Rabbit and Tortoise Optimization Algorithm with Mutual Information Based Adaptive Strategy for Network Intrusion Detection

In the modern era of highly interconnectedness, data and information are constantly transmitted over networks. Ensuring the security of confidential information and protecting computer systems from network threats has become very important. Therefore, it is important to develop an effective network intrusion detection system (NIDS) using optimal features. These optimal features can be identified through computational intelligence by learning patterns and relationships among features using machine learning techniques. This paper presents a Rabbit and Tortoise optimization technique for selecting optimal features. For evaluation, the UNSW-NB15 dataset is utilized. The optimization results achieve an accuracy of 94.12% for binary classification and 93.92% for multi-class classification, with 26 optimal features selected from the entire feature set. To improve the approach, an adaptive strategy based on mutual information is used to control the number of optimal features. This strategy, together with the Rabbit and Tortoise algorithm, improves the accuracy, showing 94.69% for binary classification and 94.03% for multi-class classification, while reducing the number of selected features to 9 only. The comparative performance analysis shows that the proposed feature selection method outperforms other state-of-the-art methods, providing more accurate and reliable results in identifying cyber threats. In addition, the relationship plot between the number of optimal features and the accuracy of the model shows that selecting only 9 features is effective in achieving high accuracy in detecting and predicting cyber-attacks.

1. Moustafa, Nour, and Jill Slay. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 military communications and information systems conference (MilCIS), pp. 1-6. IEEE, 2015.

2. Choudhary, Sarika, and Nishtha Kesswani. Analysis of KDD-Cup’99, NSL-KDD and UNSW-NB15 datasets using deep learning in IoT. Procedia Computer Science 167 (2020): 1561-1573.

3. Selvakumar, B., and Karuppiah Muneeswaran. Firefly algorithm based feature selection for network intrusion detection. Computers & Security 81 (2019): 148-155.

4. Bhuvaneswari, T., M. Chengathir Selvi, R. Naga Priyadarsini, U. Eswaran, and RK Ramesh Babu. Feature selection with mutual information based cuckoo search optimization for Parkinson’s disease prediction. NeuroQuantology 20, no. 10 (2022): 1296.

5. Rana, Pratip, Phuc Thai, Thang Dinh, and Preetam Ghosh. Relevant and non-redundant feature selection for cancer classification and subtype detection. Cancers 13, no. 17 (2021): 4297.

6. Tahir, Mahjabeen, et al. A novel approach for handling missing data to enhance network intrusion detection system. Cyber Security and Applications 3 (2025): 100063.

7. Saheed, Yakub Kayode, and Sanjay Misra. A voting gray wolf optimizer-based ensemble learning models for intrusion detection in the Internet of Things. International Journal of Information Security 23.3 (2024): 1557-1581.

8. Zhu, Jingyi, and Xiufeng Liu. An integrated intrusion detection framework based on subspace clustering and ensemble learning. Computers and Electrical Engineering 115 (2024): 109113.

9. Hallaji, Ehsan, Roozbeh Razavi-Far, and Mehrdad Saif. Expanding analytical capabilities in intrusion detection through ensemble-based multi-label classification. Computers & Security 139 (2024): 103730.

10. Li, Shaoqin, Zhendong Wang, Shuxin Yang, Xiao Luo, Daojing He, and Sammy Chan. Internet of Things intrusion detection: Research and practice of NSENet and LSTM fusion models. Egyptian Informatics Journal 26 (2024): 100476.

11. Disha, Raisa Abedin, and Sajjad Waheed. Performance analysis of machine learning models for intrusion detection system using Gini Impurity-based Weighted Random Forest (GIWRF) feature selection technique. Cybersecurity 5.1 (2022): 1.

12. Keserwani, Pankaj Kumar, Mahesh Chandra Govil, and Emmanuel S. Pilli. An effective NIDS framework based on a comprehensive survey of feature optimization and classification techniques. Neural Computing and Applications 35.7 (2023): 4993-5013.

13. Yousefnezhad, Maryam, Javad Hamidzadeh, and Mohammad Aliannejadi. Ensemble classification for intrusion detection via feature extraction based on deep Learning. Soft Computing 25.20 (2021): 12667- 12683.

14. Kabilan, N., Vinayakumar Ravi, and V. Sowmya. Unsupervised intrusion detection system for in-vehicle communication networks. Journal of Safety Science and Resilience 5.2 (2024): 119-129.

15. Alazzam, Hadeel, Ahmad Sharieh, and Khair Eddin Sabri. A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Expert systems with applications 148 (2020): 113249.

16. Feroz Khan, A. B., and Anandharaj, G. A Multi-layer Security approach for DDoS detection in Internet of Things. International Journal of Intelligent Unmanned Systems 9, no. 3 (2021): 178-191.

17. Megantara, Achmad Akbar, and Tohari Ahmad. A hybrid machine learning method for increasing the performance of network intrusion detection systems. Journal of Big Data 8, no. 1 (2021): 142.

18. Almiani, Muder, Alia AbuGhazleh, Amer Al-Rahayfeh, Saleh Atiewi, and Abdul Razaque. Deep recurrent neural network for IoT intrusion detection system. Simulation Modelling Practice and Theory 101 (2020): 102031.

19. Bhattacharya, Sweta, Praveen Kumar Reddy Maddikunta, Rajesh Kaluri, Saurabh Singh, Thippa Reddy Gadekallu, Mamoun Alazab, and Usman Tariq. A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics 9, no. 2 (2020): 219.

