Global Transitions Proceedings 2 (2021) 255–260

Contents lists available at ScienceDirect

Global Transitions Proceedings

journal homepage: http://www.keaipublishing.com/en/journals/global-transitions-proceedings/

An efficient algorithm for anomaly intrusion detection in a network

Yerriswamy T a,∗, Gururaj Murtugudde b,∗
a
VTU, and Assistant Professor School of CSE, REVA University, Bengaluru, India
b
Department of CSE, Sapthagiri College of Engineering, Bengaluru, India

a r t i c l e i n f o a b s t r a c t

Keywords: As the number of intrusions is increasing, intrusion detection of systems and network infrastructures Systems
Evolutionary techniques (IDS) is now an active research area to develop reliable and efficient detection and countering solutions. Finding
EGWO the efficient methods for intrusion detection in information and network security is a crucial step and that in this
Genetic algorithms
study proposed an evolutionary approach for intrusion detection that is more efficient and effective. Evolutionary
IDS, Intrusion detection
algorithms have been demonstrated in the IDS over the times, its maturity. Although most research is carried out
on genetic algorithms which have their merits and demerits. In this paper, we present an optimized algorithm viz.
Genetic-based Enhanced grey wolf optimization (GB-EGWO) Algorithm for intrusion detection. The number of
feature selections for the proposed algorithm was selected from the new FS algorithm to increase IDS performance.
In this study, the benchmark NSL-KDD network intrusion was applied to evaluate the proposed algorithm modified
from the 99-data KDD cup to evaluate IDS issues. Simulation results prove its effectiveness over the existing work
and have achieved better accuracy.

1. Introduction
Classical approaches face significant problems in finding the opti-
mization algorithm for intrusion detection. To resolve the shortcom-
ings Orthodox methods of mathematics, population Basic algorithm of
soft computing was introduced over the last decades [1-5]. The meta-
heuristic algorithms have been used in the last decades, most were stud-
ied GA-based methods to solve several optimization problems. Since
then, Intrusion Detection Systems (IDS) have become for many years
an increasingly open field of research. Several advanced intrusions and
techniques developed by intruders to compensate security. Detection of
an intrusion system is a monitoring instrument or software application
that monitors network for malicious events or violation of policies and
produces reports. An intrusion can be a behavior or traffic that is not
lawful on a system or network, permitted. Such behaviors are executed
by intruders. An intruder is usually described as a system, program or
individual who attempts to become and may become successful in break-
ing into or executing an information system action that is not legally per-
mitted. Intruders are regarded as two categories, internal and external
[6-8]. The first one refers to a group of individuals with legal access to a
system and an unlicensed action attempt. The second one concerns peo-
ple who do not have access to the system and try to do anything about
it. The packets that are collected is compared with the trusted database
to determine which are trusted packets and which are anomaly based.
These systems are also connected to the firewall to monitor the flow
of data in the network and between the networks [2]. The GWO algo-
rithm [3] proposes a model of gray wolf algorithm and its hierarchy to
be considered as a solution for optimization problems. The structure of
hierarchy is of four levels (Groups) i.e., alpha, beta, delta, and omega
that are categorized based on their fitness value. The hunting behavior
of wolves have three stages namely searching, encircling, and attacking
the prey that mimics the mathematical model can be used in various
applications that can be used for finding the optimization solutions.
Intrusion: Detection systems (IDSs) are usually deployed along with
other preventive sequences ritual mechanisms such as access control
and authentication as a second line defense to protect information sys-
tems. The IDSs may be classified as Host Based Intrusion Detection Sys-
tem (HIDS) (Fig. 1), Network Based Intrusion Detection System (NIDS)
(Fig. 2), Hybrid Intrusion Detection System (HIDS) (Fig. 3). NIDS pas-
sively or actively monitors and captures the packets that are in network
transmissions [13]. NIDS Could analysis for a whole packet, the packet
payload, IP, or ports. [2,5].
HIDS helps in detecting the attacks or events that occurs on the host.
They are helpful in detecting or identifying the packets that can cause
vulnerabilities in the host. The various intrusions that can be detected by
these systems like memory management, resource allocation, file system
management etc.
Hybrid intrusion detection system, consisting of the efficient use of
mobile agents, both NIDS and HIDS components.in hybris systems two
or more systems are integrated that improves the efficiency in intrusion

