A Hybrid Anomaly Classification with Deep Learning (DL) and Binary

Algorithms (BA) as Optimizer in the Intrusion Detection System (IDS)

Kavita Poonia, Prachi Pardhi, Revati Vilas Wable

NIT Raipur
[email protected]
NIT Raipur
[email protected]
NIT Raipur
[email protected]

Abstract. Intrusion Detection System has become the need of the hour due to the increase in threat from
unknown sources. In this research paper we have used machine learning to increase the rate of detection of these
malware attacks to provide a secured system to the end user. It was observed that using this as the computational
technique high accuracy was obtained and low false alarm rate for the given dataset. Therefore we have presented
a hybrid anomaly classification of the intrusion detection system performed by deep learning (DL) and binary
algorithms (BA) as an optimizer. To achieve such a type of security, an optimizer is implemented that increases
the rate of detection. A comprehensive experimental study has been proposed to insured secured systems.
Keywords: Intrusion Detection System, Deep learning, Anomaly Classification, Binary Algorithms

1 Introduction

Cyberattacks have increased monotonically with the increase in innovations in information technology. Research
shows that as per the World Economic Forum (2018) report cybersecurity [1] has become a crucial problem. Even
cyber threats are developing with the increasing use of the internet and huge amounts of data being accessed rather
than our ability to deal with them. Thus, we need concrete solutions to tackle such errors by updating antivirus and
antispyware softwares on every computer that is being used. We should use a firewall to ensure secured internet
connection. We should also download and install software updates for operating systems and applications. Make
backup copies of useful data and information. Regulate physical access to computers and network components.
Secure your Wi-Fi networks. You can make your Wi-Fi network secure and hidden for your workplace by changing
passwords frequently. However, feature extraction has been utilized in various image processing based [2-9]
domains and in recent years, computer vision-based image-processing [10], [11] and supervised learning with
convolutional networks (CNNs) has seen huge adoption in intelligent applications [12], [13] and [14]. One technique
ensures security from cyber attacks is intrusion detection systems. Such a system can be used to monitor the network
traffic for suspicious content/activity [15] and alert the user as and when such activities are encountered. It is also
called a software application which timely checks the system. As soon as any kind of intrusion is observed or
detected that may lead to policy information breaching it is generally reported. The reported location is the
administrator who now deals with these malicious contents or intrusions by using a secured information and event
management system shortly known as (SIEM) . Techniques like alarm filtering can be used in such systems to
differentiate malicious activity (that might be generated by the system) from false alarms. Intrusion detection [16]
systems usually work by looking for signatures of discovered cyber attacks or anomalies from usual activities. These
attacks are pushed up the stack for further examination at the application layer. Its prime focus is to identify any
malicious activity for the detection of cyber attacks that somehow manage to slip past despite the firewall set within
the network.

1.1 Intrusion Detection System

It can be classified on the various types of ranges that are identified in scope from single computers to large
networks as per the requirement. The most common classifications of these systems are network intrusion detection
systems or NIDS and host based intrusion detection systems or HIDS. It observed that in a network intrusion
detection system it is observed that regular monitoring of operating system files is done to analyze incoming
network traffic [17]. In case of HIDS there is a system made with the intention of securing the network. These
systems can further add on the services by using custom tools. These tools are used with the purpose of attracting
and characterizing suspicious activities. The basic difference between an IDS and firewall is that a firewall looks
outwardly (for intrusions) to prevent them from happening while IDS looks inside. Some networks install firewalls
for extra security. These when installed in the network are meant to restrict the access between the networks.
Whenever an attack or intrusion is encountered (usually from inside the network) it doesn't signal about the intrusion
unlike the Intrusion Detection System. IDS generally describes these suspected intrusions as soon as found and
further signals an alarm. However, both are related in terms that they both ensure or rather maintain network
security. The two detection methods of intrusion detection system are: signature based and anomaly based method
(discussed in the later sections).

