An efficient intelligent intrusion detection system using fuzzy logic based on the Particle Swarm Optimization algorithm: A case study

Abstract

This paper presents an intelligent intrusion detection system using fuzzy logic based on particle swarm optimization algorithm. The main goal of this research is to survey the convergence capability of the particle swarm optimization algorithm using fuzzy logic in intelligent intrusion detection of a designable system. In order to simulate intelligent attacks on a system, KDD99 data are used. Based on the findings, the Particle Swarm Optimization (PSO) algorithm is highly capable of detecting an intelligent attack on a system. In this study, we considered 1800 times attack, in which the PSO algorithm was capable of repelling attacks in 7.24 seconds and converged. The best convergence occurred at stage 775, and then all attacks were eliminated from the system. Results showed that the stability and convergence of the system improved after each attack. Also, the number of attacks increased to 2500 times to investigate unpredictable intrusions and converge accrued at the attack 771st. Finally, the results obtained by the PSO algorithms were compared to the results obtained by the Genetic Algorithm (GA) and Simulated Annealing (SA) algorithm. The findings indicate that the PSO algorithm is highly capable of detecting intelligent intrusions into a system. It is also suggested to employ this algorithm in cloud computing systems because of its high capability of repelling smart attacks.

Keywords

Attack detection intelligent intrusion fuzzy logic particle swarm optimization genetic algorithm simulated annealing

1. Introduction

Nowadays, cyber-attacks are one of the most important problems in numerous systems. Protecting national and organizational computer networks from cyber-attacks and creating a warning in case of intrusion is a fundamental key in the interconnected world. The intrusion detection system alerts the firewall or network analyzer to alert them to any malfunctions in the network. Since digital information in the form of computer files and databases is very important for companies and organizations and even for home users, the existence of intrusion detection systems for such centers is necessary and vital. Besides, network attacks are becoming increasingly complex and dangerous. Therefore, the upgrade of intrusion detection systems is undeniable. One of the essential components of securing organizational networks is the supervision of system login. Without monitoring and managing log-in, a system could be vulnerable to cyber-attacks [1]. The rapid development of networks leads to increase attention to their security, which has become a major challenge in the design of the intelligent intrusion detection systems. Hackers, destructive software, and viruses may disrupt network data and its performance. On the other hand, data insecurity can reduce the security of the entire network and lead to many dangerous situations. Therefore, network security has become a sensitive issue. Available security techniques include system security structures and encrypted security mechanisms. Intelligent intrusion into networks, due to its short time, amount of information and data on the network, or unauthorized access to some services, may pose serious risks to the network. Therefore, an intrusion detection system is designed to detect and ensure network security [2]. Since systems that are directly connected to the network have lower security levels, they are easily accessible by attackers. Such public access to the Internet makes everything vulnerable to attacks. Sometimes these attacks do not harm the network, infecting the internal nodes makes the system ready to attack the network. These are referred to as internal attacks. Therefore, the importance of intrusion detection systems is undeniable. Despite the importance of this topic, there is no comprehensive and systematic discussion on the analysis of its important mechanisms [3]. An intrusion detection system is primarily used to protect networks against external threats such as sabotage attacks. However, early versions of an intelligent intrusion detection system are usually insufficient to detect an intrusion and need to be reconfigured. Network information security techniques have attracted the attention of many researchers. An Intrusion detection system based on the particle swarm optimization algorithm uses convergence gradient motion and divergence gradient motion to improve efficiency and accuracy [4].

Nowadays intrusion detection is an important necessity in data networks. Looking for new, fast, and robust algorithms that are capable of identifying and classifying dangerous intrusions is essential to address threats and detection difficulty. Hence, an intrusion detection algorithm with excellent prediction performance is needed. Studies have analyzed the ability to investigate intelligent intrusion into cloud-based security networks. These studies show the changes in the process of consolidation and acceptance of this type of intelligent intrusion algorithms in solving optimization problems. There is a research gap in the determination and demonstration of the exact timing of the detection and repulsion of intelligent attacks using particle swarm optimization algorithms. Therefore, studies are needed to show how long the algorithm takes for the detection of intelligent intrusion in a local search and convergence. Predicting intrusion detection based on the classification performed in an algorithm is simple and very fast. Intrusion detection frameworks are based on a learning paradigm that utilizes training data sets consisting of network features and intrusion tags [5]. Despite the reported successes, most of the particle swarm optimization algorithms show premature convergence or fast divergence, and consequently, their performance is relatively poor, hence, this algorithm needs to be redesigned with incidence control parameters [6, 7]. Zhang and Xiao [8] utilized fuzzy logic for decision making under uncertainty. Therefore, in this study, we designed an intelligent intrusion detection system using fuzzy logic based on the particle swarm optimization algorithm. Since speed and accuracy are two important factors in designing intrusion detection systems, this study shows that combining the particle swarm optimization algorithm and fuzzy logic can be a good method to solve this problem.