∗
Corresponding authors.
E-mail addresses: yssvce2123@gmail.com (Y. T), gururajmurtu@gmail.com (G. Murtugudde).

https://doi.org/10.1016/j.gltp.2021.08.066
Received 7 June 2021; Accepted 28 June 2021
Available online 12 August 2021
2666-285X/© 2021 The Authors. Publishing Services by Elsevier B.V. on behalf of KeAi Communications Co. Ltd. This is an open access article under the CC BY
license (http://creativecommons.org/licenses/by/4.0/)
Y. T and G. Murtugudde
Fig. 1. Intrusion Detection Systems for a Host.
Fig. 2. Intrusion Detection Systems for Network.
detection. These systems help in traffic control and monitoring of the
flow of packets in and outside the network [2].
2. Related work
In comparison with other approaches the GWO refers to an evo-
lutionary approach that has been used extensively to address many
optimizing methods that can be helpful in feature selection, accuracy
256
Global Transitions Proceedings 2 (2021) 255–260
measurement and applying the mathematical model for intrusion detec-
tion. This approach is more reliable, flexible, and efficient when com-
pared with convergence of other optimization techniques. The GWO has
thus received considerable attention in no time across several domains
[3,4,7,10].
The concept of cloud model is introduced for intrusion detection op-
timized by a cloud grey wolf optimization (CGWO) algorithm. The paper
provides a new machine learning detection methodology and support
vector machine classifier [7,8]. The model has provided greater value
for detection of abnormal data, but the model is not used for any of the
feature selection.
In cloud computing detection of Denial of service (DoS) attack is one
of the most critical issues. The paper proposed a crow search algorithm
(CSA) with opposition-based learning (OBL) [19] to address the issue.
The model uses an RNN classifier that effectively increased the time
efficiency of attack detection.
The process of selecting key features is called the FS, while classi-
fication includes selected important features which form a subset. The
important overall calculations are crucial for IDS, where precision is
concerned, because IDS can identify various intrusions in real time by
reducing computational time [9].
Mirjalili [11] proposed the Grey Wolf optimizer to solve data extrac-
tion challenges, which is a procedure in categorization and FS. Modified
binary grey wolf optimizer (MBGWO) [12-16] is a modern metaheuristic
algorithm that has been effectively employed for FS in terms of anomaly
identification. MBGWO, on the other hand, has a difficulty with the ex-
ploration and exploitation procedures, which makes it difficult for it to
succeed.
FS is a method that removes irrelevant, redundant, or noisy data and
recognizes relevant characteristics. The selection of features increases
predictive accuracy, understanding and data mining algorithms. The
use of FS data mechanisms before the anomaly-detection system anal-
yses features can lead to a better detection precision. The selection of
anomalies usually involves the use of supervised algorithms, which re-
quire access to labelled data [19-24].
3. Preliminaries and system design
The Gray Wolves normally leave in groups that is normally between
5 to 12. The Wolves live with the Alpha, Beta, Delta and Omegas in four
hierarchic societies as shown in Fig. 4.
Alpha has a higher predominance in packs, and they are decision-
makers. Other wolves are followers of alpha wolves. Beat wolves belongs
to the second level in an hierarchy and helps in helping the alpha wolves
in decision making or other activities hence the beta wolves will play the
Fig. 3. Hybrid intrusion detection system for Denial of Service
(DoS) Attack.
Y. T and G. Murtugudde Global Transitions Proceedings 2 (2021) 255–260

Component 𝑎⃖⃖⃗ linearly decrease from 2 to 0 over course of iterations

[3].
Hunting: The Mathematical model of hunting i.e., the positions of
alpha, beta, delta, and omega for first iteration of hunting and updating
of positions for subsequent iterations.