Fig. 1. Intrusion Detection System

Anomaly Based Intrusion Detection System. The Anomaly classification is the process of finding probable
outliers in a given dataset where outliers are data objects that are observed amongst other objects in the dataset.
Anomaly detection on the other hand is identified as a branch of data science. This branch supposedly combines the
different data science tasks (that may be user specific like classification, regression, and clustering). They do not
confer to the normal behavior in a dataset. Here, the variable is to be determined or the target variable checks for its
transaction so that it can be finally identified as an outlier or not an outliner depending on the observations.
Anomaly-based system [18] was introduced and further analysed by several researchers and authors. They found
that it is generally used for detection of malicious attacks because new attacks of any kind may be malware related
or adversarial are developing increasingly. In this type of detection method machine learning is used to create a
trustworthy activity model. In this case the input data fed into the system is compared with the available models.
They are marked suspicious or not depending on the previously trained model. It is a machine learning based
method thereby ensuring a more generalized property in comparison to the other detection method (signature-based
IDS). These models are trained as per the applications and hardware configurations of the to be user.
 Fig. 2. Anomaly Based Intrusion Detection System

1.2 Binary Genetic Algorithm (BGA)

One of the binary versions of the genetic algorithm used for intelligent exploitation search algorithms. It is based on
the concepts of natural selection and (evolutionary) genetics. Being a part of such an evolutionary computing
mimics the idea of Darwin’s survival of the fittest theory [19]. This helps in reaching a global solution for the
optimization problem. A set of population is selected randomly in this process using different genetic operators like
mutation, crossover and others to search for the global solution set (to act on the population). These operators
maintain Genetic diversity throughout the process (as it is needed for natural evolution). Figure 3 depicts the
working of a binary genetic algorithm (BGA) [20]. However, it faces some issues like selection of elite chromosome
or initial population size, maximum number of iterations, different probability values, stopping criteria and others
that play major roles in this version of genetic algorithm.
 Fig. 3. Flow diagram of Binary Genetic Algorithm (BGA)

1.3 Binary Gravitational Search Algorithm (BGSA)

One of the latest optimization algorithms inspired from binary genetic algorithms based on mass interactions and the
law of gravity. This type of algorithm is generally developed with the objective of collecting masses on the basis of
the communication identified or analyzed by the Newtonian laws of gravity and motion. In BGSA [22], each mass
i.e. an agent has four specifications: passive gravitational mass, inertial mass, active gravitational mass and position
where the position corresponds to a solution of the problem. The gravitational and inertial masses are determined
using the fitness function (used for most GA) that is adjusted for each mass (that represents a solution and the
algorithm). We can expect that masses will be attracted by the heaviest mass with time. This mass represents an
optimal solution (to the BGSA) in the search space. Figure 4 shows the working [23] of Binary Gravitational Search
Algorithm (BGSA). It is often considered as an isolated system of masses or a small artificial world of masses that
basically obey the Newtonian laws of gravitation and motion.
 Fig. 4. Flow diagram of Binary Gravitational Search Algorithm (BGSA)

2 Literature Review

Intrusion detection systems [24] were developed so that they can be deployed in various frameworks thereby
covering a large number of users. An IDS can either be host-based or network-based like many other cybersecurity
solutions. These days data mining is the latest technology introduced in the network security environment to find
regularities and irregularities in large datasets. Hybrid learning approaches[25] ensure the best (possible) accuracy
and detection rate can also be achieved. Different classifiers can be used to form a hybrid learning approach such as
combination of clustering and classification techniques[26]. Data mining tools like K-means and DBscan can be
utilized to efficiently recognize a group of traffic behaviours which resemble each other using cluster analysis [27].
As it is a simple structure, naive classification can be very efficient to get highly competitive and accurate results in
hybrid anomaly based intrusion detection systems [28]. T. Velmurugan and T. Santhanam [29] have analyzed the
accuracy and efficiency of k-mean and k-medoid clustering algorithms with the help of huge dataset. in the cases of
normal and uniform distribution; and found that the average time taken by k-Means algorithm is greater than that of
k-Medoids algorithms for both the cases. Xiang et. al. designed and proposed a model which contains three-levels of
decision tree classification to enhance detection rate. This model is more accurate and efficient in detecting familiar
threats but low detection rate for unknown attacks and generation of high false alarm rates [30] is the intense
drawback. Peddabachigiri et. al. proposed the intrusion detection system based model. It used a hierarchical hybrid
intelligent system which was further merged with a decision tree and support vector machine shortly known as the
(DTSVM). This was done so that the model produces a high detection rate and at the same time secures the system
from different attacks against the usual behaviour [31]. Ming Xue and Changjun Zhu proposed Data mining
technology will be applied to Network Intrusion Detection System (NIDS) [32].The common clustering algorithms
in data mining include K-means, obscure clustering, inherited clustering and etc. Clustering intrusion detection is
also a type of intrusion detection system. Here, the anomaly is unsupervised and the training is performed on
unmarked data that can be used for intrusion detection. Due to that, this method needs no manual or other kind of
classification, nor training process, so that it can discover new and unknown intrusion types.

