Enhancing Online Intrusion Detection Systems via Attack Clustering

Improving Intrusion detection systems (IDS) is pivotal for securing networks from various elusive attacks, including DDoS, packet injection, and unauthorized access. While many IDS systems are successful in fending off attacks, they often suffer from either low accuracy or significant latency. This paper proposes an IDS framework that balances higher accuracy with computational complexity, focusing on decreasing dimensionality by utilizing clustering methods, along with Ant Colony Optimization, and Rough k-means algorithms. Additionally, the paper enhances existing feature selection algorithms through multi-objective optimization, eliminating superfluous features that do not contribute significantly to intrusion detection and reducing problem dimensions, which increases speed. The combination of rough clustering and optimization techniques leads to a desirable accuracy of 87% in low dimensions. The proposed framework is evaluated using two benchmark datasets, NSL-KDD and ISCX 2012, and compared to two leading approaches, namely ICA-BP and GA-BP, where our model surpassed their accuracy levels.