Zhang et al. [9] showed that intrusion detection systems are intended to detect attacks. Their findings showed that optimization systems are a good approach to smart intrusion detection. Research by Zhang et al. [10] entitled Differential Mutation and Particle Optimization Algorithm, concluded that particle optimization could provide a suitable model for convergence in differential models under intelligent attacks. Lee et al. [11] used a hybrid particle optimization algorithm for load balancing in heterogeneous computing systems in their study and concluded this kind of algorithm has high parallel computation efficiency. Wang et al. [12] showed that the modified particle optimization algorithm based on the update mechanism has a high speed in detecting anomalies and convergence. Guo [13] showed that the positioning system based on the particle optimization algorithm is capable of generating convergence under intelligent random mobility conditions. Masoud [14] in his study concluded that the particle optimization algorithm on nonlinear system algorithms has higher efficiency in detecting intelligent conditions. Xu and Yu [15] showed that the particle optimization algorithm has a high ability to thwart intelligent intrusion attacks. Guan et al. [16] demonstrated that particle optimization algorithm eventually detects and suppresses intelligent penetration levels. they showed that the particle optimization algorithm usually recognizes the levels of intelligent attacks and offers the highest level of optimization for learning and neutralization. Zhao et al. [17] showed that particle optimization algorithms have a very high rate of convergence for unwanted intelligent changes such as attacks and have rapid effects on improving these changes. Sun et al. [18] showed that business performance management systems can be improved with the PSO algorithm. Aichhorn et al. [19] proved that securing their sensitive data networks protects them from intelligent attacks. Ajdad et al. [20] displayed that power systems are usually affected by smart grids and can be vulnerable. Kim and Lim [4] mentioned that smart networks face major security challenges which should be explained to operators. Chopade and Bikdash [21] showed that smart grid features put them at risk and appropriate actions needed. Table 1 briefly reviews the related studies.

Table 1
A summary of the relevant studies.

Year Monte-carlo LRCN ISO NIDS NFC PSO Multi objective Fuzzy

Achihorm et al. [19] 2018 √

Ajdad and et al. [20] 2019 √

Chopade et al. [21] 2016 √

Kim and Lim [4] 2018 √

Shenfield et al. [6] 2018 √

Guan et al. [16] 2019 √

Wange et al. [12] 2019 √

Zhange et al. [9] 2019 √

Zhang et al. [10] 2019 √

This paper √ √

As seen in Table 1, no study applied both PSO algorithm and fuzzy sets theory for the design of the intelligent intrusion detection system. The nature of the data, as well as the intelligent intrusion, need high and low boundaries to be set to identify the most effective attacks, in which the PSO and fuzzy approach can provide reliable optimization computations, which contributes to filling the existing research gap in the field of intelligent intrusion.

This paper is structured as follows: Section 2 explains the research methodology. Findings and results are provided in Section 3. Then, Section 4 highlights the practical and managerial implications. Finally, the conclusion is presented in Section 5.

2. Research methodology

The Particle Swarm Optimization (PSO) algorithm is exploited in this study. In addition, the performance of this algorithm is compared with two other efficient metaheuristic algorithms named Genetic Algorithm (GA) and Simulated Annealing (SA) algorithm.

Many efficient meta-heuristic algorithms have been presented so far. Based several studies conducted so far, it can be said that the PSO algorithm has a lot of flexibility to control the balance between local and global search of the feasible space. This unique feature of the PSO algorithm overcomes the problem of untimely convergence and increases the search capacity [22].

GA has several advantages that make it very popular. Some of the major advantages are as follows: It does not require any derived information (which may not be available for many real-world problems). It is faster and more efficient compared to traditional methods. It has very good parallel capabilities. It optimizes continuous and discrete functions as well as multi-objective problems. It provides a list of “good” solutions and not just one solution. It always finds a solution for the problem that gets better with passing of time. It is more useful when the search space is very large and a large number of parameters are involved.

