A hybrid genetic algorithm for network intrusion detection

Featurel selection is common in prediction tasks because it helps in reducing computation time as well as dimensionality of the data. A hybrid filter wrapper approach has been presented in this paper to detect network intrusion attacks using the genetic algorithm. The genetic algorithm is a popular search algorithm with wide applications in optimization problems like the TSP problem. One of the biggest advantages of the genetic algorithm is its continuous evolution towards better solutions. However, it does take a greedy approach, evaluating its strength against a fitness function, making it vulnerable to local optima. A certain amount of randomness at each generation can help us overcome this problem. In Network Intrusion Detection systems, the number of attacks is sometimes far less than the false alarm rate, causing the real attacks to be ignored. To overcome this problem, we propose an objective function which not only rewards higher score for higher accuracy, but also heavily penalizes false positives. Features are initially selected based on information gain and each feature is weighted differently based on domain knowledge, and then the selected subset of features is scored based on accuracy with higher penalty for false positives. In addition, crossover and mutation is carried out to allow for sufficient randomness in feature selection and avoid overfitting. Sample experimentation on the UNSW-NB15 dataset show that our approach performs much better compared to traditional methods and other state-of-the-art intrusion detection classification algorithms.