Multi-stage intrusion detection system aided by grey wolf optimization algorithm

A Network Intrusion Detection System (NIDS) is frequently used for monitoring and detecting malicious activities in network traffic. A typical NIDS has four stages: a data source, data pre-processing, a decision-making technique, and a defense reaction. We have utilized both anomaly and signature based techniques to build a framework which is resilient to identifying both known and unknown attack. The incoming data packet is fed into the Stacked Autoencoder to identify whether it is a benign or malicious. If found to be malicious we extract the most relevant features from the network packet using grey wolf optimization algorithm. Then these attribute are provided to RandomForest classifier to determine if this malign attack is present in our knowledge base. If it is present we progress to identify the attack type using LightGBM classifier. If not, we term it as zero-day attack. To evaluate the usability of the proposed framework we have assessed it using two publicly available datasets namely UNSW-NB15 and CIC-IDS-2017 dataset. We have obtained an accuracy of 90.94% and 99.67% on the datasets respectively.