One of the advantages of the SA algorithm is its very low memory consumption (unlike the Genetic Algorithm, which has a high consumption) and its simpler implementation compared to other algorithms of the same category. Also, due to its focus on local search, it usually finds acceptable solutions. In addition, due to the existence of the guided random process (low acceptance probability for non-optimal solutions), it has the ability to pass the local optimum [23].

The flowchart of the research methodology is depicted in Fig. 1.

Figure 1.

Flowchart of the research methodology.

The PSO algorithm is an evolutionary algorithm of nature that works based on repetition and is also called the bird movement algorithm. The inspiration for the particle swarm optimization algorithm was animal swarm behavior, such as the mass movement of birds and fish.

The movement in the structure of these particles in such a way that they move repeatedly in the one-dimensional space of the problem to eventually find the optimal point in each public optimal point. The speed and position of the particles are updating according to the best solutions. The particles flow in the search space, the shift of the particles in the search space is influenced by their experience and knowledge of themselves and their neighbors. So the position of other particle mass affects how a particle searches. The result of this crowding behavior is that particles tend to successful areas.

Particles are training each other, and particles with the best knowledge go toward the best neighbors. The speed is calculated according to the best possible local solutions. The parameters are evaluating with different sorts.

The parameters of this problem are described as follows:

$V_{m n}$ : The particle velocity

$P_{m n}$ : The variables of the particle

$r 1$ and $r 2$ : Independent random numbers with a uniform distribution

$Γ 12$ and $Γ 2$ : Learning factors

$P_{m n}^{local best}$ : The best local solutions

$P_{m n}^{global best}$ : The best global solutions

Equations (1) and (2) that are related to updating the particle velocity and variables of the particle are as follows:

\begin{aligned} p_{m, n}^{n e w} & = p_{m, n}^{o l d} + v_{m, n}^{n e w} \end{aligned}

(1)

\begin{aligned} v_{m, n}^{n e w} & = v_{m, n}^{o l d} + Γ_{1} \times r_{1} \times (p_{m, n}^{local best} - p_{m, n}^{o l d}) + Γ_{2} \times r_{2} \times (p_{m, n}^{global best} - p_{m, n}^{o l d}) \end{aligned}

(2)

Here it can be stated that this vector algorithm updates the speed of each particle and adds the new speed value to the position or value of the particle. Speed updates are affected by both the best local response and the absolute best response. The best local and global solutions are the best ones obtained so far by the single algorithm, in a single order and in the population as a whole. Constants $Γ_{1}$ and $Γ_{2}$ are called the perceptual and congestion parameters, respectively. The main advantage of this algorithm is that it is simple to implement and requires quantitative parameters. Also, the particle swarm algorithm is able to optimize complex cost functions with a large number of local minimums, which greatly contributes to the desired optimization.

In order to simplify the problem, it is better to assume that some nodes want to move the nodes to a remote node outside the network. At each time point, a number of nodes randomly decide to send packets. Nodes that decide to send packets at any given time are also called active nodes. The packet forwarding by each node causes the energy in the nodes to be calculated according to the destination distance, and the farther away the destination is, the lower the energy. The goal is to solve the problem in a way that consumes less energy to send packets and thus saves energy. In this study, the intrusion detection system is investigated using a combination of particle optimization algorithms and fuzzy logic. The KDD99 dataset as an intrusion detection dataset is used for all types of attacks [24]. In the first step, the data were categorized using fuzzy logic, and then the proposed algorithm was applied to detect specific features of the attacks to distinguish between normal and abnormal events. Required modeling and analysis are performed using MATLAB software.

To calculate the design of an intelligent intrusion detection system based on the particle optimization algorithm and using fuzzy logic we defined two functions for this algorithm as a whole. Definition of functions is done separately and computationally in MATLAB software. Results in an optimization rate for identifying the most optimal design points of the system, defined as Eqs (3) and (4).

\begin{aligned} l b x & = 10 * ones (1, nvar) % Lower Bound \end{aligned}

(3)

\begin{aligned} U b X & = 10 * ones (1, nvar) % Upper Bound \end{aligned}

(4)

As can be seen in the above equations, our variables in this study are identified by the definition of $X$ and will have a row and nvar column.

