 ILSTM 对 DoS、Prob 和 U2R 等入侵类型的多分类结果更好。
