Title: IDS false alarm reduction using an instance selection KNN-memetic algorithm
Authors: Amal Miloud-Aouidate; Ahmed Riadh Baba-Ali
Addresses: LRIA, USTHB, BP 32 El Alia, Bab Ezzouar Algiers, 16111, Algeria ' LRPE, USTHB, BP 32 El Alia, Bab Ezzouar Algiers, 16111, Algeria
Abstract: A K-nearest neighbours-based intrusion detection system uses a training set for classification purpose. The size of this dataset is critical. In fact, if the dataset size is too small, the classification accuracy decreases. However if it is too large, the classification running time might be excessive. This paper describes an instance selection memetic algorithm used for the improvement of IDS classification. The proposed memetic controlled local search (MCLS) algorithm includes a new local search that allows the orientation and the improvement of the solutions. Besides, the proposed MCLS algorithm enhances the capabilities of the standard KNN classifier in intrusion detection field. The results obtained through experiments on KDD '99 dataset are very satisfactory as they enable the elimination of the false positive alerts while keeping a high detection rate.
Keywords: nearest neighbour classifier; memetic algorithms; local search; instance selection; intrusion detection systems; IDS; network security; false positives; machine learning; k-nearest neighbour.
DOI: 10.1504/IJMHEUR.2013.058473
International Journal of Metaheuristics, 2013 Vol.2 No.4, pp.333 - 352
Received: 29 Dec 2012
Accepted: 05 Jun 2013
Published online: 12 Jul 2014 *