Title: IDS false alarm reduction using an instance selection KNN-memetic algorithm

Authors: Amal Miloud-Aouidate; Ahmed Riadh Baba-Ali

Addresses: LRIA, USTHB, BP 32 El Alia, Bab Ezzouar Algiers, 16111, Algeria ' LRPE, USTHB, BP 32 El Alia, Bab Ezzouar Algiers, 16111, Algeria

Abstract: A K-nearest neighbours-based intrusion detection system uses a training set for classification purpose. The size of this dataset is critical. In fact, if the dataset size is too small, the classification accuracy decreases. However if it is too large, the classification running time might be excessive. This paper describes an instance selection memetic algorithm used for the improvement of IDS classification. The proposed memetic controlled local search (MCLS) algorithm includes a new local search that allows the orientation and the improvement of the solutions. Besides, the proposed MCLS algorithm enhances the capabilities of the standard KNN classifier in intrusion detection field. The results obtained through experiments on KDD '99 dataset are very satisfactory as they enable the elimination of the false positive alerts while keeping a high detection rate.

Keywords: nearest neighbour classifier; memetic algorithms; local search; instance selection; intrusion detection systems; IDS; network security; false positives; machine learning; k-nearest neighbour.

DOI: 10.1504/IJMHEUR.2013.058473

International Journal of Metaheuristics, 2013 Vol.2 No.4, pp.333 - 352

Received: 29 Dec 2012
Accepted: 05 Jun 2013

Published online: 12 Jul 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article