Metaheuristic algorithms based Flow Anomaly Detector

Increasing throughput of modern high-speed networks needs accurate real-time Intrusion Detection System (IDS). A traditional packet-based Network IDS (NIDS) is time-intensive as it inspects all packets. A flow-based anomaly detector addresses scalability issues by monitoring only packet headers. This method is capable of detecting unknown attacks in high speed networks. An Artificial Neural Network (ANN) is employed in this research to detect anomalies in flow-based traffic. Metaheuristic optimization algorithms have the potential to achieve global optimal solution. In this paper, two metaheuristic algorithms, Cuckoo and PSOGSA, are examined to optimize the interconnection weights of a Multi-Layer Perceptron (MLP) neural network. This optimized MLP is evaluated with two different flow-based data sets. We then compare the performance of these algorithms. The results show that Cuckoo and PSOGSA algorithms enable high accuracy in classifying benign and malicious flows. However, the Cuckoo has lower training time.