Collaborative quantum optimization network intrusion detection research

Abstract

In order to improve network intrusion detection rate, a cooperative quantum PSO and LS-SVM network intrusion detection model (CQPSO-LSSVM) was proposed in this paper. Network feature subset is encoded into quantum particle positions, intrusion detection accuracy is used as the evaluation criteria of a subset feature merits, a synergistic quantum particle swarm algorithm are used to find the optimal feature subset, LS-SVM is used to establish a network intrusion detection model, and KDD CUP 99 dataset is used to simulation test. The results show that, compared with other models, the proposed algorithm has improved detection efficiency and the detection rate of the network intrusion.

Keywords

Cooperative quantum-behaved particle swarm optimization algorithm least square support vector machine feature selection network intrusion detection

1. Introduction

As networks increasingly large scale, network security is increasingly serious, invasive behavior and the type are the diversified development, it is certain practical and theoretical significance that network intrusion detection rate is improved [1, 2, 3, 4].

Network intrusion detection feature selection is crucial, how to choose the optimal feature subset is directly related to network intrusion detection results, the current network feature selection algorithm is divided into two categories: exhaustive search algorithms and swarm intelligence optimization algorithm [5, 6, 7]. Exhaustive algorithm is complexity, its time consuming is long, it can not be applied for on-line network intrusion detection requirements, in swarm intelligence optimization algorithm, particle swarm algorithm performance is excellent, but there are difficult to overcome their own shortcomings, such as it is easy to fall into local minima, etc. [8]. Classifier construction is the second step of network intrusion, it is equally important, there are neural networks currently, support vector machines, least squares support vector machine (Least Square Support Vector Machine, LS-SVM), etc. [9, 10]. Neural networks is based on the “big” quantitative,it requires a large number of samples, if the requirementscan not be meet, detection performance is very poor, there is the smaller range of applications [8]; although support vector machine has the excellent performance, but the training process is computational complexity, there is low efficiency, it can not meet the real-time network intrusion demanding areas, such as military security and network security [11, 12]. LS-SVM combines the advantages of neural networks and support vector machines, training is not only fast speed, and there is strong generalization ability, LS-SVM is selected in this article to build intrusion detection classifier [13]. Cooperative Quantum-behaved Particle Swarm Optimization algorithm (CQPSO) is an improved quantum behavior of particle swarm algorithm, it is with easy implementation, robustness, etc., it has been widely used in many areas [14].

In order to improve network intrusion detection effect, a synergistic quantum particle swarm algorithm and least squares support vector machine are integrated in network intrusion detection model (CQPSO-LSSVM), and the effectiveness of CQPSO-LSSVM is tested in the simulation experiment.

Figure 1.

CQPSO-LSSVM intrusion detection process.

2. Materials and methods

2.1 CQPSO-LSSVM intrusion detection principle

CQPSO-LSSVM basic idea is as follows: network data is collected and pretreatmented, and then CQPSO algorithm is used to select a feature subset, LSSVM is adopted to establish intrusion detection classifier. CQPSO-LSSVM frame is shown in Fig. 1.

2.2 Cooperative quantum-behavior particle swarm algorithm

2.2.1 Quantum-behavior particle swarm algorithm

Let the number of individuals be $N$ for the Particle Swarm, the $i$ -th particle position is $X_{i}=(x_{i1},x_{i2},\ldots,x_{iD})$ , velocity is $V_{i}=(v_{i1},v_{i2},\ldots,x_{iD})$ , individual optimal location is $P_{i}=(p_{i1},p_{i2},\ldots,p_{iD})$ in the history, best position of particle swarm is $P_{g}=(p_{g1},p_{g2},\ldots,p_{gD})$ . The particles update strategy is for the Eq. (1) in particle Swarm Optimization (PSO):

$\displaystyle\left\{\begin{array}[]{ll}v_{i}^{t+1}&=\omega v_{i}^{t}+c_{1}r_{1% }(P_{i}^{t}-x_{i}^{t})+c_{2}r_{2}(P_{g}^{t}-x_{i}^{t})\\ x_{i}^{t+1}&=x_{i}^{t}+v_{i}^{t+1}\\ \end{array}\right.$ (1)

Where, $c_{1}$ and $c_{2}$ are learning factors; $t$ is the number of iterations; $\omega$ is the inertia weight, $r_{1}$ and $r_{2}$ is a random number.