Next, we need to define a weight for simulated attacks or intrusions in the system, where it showed by the $W$ . $W$ is the weight or significance of the current displacement. This variable is a decreasing coefficient that tries to optimize the invasion values at each iteration for the particle optimization algorithm. Also, two elements, as a personal experience of attack (C1), and the best experience of all (C2) as shown in Table 2.

Table 2

Definition of weights.

Parameters setting
W $=$ 1	Personal weight
W $=$ RF $=$ 0.99	Reduction factor of $w$
$C_{1} = 2$	Personal best learning coefficient
$C_{2} = 2$	Global best learning coefficient

Table 3

The parameter settings.

GA
Maximum number of iterations	Population size	Crossover percentage	Mutation percentage
1800	100	0.7	0.3
SA
Maximum number of iterations	Maximum number of inner iterations	Initial temperature	Temperature damping rate
1800	100	100	0.99

PSO
Max number	Personal	Reduction factor	Personal	Global	Number of
iteration	weight (WI)	of (W\_RF)	best (C1)	best (C2)	population
1800	1	0.99	2	2	100

The sum of C1 and C2 needs to be closer to integers. This has been demonstrated in citation studies that the closer these values are to integers, the better the particle optimization algorithm outputs to show a smart attack and shorten the attack time. The proximity of these values to the integers except in the final calculations of the algorithm provides good improvements for detecting the best and optimal time of intrusion detection. In other words, the closer these calculations are to the integers, the faster we can detect intelligent intrusions into system design networks and completely neutralize them.

To ensure the best response for designing an intelligent intrusion detection system we need to consider the highest turnover in the algorithm, the turnover in the algorithm is known as the iter (iteration) in MATLAB software. For this purpose, if the circuits are considered above 1000 times, the results of the loop can be invoked to identify the best time to detect an intelligent intrusion attack. According to Table 3, the designed iter system (iteration) is 1800 for this problem.

This maximum iter (iteration) value makes it the best time to detect the intrusion of the smart attack and to better accept the design steps of the system.

Next, we need to consider the upper and lower bounds for the simulation. Cognitive studies of intelligent intrusion detection suggest that simulated attacks for intelligent intrusion usually have a lower and upper limit that can infiltrate the system at various stages. These upper and lower limits can usually vary depending on the type of system being designed. In this study, based on these actual upper and lower limit observations, the simulated data for infiltration operations are considered, as shown in Eqs (2)–(7).

\begin{aligned} % % s a v e D a t a \\ Data . Npar = Npar \end{aligned}

(5)

\begin{aligned} Data . l b = l b \end{aligned}

(6)

\begin{aligned} Data . u b = u b \end{aligned}

(7)

Three sections are considered for each data entry in the system of intelligent infiltration, including position, velocity, and scale. Then the computational scales are repeated for Npar. To optimize the best solutions in the system using a particle optimization algorithm method, for loop is formed for all data, which examines the simulation of intrusive data in its cycle. The data are analyzed at both upper and lower limits. In all cases, it is assumed that the initial velocity of motion (i.e., when for the first-time intelligent penetration is made) is zero. Therefore, it optimizes the functions for the loop and provides the best time for intelligent intrusion detection and neutralization in system design. Studies show that intelligent penetration acts as a quadratic function, meaning that it is usually doubled in each fraction of the time of the attack, and this in all cases takes into account the power of the two for the intelligent intrusion particles. Accordingly, the function is defined as a quadratic function for the variable $x$ , which is in Eqs (8)–(10).

\begin{aligned} Function [s o 1] = fitness (s o 1, data) \end{aligned}

(8)

\begin{aligned} X = s o l . x; \end{aligned}

(9)

\begin{aligned} S o l . f i t = s u m (x . \land 2) \\ end \end{aligned}

(10)

This function is invoked as a reference for performing computations in the optimal particle algorithm. As stated above, our data for the three dimensions of velocity, size, and scale can be examined, so the three-dimensional matrix is considered. Based on Moore [25] approach, it is argued that intelligent infiltration into systems is discussed under the influence of three layers. The citation also states that the benchmark numbers for these three factors must be below 10 to produce the best results. Intelligent intrusion into MATLAB software is considered a demographic group. These values must have a data break. In other words, the nature of these data must be defined discretely and correctly because based on the resultant approach to intelligent intrusion detection, an intruder can influence the design of the sequential system, either affecting or its effect tending to zero, in both cases, the definition of infiltration populations is based on the integer component because the property of the integer component is to convert the data to zero and one, which means effective and ineffective.

