Title: A Manhattan distance-based binary bat algorithm vs. integer ant colony optimisation for intrusion detection in the audit trails

Authors: Wassila Guendouzi; Abdelmadjid Boukra

Addresses: Faculty of Electronics and Computer Science, LSI Laboratory, USTHB, Algiers, Algeria ' Faculty of Electronics and Computer Science, LSI Laboratory, USTHB, Algiers, Algeria

Abstract: Intrusion detection system (IDS) is the process of monitoring and analysing security activities occurring in computer or network systems. The detection method can perform either anomaly-based or misuse-based detection. The misuse mechanism aims to detect predefined attack scenarios in the audit trails, whereas the anomaly detection mechanism aims to detect deviations from normal user behaviour. In this paper, we deal with misuse detection. We propose two approaches to solve the NP-hard security audit trail analysis problem. Both rely on the Manhattan distance measure to improve the intrusion detection quality. The first proposed method, named enhanced binary bat algorithm (EBBA), is an improvement of bat algorithm (BA). The second one, named enhanced integer ant colony system (EIACS), is a combination of two metaheuristics: ant colony system (ACS) and simulated annealing (SA). Experiment results indicate that, for large problem size, the performance of EIACS is more significant than EBBA.

Keywords: intrusion detection; security audit trail analysis; combinatorial optimisation problem; NP-hard; Manhattan distance; bat algorithm; ant colony system; ACS; simulated annealing.

DOI: 10.1504/IJCSE.2019.099079

International Journal of Computational Science and Engineering, 2019 Vol.18 No.4, pp.424 - 437

Received: 15 Dec 2015
Accepted: 12 Oct 2016
Published online: 15 Apr 2019 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article