To improve the performance of PSO, Kennedy proposed a quantum particle swarm optimization (QPSO) [15], conditions is Eq. (2) for its application:

$\displaystyle q_{ij}^{t}=\varphi_{j}\times p_{ij}^{t}+(1-\varphi_{j})\times p_% {gj}^{t},\quad j=1,2,\ldots,D$ (2)

In the formula,

$\displaystyle\varphi_{j}=\frac{r_{1}c_{1}}{r_{1}c_{1}+r_{2}c_{2}}$ (3)

Quantum particles have a space flight behavior, but it does not have the velocity vector, $\varphi$ indicates the state of the particle, which the probability distribution function is calculated to solve Schrödinger equation:

$\displaystyle F(x_{ij})=e^{-\frac{2|x_{ij}-q_{ij}|}{L}}$ (4)

Where, $L$ is the characteristic length of $\delta$ potential well.

Monte Carlo Simulation is used to update particle position:

$\displaystyle x_{ij}=q_{ij}\pm\frac{L}{2}\ln\left(\frac{1}{u}\right)$ (5)

Where, $u$ is the value in the random number (0, 1).

mbest is calculated as follows:

$\displaystyle\text{mbest}=\sum_{i=1}^{N}\frac{P_{i}^{t}}{N}=\left(\sum_{i=1}^{% N}\frac{p_{i1}^{t}}{N},\sum_{i=1}^{N}\frac{p_{i2}^{t}}{N},\ldots,\sum_{i=1}^{N% }\frac{p_{i}^{t}}{N}\right)$ (6)

Distance between $x_{ij}$ and mbest is as follows:

$\displaystyle L=2\times\beta\times\left|\text{mbest}_{j}^{t}-x_{ij}^{t}\right|$ (7)

Where, $\beta$ is shrinking expansion coefficient.

$\displaystyle\beta=\beta_{\max}-\frac{t\times(\beta_{\max}-\beta_{\min})}{t_{% \max}}$ (8)

The relevant variables are replaced into the Eq. (5), the update formula particles may be further expressed as Eq. (9):

$\displaystyle x_{ij}^{t+1}=q_{ij}^{t}\pm\beta\times\left|\text{mbest}_{j}^{t}-% x_{ij}^{t}\right|\ln\left(\frac{1}{u}\right)$ (9)

2.2.2 Quantum particles cooperative search strategy

Coevolution idea is that the entire population is divided into a plurality of sub-groups within the solution space, the search strategy of only one population is changed, it can effectively reduce the population puberty problems wich is caused due to late iteration diversity decline. In this paper, through the creation of population gene pool, particles share information among subgroups [16].

2.2.3 Learning behavior of particles

In order to increase the particle swarm search capabilities and to learn from other particles in the evolution, the following improvements are made to the Eq. (2):

$\displaystyle q_{ij}^{t}=\left\{\begin{array}[]{ll}\varphi_{j}\times p_{s_{kj}% }^{t}+(1-\varphi_{j})\times p_{gj}^{t},&\textit{lrand }<l_{c}\\ \varphi_{j}\times p_{ij}^{t}+(1-\varphi_{j})\times p_{gj}^{t},&\textit{lrand }% \geqslant l_{c}\\ \end{array}\right.,\quad j=1,2,\ldots,D$ (10)

Where, lrand is the value of (0, 1) random numbers, $l_{c}$ is learning probability parameters, $s$ , $k$ is number of particles for other subgroups.

To make the particles reach equilibrium state between themselves development and population search capability, $l_{c}$ Value Strategies of i-th particle pairs within the group are Eq. (11):

$\displaystyle l_{ci}=l_{\text{cMin}}+(l_{\text{cMax}}-l_{\text{cMin}})\times% \left(\frac{i}{s}\right)^{\alpha}$ (11)

Where, $l_{\text{cMax}}$ , $l_{\text{cMin}}$ are respectively maximum and minimum learning parameter; $\alpha$ is a constant which is greater than 0.