3. Findings and results

Finally, after defining all of the parts, the algorithm is used in a loop. The loop rotates this data. Each data represents an intelligent infiltration and iter (iteration) is considered to be 1800, that is to say for a system we are trying to infiltrate smartly into the system at 1800 repetition. In other words, it has been attacked more than 1800 times to detect an intelligent intrusion into the target system. The optimal system design, in this case, is considered the time (velocity) criterion, and when the data becomes zero at a later stage it indicates that intelligent intrusion is detected.

As shown in the output of MATLAB software in iter (iteration) 775 the best solution is zero. In other words, the algorithm shows that the optimal system design approach can detect and neutralize the system’s 775th intelligent intrusion attack. The next component to investigate is the time (speed) of intelligent intrusion detection for MATLAB software

The output of the particle optimization algorithm using fuzzy logic-based particle optimization algorithm shows that intelligent penetration into the system was detected and neutralized at 7.28 sec. For this purpose, as presented in Fig. 2.

Figure 2.

The optimization graph of algorithm.

As shown in Fig. 2, with the onset of intelligent intrusion, the system gradually lunches to neutralize so that near the 800th attack almost complete detection is made and the intelligent intrusion is completely neutralized. This is the best solution to the fuzzy logic particle optimization algorithm. The top graph, which illustrates fluctuations, shows that these changes are offset by an average of about 900th attacks. Average levels based on fuzzy calculations are slightly higher than the best response level. The reason is that the optimization in the algorithm detects and neutralizes the particle swarm faster than the average levels of intelligent penetration.

On the other hand, to evaluate the algorithm’s optimization capability, one can test the computational ability based on the trial and error approach of calculating the least squares mean of the residuals of the intelligent attack repulsion, which was used for this purpose. The computation of the Taguchi algorithm was based on the smart intrusion attack factor and the frequency of intelligent intrusion attack as follows:

Figure 3.

The result of Taguchi parameter setting.

According to Fig. 3, the best signal-to-noise ratio is found in which the ability to detect an intrusion is improved by the Taguchi algorithm, so that increase the algorithm’s computational capability is increased and ultimately leads to the best possible solutions.

The performance of the particle swarm optimization algorithm is compared to the performance of the GA and SA algorithms. The results of the Taguchi method for parameter settings are shown in Table 3.

When attacks increase by up to 4 times, the algorithm’s computational ability is simultaneously improved and can provide higher detection rates. This can be invoked when we know that attacks are usually intelligent and double at each or every node. In other words, based on hacking and smart intrusion, attacks can be defined as doubling their power each time. The Taguchi method can increase the rate of detection and repel.

Table 4

The output of detection rate.

SN ratios	Fit	SE fit	Residual	St resid
19.837	15.751	1.362	4.086	2.65

As shown in Table 4, the detection rate is 19.837 representing a high detection rate. Accordingly, the standard deviation resulting from the attack stabilization is 1.362, which indicates that when the attacks are stabilized and controlled by the defense barrier of the algorithm it may still be possible that 36% of attacks be out of the control of the algorithm. In this case, the residual values are 4.086, which indicates that the full repulsion of attacks there may still exist an 8% chance of reoccurring.

More than 1800 attacks are conducted to detect intelligent intrusion into the system for all three algorithms including PSO, GA, and SA algorithms, which is determined by the number of iterations. In this case, the design of the best system is considered by the time (speed) factor, so that any algorithm that can detect intelligent intrusion in less time and repetition has better performance, and the system has reached stability. Based on the comparison between the three algorithms, the time is 7.28 (seconds) for the PSO algorithm, 8.04 (seconds) for the GA algorithm, and 10.34 (seconds) for the SA algorithm. Hence, the findings demonstrate the superiority of the PSO algorithm in terms of the factor of time for this case study. According to the relevant previous studies, it can be concluded that the obtained results are better than usual.

Figure 4.

The optimization graph of PSO algorithm.

Figure 5.

The optimization graph of SA algorithm.

Figure 6.

The optimization graph of GA algorithm.