Table 1. Literature review of researches of Intrusion Detection System designs.

Sr.No Author
1 Hasani et al. (2014) [33]
2 Gupta and Shrivastav [34]
3 Kim et al. (2014) [35]
4 Guo et al. (2016) [36]
5 Hu et al. (2008) [37]
6 Mazraeh et al. (2016) [38]
7 Singh et al. (2015) [39]
8 Al-Yaseen et al. (2016) [40]
9 Sujitha and Kavitha (2015) [41]
10 Horng et al. (2011) [42]
Method Result
The LGP-BA algorithm was used for feature Increased efficiency and
selection and the to categorize the acquired accuracy
feature SVM was used.
To classify normal attacks SVM was used and to Increased accuracy is
enhance performance improvements in IDS BC observed.
was used.
To detect intrusions the combination of misuse Reduction in the high time
detection and anomaly detection methods is complexity of the training
used. and testing processes was
observed.
To reduce FPR and FNR K-NN and K-means Low false positive rate in
algorithms are used. detecting network anomalies
effectively.
On the basis of the AdaBoost algorithm an Low error rates and
Intrusion Detection Algorithm is introduced. computational complexity.
For feature categorization the main learning The efficiency of the
algorithms, SVM, Bayes Naive, and J48, have proposed method is superior.
been used.
A technique which was based on the Online Accuracy is higher in
Sequential Extreme Learning Machine (OS- comparison to other
ELM) is proposed. published techniques as well
as better performance in
terms of false positive rate
and detection time.
Using a combination of K-means, SVM, and High efficiency in attack
ELM algorithms a multi-level hybrid intrusion detection and its accuracy is
detection model is presented. comparatively better than
other proposed methods.
For feature selection A multi-objective particle The system is efficient and
swarm optimization algorithm is used. highly robust and it can deal
with real-time attacks and it
can detect.
An SVM-based intrusion detection system based Probe attacks better than
on SVM with BIRCH algorithm is proposed. previous methods and detects
DoS .

3 Methodology

Deep learning i.e a part of Machine Learning is heavily used to develop intrusion detection systems to ensure
security from attacks both malware and adversarial. It detects and classifies these attacks at the network-level as
well as the host-level from time to time. In the proposed model the number of hidden layers follow a hyperparameter
selection method. The information is transformed from one layer to another in a forward direction with neurons
being fully connected in each layer. An intuitive overview of DNN architecture [43-50] for all use cases is shown in
the figure below. This contains an input layer, 5 hidden layers and an output layer. Moreover, researchers create
charts and diagrams to be used as measuring phase and to visualize the outcome of the experiments. Thus, model
evaluations are included in this section and all the results and charts which would be created within the next section
of results and finding. In this study, researchers will use the DL methods. In the following Figures will explain the
complete system block diagram and the overall & experimental view of the system.
Fig. 5. The Overall and Experimental View of System

Fig. 6. Complete System Block Diagram

This part is related to the stage for classification with DL and BA. As can be seen in this phase, the classification
will be based on the DNN and the hybrid version which is DNN and BA as optimizer methods [51-52]. In this
section, researchers will use the whole set of datasets for the classification purpose. After pre-processing of data set
and selecting the number set of datasets, the machine will be categorized for DL and hybrid methods. For the DL in
this study will use the DNN. The procedure of it is like this, In the first phase of the dataset, after preprocessing it
will go to the DNN and after the processing and working with machine system which explained in the Figure the
next process would be labeling which in the next, the results will outcome based on the metrics of accuracy, time,
error, etc. It will have this preprocessing and process for hybrid method which right after finishing those processes
next will be composition of the outcomes of these two methods together.