The above-described QPSO algorithm with cooperative search strategy and learning behavior is defined as cooperative quantum particle swarm algorithm (CQPSO).

2.3 CQPSO-LSSVM intrusion detection step

Step 1:
Network status information is gatherd, and its appropriate treatment is made to obtain the status vector of network feature.
Step 2:
Current position $X_{i}$ of $N$ particles are randomly generated, the particle fitness $f(X_{i})$ is calculated, the optimal set of individual particles $p_{i}=X_{i}$ .
Step 3:
The whole quantum particle swarm is divided into $s$ subgroups, for each subgroup, the optimal adaptation ordinal value $k=\arg\left(\underset{1\leqslant i\leqslant N/s}{\min}f(X_{s_{i}})\right)$ of particles is first calculated, the subgroup optimal solution is $p_{g_{s}}=X_{s_{k}},k=\arg\left(\underset{1\leqslant i\leqslant s}{\min}f(p_{g% _{i}})\right),p_{g_{\textit{pop}}}=p_{g_{k}}$ , according to the ratio of gene $R_{\text{gene}}$ , particles of subgroup with the best fitness value of are selected to create a population gene pool.
Step 4:
Shrinkage expansion coefficient $\beta_{t}$ is calculated, subgroups $\beta_{t_{i}}(1\leqslant i\leqslant s)$ is calculated. For each subgroup, $l_{c}$ is calculated, and $q_{i}$ is decided according to their relationship of $l_{c}$ and lrand, the particle position is updated.
Step 5:
The adapted value of the particle is updated, subgroup $p_{i}$ , $p_{g}$ and the optimal solution $p_{g_{\textit{pop}}}$ of population are updated.
Step 6:
If the evolutionary cycle is reached, population gene pool is updated, according to $R_{\text{dead}}$ , inferior particles are replaced in subgroup.
Step 7:
Returns to the Step 4, repeat the above steps until the completion of iteration.
Step 8:
The $p_{g_{\textit{pop}}}$ is solved to obtain the optimal network intrusion detection feature subset.
Step 9:
The network intrusion optimal feature subset is used to build intrusion detection model.

3. Results and analysis

3.1 Algorithm performance testing

To test the performance of CQPSO algorithm, three standard functions of Benchmark are selected to test its performance, they are defined as follows:

3.1.1 Rosenbrock function $f_{1}(x)$

$\displaystyle f_{1}(x)=\sum_{i=1}^{n-1}\left[100(x_{i+1}-x_{i}^{2})^{2}+(x_{i}% -1)^{2}\right]\quad x_{i}\in[-5,10]$ (12)

Figure 2.

Performance comparison between CQPSO algorithm and QPSO algorithm.

The global optimum unimodal function value is 0, the optimal solution is for $X(1,1,\ldots,1)$ . The function region of close to the most advantageous is for the banana-shaped, and there is a strong correlation between variables, and the gradient information is often misleading search direction of algorithm.

3.1.2 Griewank function

f_{2}(x)

$\displaystyle f_{2}(x)=\frac{1}{4000}\sum_{i=1}^{n}x_{i}^{2}-\prod_{i=1}^{n}% \cos\left(\frac{x_{i}}{\sqrt{i}}\right)+1\quad x_{i}\in[-600,600]$ (13)

The best global multimodal function value is 0, the optimal solution is for $X(0,\ldots,0)$ . This function is a complex and multimodal function, there are a lot of local minimum points and tall obstacles, due to the variable points are significantly related, the optimization algorithm is very easy to fall into local optimum.

3.1.3 Ackley function

f_{3}(x)

$\displaystyle f_{3}(x)=20+e-e^{-\frac{1}{5}\sqrt{\frac{1}{n}\sum\nolimits_{i=1% }^{n}x_{i}^{2}}}+e^{-\frac{1}{n}\sum\nolimits_{i=1}^{n}\cos(2\pi x_{i})}\quad x% _{i}\in[-15,30]$ (14)

The best global multimodal function value is 0, the optimal solution is for $X(0,\ldots,0)$ . This function is a multimodal function with a large number of local minima, and its optimization is very difficult, the algorithm is easy to fall into local optimum, which is access to the global optimum.

