In recent years, due to the rapid progress of various technologies, wireless computer networks have developed. However, the activities of the security threats and attackers affect the data communication of these technologies. So, to protect the network against these security threats, an efficient IDS (Intrusion Detection System) is presented in this paper. Namely, optimized long short-term memory (OLSTM) network with a stacked auto-encoder (SAE) network is proposed as an IDS system. Using SAE, significant features are extracted from the databases such as input NSL-KDD database and the UNSW-NB15 database. Then extracted features are given as input to the optimized LSTM which is used as an intrusion identification system. To enhance the effectiveness of the LSTM, we present the pigeon optimization algorithm (POA). Using this algorithm, weight parameters of the LSTM are chosen optimally. Finally, the proposed IDS model decides whether the input packets are intruded or not. The results confirm that the proposed IDS model surpasses the previous machine learning-based IDS models in terms of correctness, F1-score and G mean.
As computer networks have gotten broadly utilized in all parts of our lives, the security of networks has gotten progressively significant. Network security incorporates primarily the integrity, confidentiality, and availability of its conveyor’s data. Any action endeavoring to weak these parameters or to sidestep the security schemes of a network can be viewed as a network intrusion. An IDS is a sort of security management framework that is used to identify intrusion in the network and is a basic section of network security frameworks these days [
Numerous researches using AI have designed IDS with machine learning models. For example, GAs (Genetic Algorithms) [ To shorten the complexity of IDS, the input features from the dataset are to be extracted initially. So, for efficient feature extraction, a Stacked Auto Encoder Network is presented. Then the extracted features are given as input to the optimized LSTM based RNN model. In this detection model, the performance of LSTM is enhanced by optimizing the weight parameters using the pigeon optimization algorithm (POA). This proposed approach is implemented in the platform of Python. For performance analysis, the NSL-KDD and UNSW-NB15 datasets are used.
The article is sorted as follows. Section 2 relates the recent literature that focused research on identifying the intrusions in the wireless networks. Section 3 proposes feature extraction using Stacked Auto Encoder Network and also presents wireless intrusion detection system using pigeon optimization algorithm based LSTM. Section 4 discusses the results of the proposed approach. Lastly, the conclusion of the work is described in Section 5.
In this section, some recent literature that focused research on detecting the intrusions in the wireless network is reviewed. Yang et al. [
Wu et al. [
To improve the performance of the IDS system, Xu et al. [
Vijayanand et al. [
Although many machine learning schemes were presented for network intrusion detection, they were not sufficient to provide good performance for multiple classes. So, Zhou et al. [
Liu et al. [
Aroba et al. [
AE is a sort of unsupervised learning structure which possesses three layers: input, hidden, and output layer appeared in
Notations | Descriptions |
Input dataset | |
Hidden encoder vector | |
Decoder vector of output layer | |
E | Encoding function |
W1, W2 | Weight matrix |
b1, b2 | Bias vector |
D | Decoding function |
L | Loss function |
From the input dataset
The process of the decoder is defined as follows:
The set of parameters of AE is enhanced to minimize the reconstruction error:
In this approach, the SAE network is used for feature extraction. Using this network, correlated features are extracted from the input dataset. As shown in the The output in first hidden layer is given as input to the second layer and this process is continued until completing the training process.
The output of the hidden layer 1 or encoder of AE1 is defined as follows:
The output of the hidden layer 2 or encoder of AE2 is defined as follows:
The output layer or decoder process is defined as follows: After the completion of the training process in hidden layers, the backpropagation algorithm (BP) is used backpropagation algorithm (BP) is used for minimizing the cost function () and weights are updated to attain the fine-tuning.
The output vectors or features are given as input to the proposed IDS model which detects whether the input packets are intruded or not. The extracted feature set is represented as follows,
The proposed optimized LSTM is a type of artificial neural network. To overcome the problem of not considering a series of factors in traditional artificial neural framework, RNN has been introduced. RNN was built to understand this obstacle. The arrangement of RNN is given in
The Forget gate used to select the discard and selected information and stored in memory. The mathematical function is given in
The candidate value of tanL layer is calculated using
The candidate value is selected by input gate, and the forget gate chooses whether to hold or remove data on memory depends on the output from the
To improve the LSTM’s performance, weight parameters {
where,
Fitness calculation: For each initialized solution, fitness is calculated for finding the optimal solution. The minimum value of the error function of the DNN is considered as the fitness function and this function is defined as follows
Update the solution: To update the position of the directing qualities of pigeons, two operators are planned by utilizing a few guidelines:
where, L denotes the factor of the map and compass, rand represents the arbitral number, and Yg represents the current global best spot. When the number of iteration (Niter) is greater than maximum number of iteration (Niter1 max), terminate the map and compass operator and initiate the next operator i.e., the Landmark operator.
As denoted in
The position updating rule for pigeon I at the t-th cycle can be determined by:
As appeared in
The proposed Wireless Intrusion Detection System Based on Optimized LSTM with Stacked Auto Encoder Network (OLSTM + SAE) was implemented in the platform of Python and the system having Intel Core i7 @ 3.4 GHz, 64 GB RAM. The performance of the proposed IDS system is analyzed or evaluated by using the data from the datasets NSL-KDD and UNSW-NB15.
For experimental analysis, NSL-KDD and UNSW-NB15 dataset is used. NSL-KDD dataset is updated version of KDD’99 dataset. This dataset eliminates the redundant and duplicate records present in the KDD dataset. Generally, the dataset is divided into two set training and testing. The attack types in the dataset records are Probe, DoS (Denial of Service), U2R (User to Root), and R2L (Remote to Local). In this proposed approach, KDDTrain + 20Percent.txt is used as the training set and KDDTest+, and KDDTest-21 is used as the test sets.
UNSW-NB15 dataset includes 42 features such as service, state, rate, proto, etc. Among the features, three are nominal and the remaining features are numeric. Besides, this dataset has two subsets of the training set that are UNSW-NB15-25 and UNSW-NB15-75. Here, UNSW-NB15-25 denotes 25% of the full training set and UNSW-NB15-75 denotes 75% of the full training set.
Here the potential of the proposed intrusion detection model is analyzed against NSL-KDD dataset. Based on the testing data KDDTest+ and KDDTest-21, the performance of the different feature extraction techniques and intrusion detection models are analyzed. The following sections describe the comparative analysis of the proposed models with the existing models.
In this section, the potential of the Intrusion detection models LSTM + POA, LSTM + PSO (Particle swarm optimization), LSTM, SVM (Support Vector Machine), and KNN (K-Nearest Neighbor) are analyzed in terms of various attacks and metrics. Besides, these checks are carried by using KDDTest+ and KDDTest-21. The detection rate of the different detection models by using KDD test+ is shown in
The overall performance of the different feature extraction techniques by using UNSW-NB15 is shown in
To solve the issues of security threats from the wireless network, we have presented optimized long short-term memory (OLSTM) network with a stacked autoencoder (SAE) network-based IDS system. Using the SAE network, the significant features have been extracted from NSL-KDD dataset. Based on these extracted features, the optimized LSTM has been trained for intrusion detection. For enhancing the detection rate of LSTM, its weight parameters have been optimized using a pigeon optimization algorithm (POA). The potential of the proposed IDS model is analyzed with various test data of NSL-KDD such as KDDTest+, and KDDTest-21 and that of the UNSW-NB15 dataset. Simulation values showed that the performance of the proposed IDS model is improved than the previous machine learning-based IDS schemes with respect to detection rate, accuracy, F1-score, and G mean. In future, we will implement cryptography algorithm for privacy and also, we will develop hybrid algorithm for intrusion detection system.