4 Results

The results will be shown in terms of accuracy, other predefined metrics for each stage. After implementing the
model and getting all the results it will have the section of evaluation and validation. This stage will be for outcome
based on the DL and Hybrid and shows which method will be perfect to set as classification in terms of intrusion
detection. Based on the results, it shows which hybrid will be the better platform for implantation and gain the rate
of detection. The stage one is for the DL levels, and DL level will have its own results at the end based on some
important metrics like accuracy, time and error. The classification in this part is based on normal and abnormal data
of different types of attacks. Moreover, the next level will be based on the DL and BA optimizer to figure out how
BA can enhance the rate of detection. Also, this stage will have its own results at the end based on some important
metrics like accuracy, time and error. The goal of this work is to compare DL and Hybrid methods to show the
performance analysis in terms of anomaly detection and show its performance results. Using the following
comparison parameters the results have been drawn.

4.1 Anomaly classification of IDS based on Accuracy

In this part, Analysis Classification Performance based on Accuracy Measurement for DL and Hybrid method
collected as normal and abnormal had been carried out. Different DL and Hybrid methods, which for the DL
implement the DNN and for the Hybrid implement the DNN with the BA in terms of BBBA, BGA, and BGSA. The
results for accuracy, precision, and recall are reported in the following table. The accuracy will be the percentage of
overall objects correctly classified. Further, the recall which is also called true positive rate is indicating the amounts
of items out of the total correctly identified as positive true positive. Furthermore, precision is showing the amounts
of items properly recognized as positive out of the complete positive items.

Table 2. Anomaly classification of IDS based on Accuracy

Parameters DNN DNN+BBA DNN+BGA DNN+BGSA
Accuracy 96.47 97.027 96.48 99.002
Recall 96.557 97.532 96.564 99.022
Precision 96.288 96.504 96.394 98.984

4.2 Anomaly classification of IDS based on Confusion Matrix

Following table represents the results of the confusion matrix for the classification performance of DL and hybrid
versions of BBA, BGA, and BGSA. TP is the percentage of positive instances that have been recognized accurately.
In this research it considers the amounts of attacks which are properly predicted as an offense. In this experiment the
highest rate of TP is belonging to DNN with a rate of 10182 records and the minimum rate is for Hybrid BGSA
which is 10026 records. Moreover, FP is the number of negative instances classified as positive wrongly, and within
this study it will refer to the amounts of benign events foreseen as attacks. Based on the outcome, the max and min
rate is for DNN and hybrid version of BGSA with the rates of 368 and 105 records, which the lowest rate shows the
better classification, which has less incorrectly classified portion. Furthermore, TN is described as the number of
negative instances that have been correctly categorized. In this case study it shows the amounts of benign
occurrences effectively marked as normal. According to the results of this study problems the sublime rate of TN is
for hybrid BGSA, and the minority rate is for DNN which are 10230 and 9547records. However, FN is the number
of records of positive instances classified as negative wrongly, and for the outcome of this research it illustrates the
amount of attacks which are wrongly predicted as normal. The utmost and minimalist portion of FN in this research
respectively are 363 and 99 records for DNN and hybrid BGSA. It shows the highest rate is for DNN, and the min is
belonging to hybrid BGSA. The below table represents the results of confusion matrix for the classification
performance of DL and hybrid versions of BBA, BGA, and BGSA.

Table 3. Anomaly classification of IDS based on Confusion Matrix

Parameters DNN DNN+BBA DNN+BGA DNN+BGSA
TP 10182 10078 10035 10026
FP 368 354 363 105
TN 954 9773 9705 10230
FN 363 255 357 99

4.3 Anomaly classification of IDS based on the Cost error

Cost error function or negative area under the curve which also called reversed AUC had been measured within this
experiment of study. The cost error function within this result shows the negative area under curve for DNN and the
hybrid version that has been used within this study for the whole feature. According to the outcomes of this
experiment illustrated in Figure 5, the least error is for hybrid BGSA, while the utmost is belonging to DNN within
the percentage of 0.997% and 3.572%. Respectively the max to min rate of others cost error within the BBA, and
BGA are 2.976% and 3.519%. Moreover, the error rate between the highest and minimums rate is 2.575 %, which
shows the low error rate within the hybrid BGSA and the minimums cost within the detection analysis. The
following figure 8 illustrates the performance analysis based on cost error function measurement. On the basis of
these analyses, we found that hybrid BGSA has performed better than other existing methods in terms of cost error
with a difference rate of 2.575%. Therefore, if we adopt the enhanced technique we would be having very little cost
error.