QPSO comparative tests areexperimented, parameters are selected: Particle Swarm is 20, subgroup size is 5, $\beta$ decreases from 1.0 to 0.5 with linear iterations; test results are shown in Fig. 2. Figure 2 shows that, with respect to QPSO algorithm, CQPSO makes faster convergence and ensures the accuracy of the algorithm converges, it obtains better performance than QPSO algorithm, CQPSO algorithm is more stable and reliable.

Table 1

KDD CUP 99 characteristics

NO:	Feature name	NO:	Feature name
1	duration	16	num_root
2	protocol type	17	num_file_creations
3	service	18	num_shells
4	src_byte	19	num_access_shells
5	dst_byte	20	num_outbound_cmds
6	flag	21	is_hot_login
7	land	22	is_guest_login
8	wrong_fragment	23	count
9	urgent	24	serror_rate
10	hot	25	rerror_rate
11	num_failed_logins	26	same_srv_rate
12	logged_in	27	diff_srv_rate
13	num_compromised	28	srv_count
14	root_shell	29	srv_serror_rate
15	su_attempted	30	srv_rerror_rate
…	…	…	…

Table 2

Sample data in simulation

Intrusion type	Training set	Test set
DoS	3000	600
Probe	1200	400
R2L	300	100
U2R	200	50
Normal	10000	2000

3.2 Data sources

KDD CUP 99 dataset is used as a simulation object [17, 18, 19]. Each record includes a feature 41, which are as shown in Table 1. Sample data of simulation experiments are shown in Table 2.

3.3 Comparison model and evaluation criteria

To make the test results CPSO-LS SVM more convincing, fusion models (QPSO-LSSVM) between Quantum Particle Swarm Optimization and Least Squares SVM is selected, comparative tests are done between PSO and LS-SVM fusion model (PSO-LSSVM), and four aspects of their performance are tested in the false positive rate, false negative rate, detection rate and speed [20].

Since network intrusion characteristics are more, there is large range, in order to obtain better intrusion detection effect, characteristic values are pretreatmented in particular:

$\displaystyle x^{\prime}_{i}=\frac{x_{i}}{\max(x_{i})}$ (15)

In Eq. (15), $X_{i}$ is the original feature value, and $x^{\prime}_{i}$ is its pre-processed value, $\max(X_{i})$ is maximum value of characteristic $X_{i}$ .

Figure 3.

Detection rate comparison between different models of network intrusion.

Figure 4.

False negative rate comparison between different models of network intrusion.

Figure 5.

False alarm rate comparison between different models of network intrusion.

Figure 6.

Running speed comparison between different models of network intrusion.

3.4 Result analysis

Detection rate, false negative rate, false positive rate of of various models are shown in Figs 3–5. The following conclusions can be obtained from Figs 3–5:

(1)
With respect to the PSO-LSSVM network intrusion detection model, network intrusion detection effect of QPSOLSVM has been improved, the false negative rate and false alarm rate are reduced accordingly, which indicates that the quantum particle swarm algorithm is better than particle swarm algorithm, better feature subset can be obtained, the effectiveness of the network intrusion detection is improved.
(2)
With respect to QPSO-LSSVM, CQPSO-LSSVM network intrusion has even better results and better detection performance, it is mainly due to the synergy of quantum particle swarm, through the introduction of collaborative strategies, CQPSO-LSSVM can avoid falling into local optimal solution, the convergence rate is accelerated, network intrusion detection effect is better.

Intrusion detection time of each model are shown in Fig. 6. It can clearly be seen from Fig. 6 that CQPSO-LSSVM detection time is less than other network intrusion detection model, its detect is the fastest, CQPSO-LSSVM can better meet the requirements of network intrusion detection online.
4. Conclusion

In order to improve the speed of network intrusion detection, more desirable results are obtained in intrusion detection, a synergistic quantum PSO and LS-SVM network intrusion detection model is proposeed, the cooperative quantum particle swarm algorithm is used to select the network intrusion features, the number of characteristic is reduced in which LSSVM enter, the computational complexity is reduced, the simulation results show that CQPSO-LSSVM has improved intrusion detection rate, it can satisfy the requirements of online intrusion detection, CQPSO-LSSVM has broad application prospects in network security field.

