(A) bio-inspired intrusion detection system for unknown-attacks combining ant clustering algorithm and decision tree

Abstract

Intrusion Detection System (IDS) monitors network traffic and detects users' malicious activities. IDS can be divided by its detection type as Signature-based IDS and Anomaly-based IDS. IDS can be divided as a Network IDS and a Host IDS. As internet of things era is coming, the amount of network traffic increases explosively. Labeling a traffic manually whether attack or not is difficult under this condition. Also new unknown-attacks are appearing constantly, the detection of unknown-attacks has become the essential part of IDS as well as the detection of known-attacks. Unknown-attack detection is a research area about detecting attacks without any specific prior knowledge of attacks. IDS should have capability to determine an input whether attack or not based on the unlabeled dataset since unknown-attacks are not known to IDS. To solve these difficulties, we need to find a way to learn about normal traffic and attack traffic on the unlabeled dataset. This paper proposes a novel IDS scheme for unknown-attacks based on the clustering model. The proposed IDS combines two machine learning algorithms, Ant Clustering Algorithm (ACA) and Decision Tree(DT). The IDS learns on the unlabeled dataset by itself and constructs the profile of normal behavior. After construction of the profile, the IDS can detect unknown-attacks. The IDS consists of two main engines: the ACA engine and the DT engine. The IDS builds clusters on unlabeled dataset by using ACA. Based on the clustering result, the ACA engine classifies normal traffic and attack traffic. The DT engine trains detectors based on the result of the ACA engine. The proposed IDS was experimented on the KDD Cup 1999 Dataset. Evaluation criteria for performance of the proposed IDS are detection rate, false positive rate, and accuracy. The IDS has much higher detection rate and accuracy than Hosseinpour et al. [1] which has similar approach with ours.