As shown in Figs 4, 5, and 6, the PSO algorithm can detect the intelligent intrusion at the 774^th iteration, the SA algorithm is able to detect the intelligent intrusion at the 788^th iteration, and the GA algorithm can detect the intelligent intrusion at the 819^th iteration. This solution is the best solution that optimization algorithms based on fuzzy logic have obtained. The red curve shows that the changes with fluctuations are neutralized approximately around the 900^th attack for the PSO algorithm, about the 900th attack for the SA algorithm, and around the 930th attack for the GA algorithm. The mean levels based on fuzzy calculations are slightly higher than the best solution level. This is because the optimization algorithm detects the intelligent intrusion and neutralizes faster than the mean average levels. As a result, the PSO algorithm has reached stability in better conditions, therefore, the algorithms used in this study are ranked as follows: PSO, SA, and GA.

4. Practical and managerial implications

The PSO algorithm in smart attack detection allows for convergence in computing and network defense systems. This reliability increases with decreasing definite duration. Preventive maintenance reduces the operational results which is the defensive using of this approach. On the other hand, the benefit of its reliability is more than its cost. Due to the high complexity and importance of preventive maintenance, methods are needed for scheduling maintenance. Nowadays, computer network security practitioners are changing the way they perform maintenance to increase their efficiency and effectiveness, and using the PSO algorithm improves this matter. Maintenance costs are expected to increase in the future. This is because of trying to minimize costs by extending the life of the equipment. As a summary, the terms indicate the increasing need and complexity of time-scheduling repair and maintenance methods that use this algorithm to reduce costs on smart grids because of the ability to detect attacks intelligently it will reduce costs and delayed the depreciation of hardware. Most researchers have been working on scheduling maintenance issues, but a matter of optimizing particle aggregation is in the early stages. Scheduling the maintenance of the security network is very helpful in finding many problems that are not detectable by routine tests and external observations. In addition, PSO contributes to the stability of the security network by reducing maintenance times. In some cases, the two areas may be self-sufficient in terms of intelligent attack, but two systems should be built to increase the reliability of the two systems. This will make it possible to provide security on the other hand if the defense system in each region is deficient. Maintenance reduces the error rate. Thus, it causes reducing the expected downtime and continuity of expected interruptions due to smart attacks. Network security companies are the last link in the process of generating, transmitting, and distributing power. They are the most important body of cyber defense that is directly related to the subscribers. The desired efficiency and effectiveness of the company can lead to satisfying the public on material and economic values and in meeting the objectives of maintaining network security. In this regard managing the type of attack by PSO is inevitable. If you look at the issue of preventive maintenance in cyber-security companies more broadly vision, this is part of a broader concept called value management. The management of cyber capital in companies means that in distribution and proper use of capital has a vital and decisive role in this task. The cyber-security industry’s experience in distributed defense networking shows that customers face many hurdles and problems when disconnecting against intelligent intrusions. The economic and social consequences of this, on the one hand, and the costs imposed on companies, on the other, necessitate identifying and exploring the types of preventive maintenance models that these companies must somehow enhance the level of customer service that most benefits them to pay for the cost of this increase in services. Asset management and defense system maintenance are key factors of operation and planning in cyber-security companies. Maintenance is one of the activities that security companies do to improve equipment conditions and achieve better performance. In physical asset management, these companies are demanding less use of financial resources, more tasks, and improved system performance. In the data distribution network, the equipment number is high, and the environment is geographically complex, therefore maintenance items are complex regarding the intelligent attacks. Therefore, it is important to provide a timing plan for the maintenance of the security network that performs PSO. In this study, the problem of scheduling maintenance of the distribution network is defined as a multi-objective function and its constraints. Because of the nonlinearity of the optimization problem, the particle optimization algorithm is used to solve it.