20. Moualla, Soulaiman, Khaldoun Khorzom, and Assef Jafar. Improving the Performance of Machine Learning‐Based Network Intrusion Detection Systems on the UNSW‐NB15 Dataset. Computational Intelligence and Neuroscience 2021, no. 1 (2021): 5557577.

21. Saheed, Yakub Kayode., and Micheal Olaolu Arowolo. Efficient cyber attack detection on the internet of medical things-smart environment based on deep recurrent neural network and machine learning algorithms. IEEE Access 9 (2021): 161546-161554.

22. Devprasad, Kayathri Devi, Sukumar Ramanujam, and Suresh Babu Rajendran. Context adaptive ensemble classification mechanism with multi‐criteria decision making for network intrusion detection. Concurrency and Computation: Practice and Experience 34, no. 21 (2022): e7110.

23. Shiravani, Anita, Mohammad Hadi Sadreddini, and Hassan Nosrati Nahook. Network intrusion detection using data dimensions reduction techniques. Journal of Big Data 10, no. 1 (2023): 27.

24. Kasongo, Sydney M., and Yanxia Sun. Performance analysis of intrusion detection systems using a feature selection method on the UNSW-NB15 dataset. Journal of Big Data 7, no. 1 (2020): 105.

25. Kumar, Vikash, Ditipriya Sinha, Ayan Kumar Das, Subhash Chandra Pandey, and Radha Tamal Goswami. An integrated rule based intrusion detection system: analysis on UNSW-NB15 data set and the real time online dataset. Cluster Computing 23 (2020): 1397-1418.

26. Meftah, Souhail, Tajjeeddine Rachidi, and Nasser Assem. Network based intrusion detection using the UNSW-NB15 dataset. International Journal of Computing and Digital Systems 8, no. 5 (2019): 478-487.

27. Almomani, Omar. A feature selection model for network intrusion detection system based on PSO, GWO, FFA and GA algorithms. Symmetry 12, no. 6 (2020): 1046.

28. Ahmad, Zeeshan, Adnan Shahid Khan, Cheah Wai Shiang, Johari Abdullah, and Farhan Ahmad. Network intrusion detection system: A systematic study of machine learning and deep learning approaches. Transactions on Emerging Telecommunications Technologies 32, no. 1 (2021): e4150.

29. Belouch, Mustapha, Salah El Hadaj, and Mohamed Idhammad. A two-stage classifier approach using reptree algorithm for network intrusion detection. International Journal of Advanced Computer Science and Applications 8, no. 6 (2017).

30. Moustafa, Nour, and Jill Slay. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective 25, no. 1-3 (2016): 18-31.

31. Swami, Rochak, Mayank Dave, and Virender Ranga. Voting‐based intrusion detection framework for securing software‐defined networks. Concurrency and computation: practice and experience 32.24 (2020): e5927.

32. Tama, Bayu Adhi, and Kyung-Hyune Rhee. An in-depth experimental study of anomaly detection using gradient boosted machine. Neural Computing and Applications 31 (2019): 955-965.

33. Gu, Jie, and Shan Lu. An effective intrusion detection approach using SVM with naïve Bayes feature embedding. Computers & Security 103 (2021): 102158.

34. Moustafa, Nour, Jill Slay, and Gideon Creech. Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Transactions on Big Data 5.4 (2017): 481-494.

35. Moustafa, Nour, and Jill Slay. A hybrid feature selection for network intrusion detection systems: Central points. arXiv preprint arXiv:1707.05505 (2017).

36. Khammassi, Chaouki, and Saoussen Krichen. A GA-LR wrapper approach for feature selection in network intrusion detection. computers & security 70 (2017): 255-277.

37. Sethi, Kamalakanta, E. Sai Rupesh, Rahul Kumar, Padmalochan Bera, and Y. Venu Madhav. A context-aware robust intrusion detection system: a reinforcement learning-based approach. International Journal of Information Security 19 (2020): 657-678.

38. Kumar, V., D. Sinha, A. K. Das, S. C. Pandey, and R. T. Goswami. An integrated rule based Intrusion Detection System: Analysis on UNSW-NB15 Data Set and the real time online dataset-cluster computing. SpringerLink (2019).

39. Moustafa, Nour, and Jill Slay. The significant features of the UNSW-NB15 and the KDD99 data sets for network intrusion detection systems. In 2015 4th international workshop on building analysis datasets and gathering experience returns for security (BADGERS), pp. 25-31. IEEE, 2015.

40. https://research.unsw.edu.au/projects/unsw-nb15-dataset.

41. Breiman, Leo. Random forests. Machine learning 45 (2001): 5-32.

42. Dorogush, Anna Veronika, Vasily Ershov, and Andrey Gulin. CatBoost: gradient boosting with categorical features support. arXiv preprint arXiv:1810.11363 (2018).

43. Chen, Tianqi, and Carlos Guestrin. Xgboost: A scalable tree boosting system. In Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining, pp. 785-794. 2016.

44. Wang, Hui. Nearest neighbours without k: a classification formalism based on probability. Faculty of Informatics, University of Ulster (2002).

45. Jung, Alexander. Machine learning: the basics. Springer Nature, 2022.

46. Peter Gammie, The Tortoise and Hare Algorithm, 2015, [online] Available: http://isa-afp.org/entries/TortoiseHare.html.

47. MI Hoque, Nazrul, Dhruba K. Bhattacharyya, and Jugal K. Kalita. MIFS-ND: A mutual information-based feature selection method. Expert systems with applications 41, no. 14 (2014): 6371-6385.

48. Srinivasan, Manohar, and Narayanan Chidambaram Senthil kumar. Class imbalance data handling with optimal deep learning-based intrusion detection in IoT environment. Soft Computing 28, no. 5 (2024): 4519-4529.