Footnotes

Acknowledgments

This work is sponsored by the Scientific Research Project (NO. 14A084) of Hunan Provincial Education Department, China.

References

Qing

S.H.

Jiang

J.C.

et al., Research on intrusion detection techniques: A survey, Journal of China Institute of Communications 25(7) (2004), 78–79.

Vinayakumar

Soman

K.P.

and Poornachandran

, Applying convolutional neural network for network intrusion detection, in: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Udupi, India, 2017, pp. 1222–1228.

Vinayakumar

Soman

K.P.

and Poornachandran

, Evaluating effectiveness of shallow and deep networks to intrusion detection system, in: 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI), Udupi, India, 2017, pp. 1282–1289.

Hamed

Dara

and Kremer

S.C.

, Network intrusion detection system based on recursive feature addition and bigram technique, Computers and Security 73 (2018), 137–155.

Chen

Cheng

X.Q.

Xue

et al., Lightweight intrusion detection system based on feature selection, Journal of Software 18(7) (2007), 1639–1651.

Bao

P.Q.

and Yang

M.F.

, Intrusion detection based on KPCA AND SVM, Computer Applications and Software 23(2) (2006), 125–127.

S.R.

Liang

J.M.

et al., Feature selection method based on mutual information and attribute union theory, Computer Engineering 36(13) (2010), 257–259.

Guo

W.Z.

Chen

G.L.

et al., Feature subset selection based on particle swarm optimization algorithm and relevance analysis, Computer Science 35(2) (2008), 144–146.

Gao

H.H.

Yang

H.H.

et al., Selection and detection of network intrusion feature based on BPSO-SVM, Computer Engineering 32(8) (2006), 37–39.

10.

Chen

S.T.

Chen

G.L.

et al., Feature selection of the intrusion detection data based on particle swarm optimization and neighborhood reduction, Journal of Computer Research and Development 47(7) (2010), 1261–1267.

11.

Zhang

X.H.

and Lin

B.G.

, Research on internet of things security based on support vector machines with balanced binary decision tree, Netinfo Security 8 (2015), 20–25.

12.

Tan

X.Z.

et al., A genetic algorithm based method for feature subset selection, Soft Computing 12(2) (2008), 111–120.

13.

Shi

C.Q.

Chen

et al., Intrusion detection system based on combination of immune arithmetic and RBF network, Computer Engineering 33(9) (2007), 160–162.

14.

Zhou

Sun

et al., Quantum-behaved particle swam optimization algorithm with cooperative approach, Control and Decision 26(4) (2011), 582–586.

15.

Kennedy

and Eberhart

, Particle swarm optimization, in: Proceedings of IEEE Int Conf on Neural Network, 1995, pp. 1942–1948.

16.

X.D.

and Yao

, Cooperative coevolving particle swarms for large scale optimization, IEEE Transactions on Evolutionary Computation 16(2) (2012), 210–224.

17.

http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html.

18.

H.F.

Yue

et al., Distributed intrusion detection research based on neural network, Journal of Computer Applications 26(12) (2006), 63–65.

19.

Tan

A.P.

Chen

et al., Network intrusion intelligent detection algorithm based on adaboost, Computer Science 41(2) (2014), 197–200.

20.

Y.X.

Liu

et al., Network intrusion detection model based on improved artificial fish swarm algorithm and support vector machine, Computer Engineering and Applications 49(24) (2013), 74–77.

Collaborative quantum optimization network intrusion detection research

Abstract

Keywords

1. Introduction

2.1 CQPSO-LSSVM intrusion detection principle

2.2 Cooperative quantum-behavior particle swarm algorithm

2.2.1 Quantum-behavior particle swarm algorithm

2.2.3 Learning behavior of particles

3.1 Algorithm performance testing

3.1.1 Rosenbrock function f 1 ⁢ ( x )

3.3 Comparison model and evaluation criteria

Footnotes

Acknowledgments

References

3.1.1 Rosenbrock function $f_{1}(x)$