𝐷⃗ 𝛼 = ||𝐶1 .𝑋
⃖⃖⃖⃖𝛼⃗ − 𝑋⃖⃖⃖⃖⃗ (𝑡)||
| |
⃖⃖⃖⃗ | ⃖⃖⃖⃖𝛽⃗ − 𝑋⃖⃖⃖⃖⃗ (𝑡)||
𝐷𝛽 = |𝐶2 .𝑋 (5)
| |
𝐷⃗ 𝛿 = ||𝐶3 .𝑋
⃖⃖⃖⃖𝛿⃗ − 𝑋⃖⃖⃖⃖⃗ (𝑡)||
| |

The position of grey wolf is updated as:

⃖⃖⃖⃖⃗1 + 𝑋
𝑋 ⃖⃖⃖⃖⃗2 + 𝑋
⃖⃖⃖⃖⃗3
⃖⃖⃖⃖⃗(𝑡 + 1) =
𝑋 (6)
3
Fig. 4. Social Hierarchy of Grey Wolves.
In Eq. (5):
⃖⃖⃖⃖𝛼⃗, 𝑋
𝑋 ⃖⃖⃖⃖𝛽⃗, 𝑋
⃖⃖⃖⃖⃗𝛿 are the position vectors of 𝛼,𝛽 and ẟ.
advisory role to the alpha and the entire pack. The role of delta wolves Attacking Prey: When Prey stop moving wolves attack it to finish
is to act as scapegoat. Omega is having importing parameter in the pack the hunting process. This is modeled by decreasing 𝑎⃖⃖⃗ from 2 to 0 during
and they are the last level in hierarchy that will help in monitoring the the iterations. As 𝑎⃖⃖⃗ Decreases 𝐴 ⃖⃖⃖⃗ also decreases. A<1 forces the wolf to
other hierarchy. [4,5,16,17] attack towards the prey and A>1 diverse from the prey and find a better
Encircling the prey: The Mathematical model of Encircling behav- prey [4].
ior is given by following equation:
⃖⃖⃖⃗ = ||𝐶
𝐷 ⃖⃖⃖⃗.𝑋 ⃖⃖⃖⃖⃗(𝑡)||
⃖⃖⃖⃖⃗𝑝 − 𝑋 (1)
| | 4. Results and discussion
D=Distance Vector
T=Current Iterations Intrusion Detection System (IDS) overall performance is based on
⃖⃖⃖⃖⃗=Coefficient Vector
𝑋 how efficiently It detects intrusions and precise attack diagnosis. A
⃖⃖⃖⃖⃗(𝑡 + 1) = ||𝑋
𝑋 ⃗ ||
⃖⃖⃖⃗.𝐷
⃖⃖⃖⃖⃗(𝑡) − 𝐴 (2) significant factor for intrusions in network safety is the detection
| 𝑝 | rate/classification accuracy as well as the number of features.
⃖⃖⃖⃖⃗𝑝 =Position of prey
𝑋 ( )
1
⃖⃖⃖⃖⃗=Position of Grey wolf
𝑋 Fitness value = E ∗ a + ∗𝑏 (7)
𝑁𝑆𝐹
⃖⃖⃖⃗=Coefficient Vector
𝐴
⃖⃖⃖⃗, 𝐶
𝐴 ⃖⃖⃖⃗ Vectors are Calculated as: Where E, a and b depends on the empirical scope.
As per the above equation that decrease in number of feature selec-
⃖⃖⃖⃗ = 2.𝑎⃖⃖⃗.𝑟⃖⃖⃗1 − 𝑎⃖⃖⃗
𝐴 (3)
tions increases the fitness value there by increasing the scope of intru-
sion detection in optimized time. Hence in the proposed approach the
⃖⃖⃖⃗ = 2. 𝑟⃖⃖⃗2
𝐶 (4) number of selection features will be minimized and analyzed the effi-
ciency of intrusion detections (finding the attacks) with an increase in
𝑟⃖⃖⃗1 , 𝑟⃖⃖⃗2 are the Random Vectors that range from 0 and 1. the level of efficiency.

Fig. 5. Position Updating in GWO.

257
Y. T and G. Murtugudde Global Transitions Proceedings 2 (2021) 255–260

Fig. 6. Attacking and Searching for new prey.

