Алгоритм оптимизации «черепаха и заяц» с адаптивной стратегией на основе взаимной информации для обнаружения сетевых вторжений

В современную эпоху сильной взаимосвязанности данные и информация постоянно передаются по сетям. Обеспечение безопасности конфиденциальной информации и защиты компьютерных систем от сетевых угроз стало очень актуально. Поэтому важна разработка эффективной системы обнаружения вторжений в сеть (NIDS) с использованием оптимальных признаков. Эти признаки могут быть определены с помощью искусственного интеллекта путем изучения шаблонов и взаимосвязей методами машинного обучения (machine learning, ML). В статье представлена методика оптимизации типа «черепаха и заяц» для выбора оптимальных признаков. Для оценки используется набор данных UNSW-NB15. Результаты оптимизации достигают точности 94,12% для бинарной классификации и 93,92% для многоклассовой классификации, при этом из всего набора признаков выбираются 26 оптимальных. Чтобы улучшить подход, используется адаптивная стратегия на основе взаимной информации для управления количеством оптимальных признаков. Эта стратегия вместе с алгоритмом черепахи и зайца повышает точность, показывая 94,69% для бинарной классификации и 94,03% для многоклассовой классификации, при этом сокращая количество выбранных признаков до 9. Сравнительный анализ производительности показывает, что предлагаемый метод выбора признаков превосходит другие современные методы, обеспечивая более точные и надежные результаты при выявлении киберугроз. Кроме того, график связи количества оптимальных признаков и точности модели показывает, что выбор только 9 признаков является эффективным для достижения высокой точности обнаружения и прогнозирования кибератак.

1. Moustafa, Nour, and Jill Slay. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 military communications and information systems conference (MilCIS), pp. 1-6. IEEE, 2015.

2. Choudhary, Sarika, and Nishtha Kesswani. Analysis of KDD-Cup’99, NSL-KDD and UNSW-NB15 datasets using deep learning in IoT. Procedia Computer Science 167 (2020): 1561-1573.

3. Selvakumar, B., and Karuppiah Muneeswaran. Firefly algorithm based feature selection for network intrusion detection. Computers & Security 81 (2019): 148-155.

4. Bhuvaneswari, T., M. Chengathir Selvi, R. Naga Priyadarsini, U. Eswaran, and RK Ramesh Babu. Feature selection with mutual information based cuckoo search optimization for Parkinson’s disease prediction. NeuroQuantology 20, no. 10 (2022): 1296.

5. Rana, Pratip, Phuc Thai, Thang Dinh, and Preetam Ghosh. Relevant and non-redundant feature selection for cancer classification and subtype detection. Cancers 13, no. 17 (2021): 4297.

6. Tahir, Mahjabeen, et al. A novel approach for handling missing data to enhance network intrusion detection system. Cyber Security and Applications 3 (2025): 100063.

7. Saheed, Yakub Kayode, and Sanjay Misra. A voting gray wolf optimizer-based ensemble learning models for intrusion detection in the Internet of Things. International Journal of Information Security 23.3 (2024): 1557-1581.

8. Zhu, Jingyi, and Xiufeng Liu. An integrated intrusion detection framework based on subspace clustering and ensemble learning. Computers and Electrical Engineering 115 (2024): 109113.

9. Hallaji, Ehsan, Roozbeh Razavi-Far, and Mehrdad Saif. Expanding analytical capabilities in intrusion detection through ensemble-based multi-label classification. Computers & Security 139 (2024): 103730.

10. Li, Shaoqin, Zhendong Wang, Shuxin Yang, Xiao Luo, Daojing He, and Sammy Chan. Internet of Things intrusion detection: Research and practice of NSENet and LSTM fusion models. Egyptian Informatics Journal 26 (2024): 100476.

11. Disha, Raisa Abedin, and Sajjad Waheed. Performance analysis of machine learning models for intrusion detection system using Gini Impurity-based Weighted Random Forest (GIWRF) feature selection technique. Cybersecurity 5.1 (2022): 1.

12. Keserwani, Pankaj Kumar, Mahesh Chandra Govil, and Emmanuel S. Pilli. An effective NIDS framework based on a comprehensive survey of feature optimization and classification techniques. Neural Computing and Applications 35.7 (2023): 4993-5013.

13. Yousefnezhad, Maryam, Javad Hamidzadeh, and Mohammad Aliannejadi. Ensemble classification for intrusion detection via feature extraction based on deep Learning. Soft Computing 25.20 (2021): 12667- 12683.

14. Kabilan, N., Vinayakumar Ravi, and V. Sowmya. Unsupervised intrusion detection system for in-vehicle communication networks. Journal of Safety Science and Resilience 5.2 (2024): 119-129.

15. Alazzam, Hadeel, Ahmad Sharieh, and Khair Eddin Sabri. A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Expert systems with applications 148 (2020): 113249.

16. Feroz Khan, A. B., and Anandharaj, G. A Multi-layer Security approach for DDoS detection in Internet of Things. International Journal of Intelligent Unmanned Systems 9, no. 3 (2021): 178-191.

17. Megantara, Achmad Akbar, and Tohari Ahmad. A hybrid machine learning method for increasing the performance of network intrusion detection systems. Journal of Big Data 8, no. 1 (2021): 142.

18. Almiani, Muder, Alia AbuGhazleh, Amer Al-Rahayfeh, Saleh Atiewi, and Abdul Razaque. Deep recurrent neural network for IoT intrusion detection system. Simulation Modelling Practice and Theory 101 (2020): 102031.