5. Conclusion

Intelligent intrusion detection is not well capable of being located in a complex environment alone. Therefore, the fuzzy logic [26, 27] is also used to create an intrusion detection system. Intrusion Detection System based on the PSO algorithm using fuzzy logic fully demonstrated the ability to repel the attack in 7.24 seconds. Intrusion detection system based on the PSO algorithm and fuzzy logic that uses clustering as multiple fuzzy MAXMIN points whose upper and lower bound are selected as integer and have a false positive rate of almost zero. The PSO algorithm works well with unsupervised learning in large environments such as the cloud where different types of attacks exist. These networks can always adapt themselves to new situations and data do not need to spend a lot of money to retrain with all the previous and new data. By combining the PSO algorithm and fuzzy logic, the system design environment is assumed to be smaller and finer. The PSO algorithms have high detection accuracy; as an illustration, the PSO algorithm has a detection accuracy of 63% and will increase to 69% at higher attack levels, which indicating high values. These findings are consistent with the findings of Liao et al. [28]. The current research demonstrated that in the field of unconventional behavior detection, some references were used to extract the most appropriate features and select the most appropriate parameters. The findings of this study also agree with the study of Afaf et al. [29]. This study utilized the PSO algorithm as well as two other well-known and frequently-used algorithms of GA and SA. First, we analyzed the labeled dataset, and then adjusted several basic rules. We used these rules set as the initial population. Also, the performance of the PSO algorithm was compared with GA and SA. The findings shows that these algorithms are capable of detecting intelligent intrusion attacks on a computer system. However, the PSO algorithm outperforms the other two algorithms. For further studies, it is suggested to apply the PSO algorithm and other metaheuristic algorithms to other cases and compare the results.

References

Liu

Jajodia

Wang

, editors. Theory and Models for Cyber Situation Awareness. Springer International Publishing. 2017 Jul 5. doi: 10.1007/978-3-319-61152-5.

Mbarek

Meddeb

Jaballah

Mosbah

. A secure authentication mechanism for resource constrained devices. In 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA) 2015 Nov 17 (pp. 1-7). IEEE. doi: 10.1109/AICCSA.2015.7507270.

Hajiheidari

Wakil

Badri

Navimipour

. Intrusion detection systems in the Internet of things: A comprehensive investigation. Computer Networks. 2019 Sep 4; 160: 165-91. doi: 10.1016/j.comnet.2019.05.014.

Kim

Lim

. Intelligent intrusion detection system featuring a virtual fence, active intruder detection, classification, tracking, and action recognition. Annals of Nuclear Energy. 2018 Feb 1; 112: 845-55. doi: 10.1016/j.anucene.2017.11.026.

Caminero

Lopez-Martin

Carro

. Adversarial environment reinforcement learning algorithm for intrusion detection. Computer Networks. 2019 Aug 4; 159: 96-109. doi: 10.1016/j.comnet.2019.05.013.

Sharafaldin

Lashkari

Ghorbani

. An evaluation framework for network security visualizations. Computers & Security. 2019 Jul 1; 84: 70-92. doi: 10.1016/j.cose.2019.03.005.

Ali

Jamil

. Exchange Property in Double Edge Resolving Partition Sets and Its Use in City Development. Spec. Decis. Mak. Appl. [Internet]. 2024 Aug. 9 [cited 2024 Sep. 2]; 1(1): 84-97. doi: 10.31181/sdmap1120246.

Zhang

Xiao

. A TFN-based uncertainty modeling method in complex evidence theory for decision making. Information Sciences. 2023 Jan 1; 619: 193-207. doi: 10.1016/j.ins.2022.11.014.

Zhang

Wang

Kang

Cheng

. Differential mutation and novel social learning particle swarm optimization algorithm. Information Sciences. 2019 Apr 1; 480: 109-29. doi: 10.1016/j.ins.2018.12.030.

10.

Zhang

Wang

You

Zheng

. Optimal configuration and operating condition of counter flow cooling towers using particle swarm optimization algorithm. Applied Thermal Engineering. 2019 Mar 25; 151: 318-27. doi: 10.1016/j.applthermaleng.2019.01.097.

11.

Liang

Ouyang

. A hybrid particle swarm optimization algorithm for load balancing of MDS on heterogeneous computing systems. Neurocomputing. 2019 Feb 22; 330: 380-93. doi: 10.1016/j.neucom.2018.11.034.

12.

Wang

Cui

Wang

Xiao

Jiang

. Machine learning for networking: Workflow, advances and opportunities. IEEE Network. 2017 Nov 28; 32(2): 92-9. doi: 10.1109/MNET.2017.1700200.

13.

Guo

Xiong

. Indoor positioning system based on particle swarm optimization algorithm. Measurement. 2019 Feb 1; 134: 908-13. doi: 10.1016/j.measurement.2018.12.038.

14.

Messaoud

. Observer for nonlinear systems using mean value theorem and particle swarm optimization algorithm. ISA Transactions. 2019 Feb 1; 85: 226-36. doi: 10.1016/j.isatra.2018.10.036.