Table 4. Anomaly classification of IDS based on the Cost error

Parameters DNN DNN+BBA DNN+BGA DNN+BGSA
Percentage of Error 3.572 2.976 3.519 0.997

5 Conclusion

In this research paper we have used machine learning to increase the rate of detection of these malware attacks to
provide a secured system to the end user. It was observed that using this as the computational technique high
accuracy was obtained and low false alarm rate for the given dataset. Therefore we have presented a hybrid anomaly
classification of the intrusion detection system performed by deep learning (DL) and binary algorithms (BA) as an
optimizer. The model is based on Deep Neural Network (DNN) that has been trained and tested on the dataset
named "CICIDS-2017". The performance evaluation of the proposed model (in detecting intrusion) is based on
defined metrics. The outcomes are evaluated on the basis of the following parameters: confusion matrix, accuracy,
specificity, precision, recall, sensitivity, and cost error. The predicted attacks have been accurately shown through
the tabulated results. In the achievement results, hybrid method classification has higher performance than other
classification of DNN based on the defined dataset. Therefore, based on the theses results we can ascertain that the
Hybrid method is the suitable platform to execute the experiment in terms of classification of anomaly detection.
Finally, between all of them, the hybrid BGSA shows the greater performance term of classification of anomaly
detection.

References

1. S.R. Hasani, Z.H. Othman, S.M. Mousavi Kahaki Hybrid feature selection algorithm for intrusion detection system” J.
Comput. Sci., 10 (2014), pp. 1015-1025.
2. Dewangan, D. K., & Rathore, Y. (2011). Image quality costing of compressed image using full reference method. Int. J.
Tech, 1(2), 68-71.
3. Pandey, P., Dewangan, K. K., & Dewangan, D. K. (2017, April). Enhancing the quality of satellite images by preprocessing
and contrast enhancement. In 2017 international conference on communication and signal processing (ICCSP) (pp. 0056-
0060). IEEE.
4. Ali, U., Dewangan, K. K., & Dewangan, D. K. (2018). Distributed Denial of Service Attack Detection Using Ant Bee Colony
and Artificial Neural Network in Cloud Computing. In Nature Inspired Computing (pp. 165-175). Springer, Singapore.
5. Bhattacharya, N., Dewangan, D. K., & Dewangan, K. K. (2018). An Efficacious Matching of Finger Knuckle Print Images
Using Gabor Feature. In ICT Based Innovations (pp. 153-162). Springer, Singapore.
6. Pandey, P., Dewangan, K. K., & Dewangan, D. K. (2017, August). Enhancing the quality of satellite images using fuzzy
inference system. In 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing
(ICECDS) (pp. 3087-3092). IEEE.
7. Pandey, P., Dewangan, K. K., & Dewangan, D. K. (2017, August). Satellite image enhancement techniques—a comparative
study. In 2017 International Conference on Energy, Communication, Data Analytics and Soft Computing (ICECDS) (pp.
597-602). IEEE.
8. Dewangan, D. K., & Rathore, Y. (2011). Image Quality estimation of Images using Full Reference and No Reference
Method. International Journal of Advanced Research in Computer Science, 2(5).
9. Sahu, S. P., Dewangan, D. K., Agrawal, A., & Priyanka, T. S. (2021, March). Traffic Light Cycle Control using Deep
Reinforcement Technique. In 2021 International Conference on Artificial Intelligence and Smart Systems (ICAIS) (pp. 697-
702). IEEE.
10. D. K. Dewangan and S. P. Sahu, "Driving Behavior Analysis of Intelligent Vehicle System for Lane Detection Using Vision-
Sensor," in IEEE Sensors Journal, vol. 21, no. 5, pp. 6367-6375, 1 March1, 2021, DOI: 10.1109/JSEN.2020.3037340.
11. Dewangan, D. K., & Sahu, S. P. (2020, January). Real-Time Object Tracking for Intelligent Vehicle. In 2020 First
International Conference on Power, Control and Computing Technologies (ICPC2T) (pp. 134-138). IEEE.
