Zobrazit v EDS

Machine learning and metaheuristic optimization algorithms for feature selection and botnet attack detection.

Uloženo v:
Podrobná bibliografie
Název: Machine learning and metaheuristic optimization algorithms for feature selection and botnet attack detection.
Autoři: Maazalahi, Mahdieh, Hosseini, Soodeh
Zdroj: Knowledge & Information Systems; Apr2025, Vol. 67 Issue 4, p3549-3597, 49p
Témata: ARTIFICIAL neural networks, METAHEURISTIC algorithms, MACHINE learning, ARTIFICIAL intelligence, FEATURE selection, BOTNETS
Abstrakt: Botnet attacks are done using a set of vulnerable systems called bots and managed by an administrator called botmaster that they carry out attacks on a large scale. Various methods are used to detect such attacks, such as (1) traffic analysis (2) behavior analysis (3) behavior-based detection (4) intrusion detection systems (IDS) (5) honeypot and honeynets (6) DNS query analysis (7) common threat intelligence (8) artificial intelligence algorithms (9) login analysis (10) endpoint protection. In this paper, a new hybrid IDS based on machine learning and meta-heuristic algorithms is proposed based on three steps: (1) pre-processing, (2) feature selection, and (3) attack detection. In the pre-processing stage, including 3 stages of numericalization, normalization, and removal of outliers, the K-Nearest Neighbor (K-NN) is used. In the feature selection stage, the combined SFO-WOA method is used. First, redundant features are removed using SailFish Optimizer (SFO), and a set of features is provided to the Whale Optimization Algorithm (WOA) as an initial population, and this algorithm selects the best features. In the attack detection stage, the PSO-K-means combined method is used. In this method, the particle swarm algorithm (PSO) is used to detect attacks, and then K-means is used to manage the boundaries of the search space. The proposed hybrid method is called SFO-WOA-PSO-K-means. Its performance is compared using machine learning methods such as Tree Ensemble (TE), Chi-squared Automatic Interaction Detection (CHAID), Iterative DiChaudomiser 3 (ID3), Fuzzy Rules, Probabilistic Neural Network (PNN). The proposed method is evaluated using the BOT-IOT dataset, UNSW-NB15. The results have shown that the proposed SFO-WOA-PSO-K-means method has the maximum detection accuracy of 0.998 and 0.995 with the lowest execution time (training and testing) of 65.02 s and 112.33 s and was able to detect attacks. Also, the BOT-IOT dataset has obtained more optimal results. [ABSTRACT FROM AUTHOR]
Copyright of Knowledge & Information Systems is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Databáze: Complementary Index
Popis
Abstrakt:Botnet attacks are done using a set of vulnerable systems called bots and managed by an administrator called botmaster that they carry out attacks on a large scale. Various methods are used to detect such attacks, such as (1) traffic analysis (2) behavior analysis (3) behavior-based detection (4) intrusion detection systems (IDS) (5) honeypot and honeynets (6) DNS query analysis (7) common threat intelligence (8) artificial intelligence algorithms (9) login analysis (10) endpoint protection. In this paper, a new hybrid IDS based on machine learning and meta-heuristic algorithms is proposed based on three steps: (1) pre-processing, (2) feature selection, and (3) attack detection. In the pre-processing stage, including 3 stages of numericalization, normalization, and removal of outliers, the K-Nearest Neighbor (K-NN) is used. In the feature selection stage, the combined SFO-WOA method is used. First, redundant features are removed using SailFish Optimizer (SFO), and a set of features is provided to the Whale Optimization Algorithm (WOA) as an initial population, and this algorithm selects the best features. In the attack detection stage, the PSO-K-means combined method is used. In this method, the particle swarm algorithm (PSO) is used to detect attacks, and then K-means is used to manage the boundaries of the search space. The proposed hybrid method is called SFO-WOA-PSO-K-means. Its performance is compared using machine learning methods such as Tree Ensemble (TE), Chi-squared Automatic Interaction Detection (CHAID), Iterative DiChaudomiser 3 (ID3), Fuzzy Rules, Probabilistic Neural Network (PNN). The proposed method is evaluated using the BOT-IOT dataset, UNSW-NB15. The results have shown that the proposed SFO-WOA-PSO-K-means method has the maximum detection accuracy of 0.998 and 0.995 with the lowest execution time (training and testing) of 65.02 s and 112.33 s and was able to detect attacks. Also, the BOT-IOT dataset has obtained more optimal results. [ABSTRACT FROM AUTHOR]
ISSN:02191377
DOI:10.1007/s10115-024-02322-0