19. Bhattacharya, Sweta, Praveen Kumar Reddy Maddikunta, Rajesh Kaluri, Saurabh Singh, Thippa Reddy Gadekallu, Mamoun Alazab, and Usman Tariq. A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics 9, no. 2 (2020): 219.

20. Moualla, Soulaiman, Khaldoun Khorzom, and Assef Jafar. Improving the Performance of Machine Learning‐Based Network Intrusion Detection Systems on the UNSW‐NB15 Dataset. Computational Intelligence and Neuroscience 2021, no. 1 (2021): 5557577.

21. Saheed, Yakub Kayode., and Micheal Olaolu Arowolo. Efficient cyber attack detection on the internet of medical things-smart environment based on deep recurrent neural network and machine learning algorithms. IEEE Access 9 (2021): 161546-161554.

22. Devprasad, Kayathri Devi, Sukumar Ramanujam, and Suresh Babu Rajendran. Context adaptive ensemble classification mechanism with multi‐criteria decision making for network intrusion detection. Concurrency and Computation: Practice and Experience 34, no. 21 (2022): e7110.

23. Shiravani, Anita, Mohammad Hadi Sadreddini, and Hassan Nosrati Nahook. Network intrusion detection using data dimensions reduction techniques. Journal of Big Data 10, no. 1 (2023): 27.

24. Kasongo, Sydney M., and Yanxia Sun. Performance analysis of intrusion detection systems using a feature selection method on the UNSW-NB15 dataset. Journal of Big Data 7, no. 1 (2020): 105.

25. Kumar, Vikash, Ditipriya Sinha, Ayan Kumar Das, Subhash Chandra Pandey, and Radha Tamal Goswami. An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset. Cluster Computing 23 (2020): 1397-1418.

26. Meftah, Souhail, Tajjeeddine Rachidi, and Nasser Assem. Network based intrusion detection using the UNSW-NB15 dataset. International Journal of Computing and Digital Systems 8, no. 5 (2019): 478-487.

27. Almomani, Omar. A feature selection model for network intrusion detection system based on PSO, GWO, FFA and GA algorithms. Symmetry 12, no. 6 (2020): 1046.

28. Ahmad, Zeeshan, Adnan Shahid Khan, Cheah Wai Shiang, Johari Abdullah, and Farhan Ahmad. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies 32, no. 1 (2021): e4150.

29. Belouch, Mustapha, Salah El Hadaj, and Mohamed Idhammad. A two-stage classifier approach using reptree algorithm for network intrusion detection. International Journal of Advanced Computer Science and Applications 8, no. 6 (2017).

30. Moustafa, Nour, and Jill Slay. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective 25, no. 1-3 (2016): 18-31.

31. Swami, Rochak, Mayank Dave, and Virender Ranga. Voting‐based intrusion detection framework for securing software‐defined networks. Concurrency and computation: practice and experience 32.24 (2020): e5927.

32. Tama, Bayu Adhi, and Kyung-Hyune Rhee. An in-depth experimental study of anomaly detection using gradient boosted machine. Neural Computing and Applications 31 (2019): 955-965.

33. Gu, Jie, and Shan Lu. An effective intrusion detection approach using SVM with naïve Bayes feature embedding. Computers & Security 103 (2021): 102158.

34. Moustafa, Nour, Jill Slay, and Gideon Creech. Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Transactions on Big Data 5.4 (2017): 481-494.

35. Moustafa, Nour, and Jill Slay. A hybrid feature selection for network intrusion detection systems: Central points. arXiv preprint arXiv:1707.05505 (2017).

36. Khammassi, Chaouki, and Saoussen Krichen. A GA-LR wrapper approach for feature selection in network intrusion detection. computers & security 70 (2017): 255-277.

37. Sethi, Kamalakanta, E. Sai Rupesh, Rahul Kumar, Padmalochan Bera, and Y. Venu Madhav. A context-aware robust intrusion detection system: a reinforcement learning-based approach. International Journal of Information Security 19 (2020): 657-678.

38. Kumar, V., D. Sinha, A. K. Das, S. C. Pandey, and R. T. Goswami. An integrated rule based Intrusion Detection System: Analysis on UNSW-NB15 Data Set and the real time online dataset-cluster computing. SpringerLink (2019).

39. Moustafa, Nour, and Jill Slay. The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In 2015 4th international workshop on building analysis datasets and gathering experience returns for security (BADGERS), pp. 25-31. IEEE, 2015.

40. https://research.unsw.edu.au/projects/unsw-nb15-dataset.

41. Breiman, Leo. Random forests. Machine learning 45 (2001): 5-32.

42. Dorogush, Anna Veronika, Vasily Ershov, and Andrey Gulin. CatBoost: gradient boosting with categorical features support. arXiv preprint arXiv:1810.11363 (2018).

43. Chen, Tianqi, and Carlos Guestrin. Xgboost: A scalable tree boosting system. In Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining, pp. 785-794. 2016.

44. Wang, Hui. Nearest neighbours without k: a classification formalism based on probability. Faculty of Informatics, University of Ulster (2002).

45. Jung, Alexander. Machine learning: the basics. Springer Nature, 2022.

46. Peter Gammie, The Tortoise and Hare Algorithm, 2015, [online] Available: http://isa-afp.org/entries/TortoiseHare.html.

47. MI Hoque, Nazrul, Dhruba K. Bhattacharyya, and Jugal K. Kalita. MIFS-ND: A mutual information-based feature selection method. Expert systems with applications 41, no. 14 (2014): 6371-6385.

48. Srinivasan, Manohar, and Narayanan Chidambaram Senthil kumar. Class imbalance data handling with optimal deep learning-based intrusion detection in IoT environment. Soft Computing 28, no. 5 (2024): 4519-4529.