12. D. K. Dewangan and S. P. Sahu, "Deep Learning-Based Speed Bump Detection Model for Intelligent Vehicle System Using
Raspberry Pi," in IEEE Sensors Journal, vol. 21, no. 3, pp. 3570-3578, 1 Feb.1, 2021, DOI: 10.1109/JSEN.2020.3027097.
13. Dewangan, D.K., Sahu, S.P. RCNet: road classification convolutional neural networks for intelligent vehicle system. Intel
Serv Robotics 14, 199–214 (2021). https://doi.org/10.1007/s11370-020-00343-6
14. Dewangan, D.K. and Sahu, S.P. (2021), PotNet: Pothole detection for autonomous vehicle system using convolutional neural
network. Electron. Lett., 57: 53-56. https://doi.org/10.1049/ell2.12062
15. M. Gupta, S.K. Shrivastava Intrusion detection system based on SVM and bee colony Int. J. Comput. Appl., 111 (2015), pp.
27-32.
16. G. Kim, S. Lee, S. Kim A novel hybrid intrusion detection method integrating anomaly detection with misuse detection
Expert Syst. Appl., 41 (2014), pp. 1690-1700
17. C. Guo, Y. Ping, N. Liu, S.S. Luo A two level hybrid approach for intrusion detection neurocomputing, 214 (2016), pp. 391-
400
18. W. Hu, W. Hu, S. Maybank AdaBoost-Based algorithm for network intrusion detection IEEE Trans. Syst. Man Cybern. B
Cybern., 38 (2008), pp. 577-583.
19. M. K. Hossain, A. A. El-Saleh and M. Ismail, "A comparison between binary and continuous genetic algorithm for
collaborative spectrum optimization in cognitive radio network," 2011 IEEE Student Conference on Research and
Development, 2011, pp. 259-264, doi: 10.1109/SCOReD.2011.6148747.
20. O. Abdul-Rahman, M. Munetomo and K. Akama, "An improved binary-real coded genetic algorithm for real parameter
optimization," 2011 Third World Congress on Nature and Biologically Inspired Computing, 2011, pp. 149-156, doi:
10.1109/NaBIC.2011.6089451.
21. Rashedi, E., Nezamabadi-pour, H. & Saryazdi, S. BGSA: binary gravitational search algorithm. Nat Comput 9, 727–745
(2010). https://doi.org/10.1007/s11047-009-9175-3
22. H. C. Shamsudin et al., "A Fast Discrete Gravitational Search Algorithm," 2012 Fourth International Conference on
Computational Intelligence, Modelling and Simulation, 2012, pp. 24-28, doi: 10.1109/CIMSim.2012.28.
23. Denning, D. E. “An intrusion-detection model.” IEEE Transactions on Software Engineering, 1987, pp. 222-232. and Yunlu
Gong, Shingo Mabu, C. Chen, Yifei Wang and K. Hirasawa. “Intrusion detection system combining misuse detection and
anomaly detection using Genetic Network Programming,.” ICCAS-SICE, 2009, pp. 3463-3467.
24. J. Bellary, B. Peyakunta and S. Konetigari,. “Hybrid Machine Learning Approach in Data Mining.” 2010 Second
International Conference on Machine Learning and Computing, 2010, pp. 305-308.
25. Islam, M. R. “An innovative spam filtering model based on a support vector machine. Computational Intelligence for
Modelling.” Control and Automation, 2005 and International Conference on Intelligent Agents, Web Technologies and
Internet Commerce, International Conference on, IEEE, 2005.
26. R. Luigi, T.E. Anderson, and N. McKeown. “Traffic Classification using Clustering Algorithms”. ACM SIGCOMM
Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, Pisa, Italy, ACM
Pres.” 2011, pp. 281-286.
27. B.A. Nahla, B. Salem, and E. Zied. “Naïve Bayes vs Decision Trees in Intrusion Detection Systems.” ACM Symposium on
Applied Computing, Nicosia, Cyprus, 2004.
28. T. Velmurugan and T. Santhanam. “Computational Complexity between k-Means and k-Medoids Clustering Algorithms for
 Normal and Uniform Distributions of Data Points.” Journal of Computer Science, 2010, pp. 363- 368.
29. Xiang, C., M.Y. Chong and H.L.Zhu. “Design of Multiple-Level Tree Classifiers for Intrusion Detection System.” IEEE
Conference on Cybernetics and Intelligent Systems (CCIS 2004), Singapore, 2004, pp. 873- 878.
