Hybridization of K-Means and Firefly Algorithm for intrusion detection system

During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks. Indeed, it is difficult to provide secure information systems and to maintain them in a secure state during their lifetime. An IDS is a device or software application that monitors network or system activities for malicious task or policy violations and produces reports to a management station. A metaheuristic is a high-level problem independent algorithmic framework. These are problem-independent techniques and do not take advantage of any specificity of the problem. The main aim of meta-heuristic algorithms is to quickly find solution to a problem. This solution may not be the best of all possible solutions to the problem but still they stand valid as they do not require excessively long time to be solved. Firefly Algorithm is one of the new metaheuristic algorithms for optimization problems inspired by the flashing behavior of fireflies. In this work, a new algorithm for anomaly detection has been introduced which is a hybridization of K-Means and Firefly Algorithm. The algorithm uses clustering to build the training model and uses classification to evaluate on the test set. The subject algorithm is evaluated on the NSL-KDD dataset, which is quite impressive. Further, a comparison study has been performed between the newly developed algorithm with other clustering algorithms including K-Means + Cuckoo, K-Means + Bat, K-Means, K-Means++, Canopy and Farthest First. The results show that K-Means + Firefly and K-Means + Bat outperforms by a huge margin. © 2017, The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and The Division of Operation and Maintenance, Lulea University of Technology, Sweden.