Proposed Algorithm: Genetic Based-Enhanced Binary Grey Wolf Optimization

(GB-EBGWOA)
Initialize: Genetic Based Grey Wolf Population
Initialize: a, A and C Fig. 7. NFS vs Fitness Value.
Calculate the fitness of each search agent and find the best solution (𝛼, 𝛽, 𝛿, 𝜔)
while (iterations < Maximum number of iterations)
for each search agent
Evaluate the location and decide the
fitness value. Increase or decrease
the parameter(a) based on fitness
value at time intervals t and t-1
end for
Update a, A and C
Calculate the fitness of all search agent and update the search agent (𝛼, 𝛽, 𝛿, 𝜔)
Iteration=iteration+1
end while
return best solution.

In algorithm proposed above i.e., Genetic based- Enhanced Binary

Grey Wolf Algorithm (GB-EBGWA) we are going to find the search agent
for various iterations and selecting the best solution. Here we are going
to find the location and deciding the fitness value i.e., fine tuning the
value of a by various time slots between t and t-1 [23-26].
Fig. 8. Major Types of Attacks in both Training and Testing data sets.
To analyze the performance of proposed algorithm, the NSL-KDD
data set is used as the data set is more effective compared to other in-
trusion detection methods. The data set is more efficient as it contains
21 different attacks and each attack falls under one of the categories like
DoS (Denial of service attack), Probe attack, User to Root attack(U2R)
and Remote to Local attack.
In this approach the IDS performance is analysed by considering the
metrices like accuracy (AC), Detection rate (DR) and False Positive Rate
(FPR). As shown in Fig. 11 the feature selection(average) of the proposed
algorithm (GB-EGWO) and its efficiency(average) in attack detection is
compared with other different feature selection methods like GWO [4],
MGWO [10] and MBGWO [18]. To analyse the performance 20 percent
of the data is taken as the KDD Test data and 80% data is taken as the
KDD Train data from the NSL-KDD Data set [27-31].
As shown in above fig the convergence of various attacks like Dos,
Probe, U2R and R2L of proposed algorithm is compared with other op- Fig. 9. NSL-KDD dataset class distribution.
timization algorithms.
To analyze the proposed algorithm, the best 14 descriptive features
have been extracted from the data set i.e., NSL-KDD data set that is algorithm has a high impact on the IDS problem with an accuracy of
described in above section. The new feature selection algorithm has been 98.62%.
used and extracted the best features that are strongly correlated to the
target feature as shown in the figure. 5. Conclusion
Fig. 5, Fig. 6, Fig. 7, Fig. 8, Fig. 9, Fig. 12, Fig. 13, Table 1.
The proposed algorithm is compared with the existing algorithms The proposed GB-GWO uses the concept of genetic crossover tech-
like GWO, MGWO and MBGWO with the average number of feature nique i.e., repeating the number of iterations for feature selection until
selections and the average accuracy that is predicted as shown in the the best search agent(solution) is found and then taking the decision
Fig. 11. The proposed algorithm is analyzed for the four different attacks in upgrading the location to find the best optimal solution to identify
like Dos, Probe, U2R and R2L and with the normal condition with the intrusions in the network that demonstrate the great precision and the
help of NSL-KDD Dataset. The demonstration shown that the proposed smallest possible number of features.

258
Y. T and G. Murtugudde Global Transitions Proceedings 2 (2021) 255–260

Table 1
Feature Selection and Percentage values of various methods of Fig. 10.

Feature Selection and Percentage values of various methods of Fig. 10

Paper Dataset Method Number of Feature Selection (Average Number) Accuracy (Average Percentage)

[1] NSL-KDD GWO 28 79.66

[1] NSL-KDD MGWO 26 81.58
[2] NSL-KDD MBGWO 16 97.31
NSL-KDD GB-EGW 14 98.62

Fig. 13. Correlation of descriptive features to target feature.

Fig. 10. Result of Feature Selection Methods.

NSL-KDD network intrusion data set has been taken to evaluate the
feature selection and performance of proposed algorithm. The proposed
algorithm Genetic based Enhanced Grey Wolf Algorithm (GB-EGWO) al-
gorithm enhanced the efficiency in IDS for detecting the attacks with the
accuracy of intrusion detection up to 98.622% with the average number
of 14 feature selection.
In the Future Enhancement the proposed algorithm is trained to get
better or same accuracy for intrusion detection but with still lesser num-
ber of features and hence to minimize the time efficiency to detect the
attack from the NSL-KDD Data Set.

