Ant colony optimization based network intrusion feature selection and detection

This paper proposes a novel intrusion detection approach by applying ant colony optimization for feature selection and SVM for detection. The intrusion features are represented as graph-ere nodes, with the edges between them denoting the adding of the next feature. Ants traverse through the graph to add nodes until the stopping criterion is satisfied. The fisher discrimination rate is adopted as the heuristic information for ants´ traversal. In order to avoid training of a large number of SVM classifier, the least square based SVM estimation is adopted. Initially, the SVM is trained based on grid search method to obtain discrimination function using the training data based on all features available. Then the feature subset produced during the ACO search process is evaluated based on their abilities to reconstruct the reference discriminative function using linear least square estimation. Finally SVM is retrained using the train data based on the obtained optimal feature subset to obtain intrusion detection model. The MIT´s KDD Cup 99 dataset is used to evaluate our present method, the results clearly demonstrate that the method can be an effective way for intrusion feature selection and detection.