30. Pedda Chigiri, et al. “Modeling Intrusion Detection System using Hybrid Intelligent Systems.” J. Network Comput. Appl,
vol. 30, 2007, pp. 114-132.
31. M. Xue and C. Zhu. “Applied Research on Data Mining Algorithm in Network Intrusion Detection.” 2009 International Joint
Conference on Artificial Intelligence, 2009, doi. 10.1109/JCAI., 2009, pp. 275-277.
32. S.R. Hasani, Z.H. Othman, S.M. Mousavi Kahaki. “Hybrid feature selection algorithm for Intrusion detection system.” J.
Comput. Sci., 2014, pp. 1015-1025.
33. M. Gupta, S.K. Shrivastava. “Intrusion detection system based on SVM and bee colony.” Int. J. Comput. Appl., 2015, pp. 27-
32.
34. G. Kim, S. Lee, S. Kim. “A novel hybrid intrusion detection method integrating anomaly detection with misuse detection.”
Expert Syst. Appl., 41 (2014), 2014, pp. 1690-1700.
35. C. Guo, Y. Ping, N. Liu, S.S. Luo. “A two level hybrid approach for intrusion detection Neurocomputing.” 2016, pp. 391-
400.
36. W. Hu, W. Hu, S. Maybank. “AdaBoost-Based algorithm for network intrusion detection.” IEEE Trans. Syst. Man Cybern. B
Cybern., 2008, pp. 577-583.
37. S. Mazraeh, M. Ghanavati, S.H.N. Neysi. “Intrusion detection system with decision tree and combine method algorithm.” Int.
Acad. J. Sci. Eng., 2016, pp. 21-31.
38. R. Singh, H. Kumar, R.K. Singla. “An intrusion detection system using network traffic profiling and online sequential
extreme learning machine.” Expert Syst. Appl, 2015, pp. 8609-8624.
39. W.L. Al-Yaseen, Z.A. Othman, M.Z.A. Nazri. “Multi-level hybrid support vector machine and extreme learning machine
based on modified K-means for intrusion detection system.” Expert Syst. Appl, 2016, pp. 296-303.
40. B. Sujitha, V. Kavitha. “Layered approach for intrusion detection using multiobjective particle swarm optimization.” Int. J.
Appl. Eng. Res, 2015, pp. 31999-32014.
41. S.J. Horng, M.Y. Su, Y.H. Chen, T.W. Kao, R.J. Chen, J.L. Lai, C.D. Perkasa. “A novel intrusion detection system based on
hierarchical clustering and support vector machines.” Expert Syst. Appl., 2011, pp. 306-313.
42. Islam, M. R., et al. "An innovative spam filtering model based on a support vector machine. Computational Intelligence for
Modelling", Control and Automation, 2005 and International Conference on Intelligent Agents, Web Technologies and
Internet Commerce, International Conference on, IEEE, 2005
43. Mohammad, A. H. and R. A. Zitar, "Application of genetic optimized artificial immune system and neural networks in spam
detection." Applied Soft Computing 11(4): 3827-3845, 2011
44. Jayakar, K. "Can We Can Spam? A Comparison of National Spam Regulations", 2013
45. Michalak, K. and H. Kwasnicka, "Correlation-based feature selection strategy in classification problems." International
Journal of Applied Mathematics and Computer Science 16(4): 503, 2006
46. Song, Q., et al., "A fast clustering-based feature subset selection algorithm for high-dimensional data." IEEE transactions on
knowledge and data engineering 25(1): 1-14, 2013
47. Farina P., G. Papaleo, and M. Aiello, ""Are mobile botnets a possible threat? The case of SlowBot Net"." Computers &
Security 58: 268- 283, 2016
48. Gascon, H., et al., "Analysis of update delays in signature-based network intrusion detection systems." Computers & Security
30(8): 613-624, 2011
49. Atefi, K., et al., A hybrid intrusion detection system based on different machine learning algorithms. Proceedings of the 4th
International Conference on Computing and Informatics, ICOCI, 2013
50. Tyler, G., “Information Assurance Technology Analysis Center (IATAC)”, Information for Defense Community (DTIC)
Document, 2008
51. Butun, I., et al., "A survey of intrusion detection systems in wireless sensor networks." IEEE Communications Surveys &
Tutorials 16(1): 66-282, 2014
52. Gulcehre., C. "Welcome to Deep Learning." deeplearning.net, 2015Identification of Common Molecular Subsequences. J.
Mol. Biol. 147, 195–197 (1981)