15.

. Reprint of: On convergence analysis of particle swarm optimization algorithm. Journal of Computational and Applied Mathematics. 2018 Oct 1; 340: 709-17. doi: 10.1016/j.cam.2018.04.036.

16.

Guan

Yang

Jiang

Lin

. A new method for parametric design and optimization of ship inner shell based on the improved particle swarm optimization algorithm. Ocean Engineering. 2018 Dec 1; 169: 551-66. doi: 10.1016/j.oceaneng.2018.10.004.

17.

Zhao

Liu

. Study on network security situation awareness based on particle swarm optimization algorithm. Computers & Industrial Engineering. 2018 Nov 1; 125: 764-75. doi: 10.1016/j.cie.2018.01.006.

18.

Sun

Dun

Guo

Yang

. A novel characterization method of piezoelectric composite material based on particle swarm optimization algorithm. Applied Mathematical Modelling. 2019 Feb 1; 66: 322-31. doi: 10.1016/j.apm.2018.08.015.

19.

Aichhorn

Etzlinger

Unterweger

Mayrhofer

Springer

. Design, implementation, and evaluation of secure communication for line current differential protection systems over packet switched networks. International Journal of Critical Infrastructure Protection. 2018 Dec 1; 23: 68-78. doi: 10.1016/j.ijcip.2018.06.005.

20.

Ajdad

Baba

Al Mers

Merroun

Bouatem

Boutammachte

. Particle swarm optimization algorithm for optical-geometric optimization of linear fresnel solar concentrators. Renewable Energy. 2019 Jan 1; 130: 992-1001. doi: 10.1016/j.renene.2018.07.001.

21.

Chopade

Bikdash

. New centrality measures for assessing smart grid vulnerabilities and predicting brownouts and blackouts. International Journal of Critical Infrastructure Protection. 2016 Mar 1; 12: 29-45. doi: 10.1016/j.ijcip.2015.12.001.

22.

Mzili

Riffi

Pamucar

Simic

Kurdi

. A novel discrete rat swarm optimization algorithm for the quadratic assignment problem. Facta Universitatis, Series: Mechanical Engineering. 2023 Oct 31; 21(3): 529-52. doi: 10.22190/FUME230602024M.

23.

Mzili

Riffi

Pamucar

Simic

Abualigah

Almohsen

. Hybrid genetic and penguin search optimization algorithm (GA-PSEOA) for efficient flow shop scheduling solutions. Facta Universitatis, Series: Mechanical Engineering. 2024 Apr 1; 22(1): 077-100. doi: 10.22190/FUME230615028M.

24.

Pramilarani

Kumari

. Cost based Random Forest Classifier for Intrusion Detection System in Internet of Things. Applied Soft Computing. 2024 Jan 1; 151: 111125. doi: 10.1016/j.asoc.2023.111125.

25.

Moore

. Effective instructional strategies: From theory to practice. Sage Publications. 2014 Jan 15.

26.

Sing

Rahaman

Sankar

. Solution of fuzzy system of linear equation under different fuzzy difference ideology. Spectrum of Operational Research. 2024 Aug 6; 1(1): 64-74. doi: 10.31181/sor1120244.

27.

Alamin

Rahaman

Mondal

. Geometric Approach for Solving First Order Non-homogenous Fuzzy Difference Equation. Spectrum of Operational Research. 2025; 2(1): 61-71. doi: 10.31181/sor2120257.

28.

Liao

Lin

Tung

. Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications. 2013 Jan 1; 36(1): 16-24. doi: 10.1016/j.jnca.2012.09.004.

29.

Afaf

Hend

Safaa

Soad

. Comparative Study Between Bacterial Status of Balady and Commercial Table Egg with Detection of Genes Producing toxin in Luxor Governorate, 2019.

	Year	Monte-carlo	LRCN	NIDS	NFC	PSO	Multi objective	Fuzzy
Achihorm et al. [19]	2018						√
Ajdad and et al. [20]	2019					√
Chopade et al. [21]	2016	√
Kim and Lim [4]	2018		√
Shenfield et al. [6]	2018			√
Guan et al. [16]	2019				√
Wange et al. [12]	2019					√
Zhange et al. [9]	2019					√
Zhang et al. [10]	2019					√
This paper						√		√