A crossover-integrated Marine Predator Algorithm for feature selection in intrusion detection systems within IoT environments

IF 6 3区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Internet of Things Pub Date : 2025-02-15 DOI:10.1016/j.iot.2025.101536

Sharif Naser Makhadmeh , Salam Fraihat , Mohammed Awad , Yousef Sanjalawe , Mohammed Azmi Al-Betar , Mohammed A. Awadallah

{"title":"A crossover-integrated Marine Predator Algorithm for feature selection in intrusion detection systems within IoT environments","authors":"Sharif Naser Makhadmeh , Salam Fraihat , Mohammed Awad , Yousef Sanjalawe , Mohammed Azmi Al-Betar , Mohammed A. Awadallah","doi":"10.1016/j.iot.2025.101536","DOIUrl":null,"url":null,"abstract":"<div><div>In recent times, there has been a significant rise in cyberattacks targeting the Internet of Things (IoT) and cyberspace in general. Detecting intrusions in a time series environment is a critical challenge for Network Intrusion Detection Systems (NIDS). Building an effective NIDS requires carefully establishing an efficient model, with machine learning (ML) playing a prominent role. The performance of ML models depends on selecting the most informative feature subset. Recently, metaheuristic (MH) optimization methods have been effective in identifying these key features. However, standard MH methods require adjustment to incorporate NIDS-specific knowledge for optimal results, improving both MH performance and ML accuracy. This paper introduces a novel NIDS framework based on three key phases: preprocessing, optimization, and generalization. In the preprocessing phase, several datasets undergo cleaning and under-sampling. In the optimization phase, an enhanced version of the Marine Predators Algorithm (MPA) is proposed, utilizing the crossover operator to identify the most relevant features. The proposed method is called MPAC. The crossover operator is utilized to boost the exploitation capabilities of the MPA and find the optimal local solution for the NIDS. Finally, the selected features are applied to the NIDS. Eight different datasets are employed for examination and evaluation using different evaluation measurements to assess the effectiveness of the proposed NIDS. The experimental evaluation is organized into three phases: evaluating the proposed crossover modification by applying it to five algorithms and comparing results to the originals, comparing the results of the proposed algorithms to prove the robust performance of the MPAC, and comparing the results obtained by the MPAC with the stat-of-the-arts. The proposed MPAC confirmed its demonstration and high performance in detecting network attacks, wherein in the first evaluation phase, the proposed approach obtained better results in almost 90% of the comparisons. In the second comparison phase, the proposed MPAC achieved better results in six datasets out of eight, and in the last phase, the MPAC outperforms all compared methods.</div></div>","PeriodicalId":29968,"journal":{"name":"Internet of Things","volume":"31 ","pages":"Article 101536"},"PeriodicalIF":6.0000,"publicationDate":"2025-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Internet of Things","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2542660525000496","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

In recent times, there has been a significant rise in cyberattacks targeting the Internet of Things (IoT) and cyberspace in general. Detecting intrusions in a time series environment is a critical challenge for Network Intrusion Detection Systems (NIDS). Building an effective NIDS requires carefully establishing an efficient model, with machine learning (ML) playing a prominent role. The performance of ML models depends on selecting the most informative feature subset. Recently, metaheuristic (MH) optimization methods have been effective in identifying these key features. However, standard MH methods require adjustment to incorporate NIDS-specific knowledge for optimal results, improving both MH performance and ML accuracy. This paper introduces a novel NIDS framework based on three key phases: preprocessing, optimization, and generalization. In the preprocessing phase, several datasets undergo cleaning and under-sampling. In the optimization phase, an enhanced version of the Marine Predators Algorithm (MPA) is proposed, utilizing the crossover operator to identify the most relevant features. The proposed method is called MPAC. The crossover operator is utilized to boost the exploitation capabilities of the MPA and find the optimal local solution for the NIDS. Finally, the selected features are applied to the NIDS. Eight different datasets are employed for examination and evaluation using different evaluation measurements to assess the effectiveness of the proposed NIDS. The experimental evaluation is organized into three phases: evaluating the proposed crossover modification by applying it to five algorithms and comparing results to the originals, comparing the results of the proposed algorithms to prove the robust performance of the MPAC, and comparing the results obtained by the MPAC with the stat-of-the-arts. The proposed MPAC confirmed its demonstration and high performance in detecting network attacks, wherein in the first evaluation phase, the proposed approach obtained better results in almost 90% of the comparisons. In the second comparison phase, the proposed MPAC achieved better results in six datasets out of eight, and in the last phase, the MPAC outperforms all compared methods.

查看原文本刊更多论文

物联网环境下入侵检测系统特征选择的交叉集成海洋捕食者算法

近年来，针对物联网和网络空间的网络攻击明显增加。在时间序列环境中检测入侵是网络入侵检测系统（NIDS）面临的一个关键挑战。构建一个有效的网络入侵防御需要仔细建立一个高效的模型，其中机器学习（ML）发挥着突出的作用。机器学习模型的性能取决于选择信息量最大的特征子集。最近，元启发式（MH）优化方法在识别这些关键特征方面很有效。然而，标准的MH方法需要调整，以纳入nids特定的知识，以获得最佳结果，提高MH性能和ML准确性。本文介绍了一种基于预处理、优化和泛化三个关键阶段的新型NIDS框架。在预处理阶段，几个数据集进行清洗和欠采样。在优化阶段，提出了海洋掠食者算法（MPA）的增强版本，利用交叉算子识别最相关的特征。该方法被称为MPAC。交叉操作器用于提高MPA的开发能力，并为NIDS找到最优的局部解决方案。最后，将选择的特征应用到NIDS中。采用8个不同的数据集进行检查和评估，使用不同的评估测量来评估拟议的NIDS的有效性。实验评估分为三个阶段：通过将所提出的交叉修正算法应用于五种算法并将结果与原始算法进行比较来评估所提出的交叉修正算法；将所提出算法的结果进行比较以证明所提出算法的鲁棒性；将所得到的结果与最先进的结果进行比较。所提出的MPAC在检测网络攻击方面证实了它的可验证性和高性能，其中在第一个评估阶段，所提出的方法在近90%的比较中获得了更好的结果。在第二阶段的比较中，提出的MPAC在8个数据集中的6个数据集上取得了更好的结果，在最后阶段，MPAC优于所有比较方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Internet of Things Multiple-

CiteScore

3.60

自引率

5.10%

发文量

115

审稿时长

37 days

期刊介绍： Internet of Things; Engineering Cyber Physical Human Systems is a comprehensive journal encouraging cross collaboration between researchers, engineers and practitioners in the field of IoT & Cyber Physical Human Systems. The journal offers a unique platform to exchange scientific information on the entire breadth of technology, science, and societal applications of the IoT. The journal will place a high priority on timely publication, and provide a home for high quality. Furthermore, IOT is interested in publishing topical Special Issues on any aspect of IOT.