Network Intrusion Detection using a Combination of Fuzzy Clustering and Ant Colony Algorithm



  • Yadgar Sirwan Abdulrahman IT Department Kurdistan Technical Institute, Sulaymaniyah, Kurdistan Region, Iraq



Intrusion detection, Data mining, Fuzzy clustering, Ant colony


As information technology grows, network security is a significant issue and challenge. The intrusion detection system (IDS) is known as the main component of a secure network. An IDS can be considered a set of tools to help identify and report abnormal activities in the network. In this study, we use data mining of a new framework using fuzzy tools and combine it with the ant colony optimization algorithm (ACOR) to overcome the shortcomings of the k-means clustering method and improve detection accuracy in IDSs. Introduced IDS. The ACOR algorithm is recognized as a fast and accurate meta-method for optimization problems. We combine the improved ACOR with the fuzzy c-means algorithm to achieve efficient clustering and intrusion detection. Our proposed hybrid algorithm is reviewed with the NSL-KDD dataset and the ISCX 2012 dataset using various criteria. For further evaluation, our method is compared to other tasks, and the results are compared show that the proposed algorithm has performed better in all cases.


[1] M. Mazini, B. Shirazi and I. Mahdavi. “Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms”. Journal of King Saud University- Computer and Information Sciences, vol. 31, no. 4, pp. 541-553, 2019.
[2] R. Chitrakar and H. Chuanhe. “Anomaly Based Intrusion Detection Using Hybrid Learning Approach of Combining K-Medoids Clustering and Naïve Bayes classification”. IEEE, United States, 2012.
[3] A. Saifullah. “Defending Against Distributed Denial-of-Service Attacks With Weight-Fair Router Throttling”, 2009. Available from: [Last accessed on 2021 May 10].
[4] I. Syarif, A. Prügel-Bennett and G. Wills. “Data mining approaches for network intrusion detection: From dimensionality reduction to misuse and anomaly detection”. Journal of Information Technology Review, vol. 3, no.2, pp. 70-83, 2012.
[5] S. Revathi and A. Malathi. “Data Preprocessing for Intrusion Detection System using Swarm Intelligence Techniques”. International Journal of Computer Applications, vol. 75, no. 6, pp. 22-27, 2013.
[6] K. Singh and K. Singh. “Intrusion detection and recovery of MANET by using ACO algorithm and genetic algorithm”. Advances in Intelligent Systems and Computing, vol. 638, pp. 97-109, 2018.
[7] J. Cheng, C. Zhang, X. Tang, V. S. Sheng, Z. Dong and J. Li. “Adaptive DDoS attack detection method based on multiple-kernel learning”. Security and Communication Networks, vol. 2018, p. 5198685, 2018.
[8] Z. Xia, S. Lu, J. Li and J. Tang. “Enhancing DDoS flood attack detection via intelligent fuzzy logic”. Informatica, vol. 34, no. 4, pp. 497-507, 2010. Available from: php/informatica/article/view/323. [Last accessed on 2021 May 11].
[9] M. H. Kamarudin, C. Maple, T. Watson and N. S. Safa. “A new unified intrusion anomaly detection in identifying unseen web attacks”. Security and Communication Networks, vol. 2017, p. 2539034, 2017.
[10] M. J. Vargas-Munoz, R. Martinez-Pelaez, P. Velarde-Alvarado, E. Moreno-Garcia, D. L. Torres-Roman and J. J. Ceballos-Mejia. “Classification of network anomalies in flow level network traffic using Bayesian networks”. In: 2018 28th International Conference on Electronics, Communications and Computers, CONIELECOMP 2018, vol. 2018, pp. 238-243, 2018.
[11] A. Koay, A. Chen, I. Welch and W. K. G. Seah. “A new multi classifier system using entropy-based features in DDoS attack detection”. In: International Conference on Information Networking, vol. 2018, pp. 162-167, 2018.
[12] A. Shiravi, H. Shiravi, M. Tavallaee and A. A. Ghorbani. “Toward developing a systematic approach to generate benchmark datasets for intrusion detection”. Computers and Security, vol. 31, no. 3, pp. 357-374, 2012.
[13] K. Socha and M. Dorigo. “Ant colony optimization for continuous domains”. European Journal of Operational Research, vol. 185, no. 3, pp. 1155-1173, 2008.
[14] J. C. Bezdek. “Pattern Recognition with Fuzzy Objective Function Algorithms”. Springer, United States, 1981.
[15] L. C. Andrews. “Special Functions of Mathematics for Engineers”, 2021. Available from: https://www.books. and pg=pa110 and redir_ esc=y#v=onepage&q&f=false. [Last accessed on 2021 Jun 02].
[16] G. Kumar and K. Kumar. “Design of an evolutionary approach for intrusion detection”. The Scientific World Journal, vol. 2013, p. 962185, 2013.
[17] A. Kaur, S. K. Pal and A. P. Singh. “Hybridization of K-means and firefly algorithm for intrusion detection system”. International Journal of Systems Assurance Engineering and Management, vol. 9, no. 4, pp. 901-910, 2018.
[18] S. Soheily-Khah, P. F. Marteau and N. Bechet. “Intrusion detection in network systems through hybrid supervised and unsupervised machine learning process: A case study on the iscx dataset”. In: Proceedings-2018 1st International Conference on Data Intelligence and Security, ICDIS 2018, pp. 219-226, 2018.
[19] Q. M. Alzubi, M. Anbar, Z. N. M. Alqattan, M. A. Al-Betar and R. Abdullah. “Intrusion detection system based on a modified binary grey wolf optimisation”. Neural Computing and Applications, vol. 32, no. 10, pp. 6125-6137, 2020.
[20] C. Xu, J. Shen, X. Du and F. Zhang. “An intrusion detection system using a deep neural network with gated recurrent units”. IEEE Access, vol. 6, pp. 48697-48707, 2018.
[21] F. Jiang, Y. Fu, B. B. Gupta, F. Lou, S. Rho, F. Meng and Z. Tian. “Deep learning based multi-channel intelligent attack detection for data security”. IEEE Transactions on Sustainable Computing, vol. 5, no. 2, pp. 204-212, 2020.
[22] Y. Bengio, A. Courville and P. Vincent. “Representation learning: A review and new perspectives”. IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 35, no. 8, pp. 1798-1828, 2013.
[23] Y. Zeng, H. Gu, W. Wei and Y. Guo. “Deep-full-range: A deep learning based network encrypted traffic classification and intrusion detection framework”. IEEE Access, vol. 7, pp. 45182- 45190, 2019.
[24] A. Diro and N. Chilamkurti. “Leveraging LSTM networks for attack detection in fog-to-things communications”. IEEE Communications Magazine, vol. 56, no. 9, pp. 124-130, 2018.
[25] B. J. Radford, L. M. Apolonio, A. J. Trias and J. A. Simpson. “Network Traffic Anomaly Detection Using Recurrent Neural Networks”, 2018. Available from: [Last accessed on 2021 Jun 08].