References

[1] Hussein Almazini, Ku Ku-Mahamud, Grey wolf optimization parameter control for
feature selection in anomaly detection, Int. J. Intell. Eng. Syst. 14 (2021) 2021,
doi:10.22266/ijies2021.0430.43.
[2] Qusay Alzubi, Mohammed Anbar, Zakaria Alqattan, Mohammed Al-Betar, Rosni Ab-
dullah, Intrusion detection system based on a modified binary grey wolf optimiza-
tion, Neural Comput. Appl. 32 (2020), doi:10.1007/s00521-019-04103-1.
[3] Özge Cepheli, Saliha Buyukcorak, Karabulut Kurt, Gunes, Hybrid intru-
Fig. 11. Convergence Between GWO and MGWO.
sion detection system for DDoS attacks, J. Electr. Comput. Eng. (2016),
doi:10.1155/2016/1075648.
[4] Peifeng Niu, Songpeng Niu, Nan liu, Lingfang Chang, The defect of the Grey
Wolf optimization algorithm and its verification method, Knowl.-Based Syst. (2019)
171.10.1016/j.knosys.19.
[5] Rezaei, Hossein & Bozorg-Haddad, Omid & Chu, Xuefeng. (2018). Grey Wolf Opti-
mization (GWO) Algorithm. 10.1007/978-981-10-5221-7_9.
[6] JK Seth, S Chandra, Intrusion detection based on key feature selection using binary
GWO, in: 3rd international conference on computing for sustainable global devel-
opment, IEEE, 2016, pp. 3735–3740. Mar 2016.
[7] Yang, Honghao & Zhou, Zhiping. (2018). A Novel Intrusion Detection Scheme Using
Cloud Grey Wolf Optimizer. 8297-8302. 10.23919/ChiCC.2018.8483324.
[8] Yerriswamy T, Gururaj Murtugudde (2020),” Study of Evolutionary Tech-
niques in the field of Network Security. 594-598. NetworSecurity 10.1109/IC-
STCee49637.2020.9277082
[9] T Yerriswamy, J Venkatagiri, Ant colony optimization based traffic analysis for find-
ing shortest path in mobile adhoc networks, Int. J. Pure Appl. Math. (2018) June-.
[10] E Emary, HM Zawbaa, AE Hassanien, Binary grey wolf optimization approaches for
feature selection, Computing 172 (2016) 371–381.
[11] S Lee, S Soak, S Oh, W Pedrycz, M Jeon, Modified binary particle swarm optimiza-
tion, Prog. Nat. Sci. 18 (9) (2008) 1161–1166.
[12] S Mirjalili, SM Mirjalili, XS Yang, Binary bat algorithm, Neural. Comput. Appl. 25
(3–4) (2014) 663–681.
[13] K Kumar, JS Batth, Network intrusion detection with feature selection techniques
Fig. 12. Convergence Between MBGWO and GB-EGWO(Proposed).
using machine-learning algorithms, Int. J. Comput. Appl. 150 (12) (2016) 1–13.

259
Y. T and G. Murtugudde
[14] Mehrnaz Mazini, Babak Shirazi, Iraj Mahdavi, Anomaly network-based intrusion de-
tection system using a reliable hybrid artificial bee colony and Ada Boost algorithms,
J. King Saud Univ. - Comput. Inf. Sci. 31 (2018), doi:10.1016/j.jksuci.2018.03.011.
[15] Hussein Almazini, Ku Ku-Mahamud, Grey wolf optimization parameter control for
feature selection in anomaly detection, Int. J. Intell. Eng. Syst. 14 (2021) 2021,
doi:10.22266/ijies2021.0430.43.
[16] M. Chandra, A. Agrawal, A. Kishor, R. Niyogi, Web Service Selection with Global
Constraints using Modified Gray Wolf Optimizer, in: Proc. of 2016 International
Conf. on Advances in Computing, Communications and Informatics (ICACCI), 2016,
pp. 1989–1994.
[17] Dr. Lokesh, Yerriswamy T, A Proportional analysis of a collection of techniques in
sequential rules mining and sequential patterns mining, Int. J. Mech. Prod. Eng. Res.
Devel. (2018) E-ISSN:2249-8001, Nov-.
[18] Dr. Lokesh, Yerriswamy T “Design, Improvement, Development, and Performance
analysis of a collection of models developed from Naive Bayes and maximum entropy
opinion mining classifiers for movie reviews, Int. J. Eng. Technol. (2018) June-.
[19] Reddy SaiSindhuTheja, Gopal Shyam, An efficient metaheuristic algorithm-
based feature selection and recurrent neural network for DoS attack detec-
tion in cloud computing environment, Appl. Soft Comput. 100 (2021) 106997,
doi:10.1016/j.asoc.2020.106997.
[20] Onay, Murat. (2016). A new and fast optimization algorithm: fox hunting algorithm
(FHA). 10.2991/amsm-16.2016.35.
[21] Dr.Gururaj Murtugudde, Gokul HN, Anomaly detection and local outlier factor for
credit card fraud detection, JETIR 7 (2) (Feb 2020) Issue.
[22] F. Azam, S. Kumar, K.P. Yadav, N. Priyadarshi, S. Padmanaban, An outline of the se-
curity challenges in VANET, in: 2020 IEEE 7th Uttar Pradesh Section International
Conference on Electrical, Electronics and Computer Engineering (UPCON), Praya-
graj, India, 2020, pp. 1–6, doi:10.1109/UPCON50219.2020.9376518.
260
Global Transitions Proceedings 2 (2021) 255–260
[23] S. Vadivel, S. Konda, K.R. Balmuri, A. Stateczny, B.D. Parameshachari, Dynamic
route discovery using modified grasshopper optimization algorithm in wireless
ad-hoc visible light communication network, Electronics 10 (10) (2021) 1176 p..
[24] S.N. Shivappriya, M. Priyadarsini, A. Stateczny, C. Puttamadappa, B.D. Parame-
shachari, Cascade object detection and remote sensing object detection method
based on trainable activation function, Remote Sensing 13 (2) (2021) 200 p..
[25] Taief Alamiedy, Mohammed Anbar, Zakaria Alqattan, Qusay Alzubi, Anomaly-based
intrusion detection system using multi-objective grey wolf optimization algorithm, J.
Ambient Intell. Humanized Comput. 11 (2020), doi:10.1007/s12652-019-01569-8.
[26] G.B. Rajendran, U.M. Kumarasamy, C. Zarro, P.B. Divakarachari, S.L. Ullo, Land-use
and land-cover classification using a human group-based particle swarm optimiza-
tion algorithm with an LSTM Classifier on hybrid pre-processing remote-sensing im-
ages, Remote Sensing 12 (24) (2020) 4135 p..
[27] T. Nguyen, B.H. Liu, N. Nguyen, B. Dumba, J.T. Chou, Smart Grid Vulnerability
and Defense Analysis Under Cascading Failure Attacks, IEEE Trans. Power Delivery
(2021).
[28] Balasaraswathi Ranganathan, Muthukumarasamy Sugumaran, Y asir Hamid, Fea-
ture selection techniques for intrusion detection using non-bio-inspired and
bio-inspired optimization algorithms, J. Commun. Inf. Networks 2 (2017),
doi:10.1007/s41650-017-0033-7.
[29] N.V. Pham, T.N. Nguyen, T.D. Ngo, A.T. Truong, G.L. Nguyen, A novel approach for
pivot-based sensor fusion of small satellites, Phys. Commun. 45 (2021) 101261.
[30] D.T. Do, T.T.T. Nguyen, T.N. Nguyen, X. Li, M. Voznak, Uplink and downlink NOMA
transmission using full-duplex UAV, IEEE Access 8 (2020) 164347–164364.
[31] L. Tan, N. Shi, K. Yu, M. Aloqaily, Y. Jararweh, A blockchain-empowered access
control framework for smart devices in green internet of things, ACM Trans. Internet
Technol. 21 (3) (2021) 1–20.