A Modified Grey Wolf Optimization Algorithm for an Intrusion Detection System

Cyber-attacks and unauthorized application usage have increased due to the extensive use of Internet services and applications over computer networks, posing a threat to the service’s availability and consumers’ privacy. A network Intrusion Detection System (IDS) aims to detect aberrant traffic behavior that firewalls cannot detect. In IDSs, dimension reduction using the feature selection strategy has been shown to be more efficient. By reducing the data dimension and eliminating irrelevant and noisy data, several bio-inspired algorithms have been employed to improve the performance of an IDS. This paper discusses a modified bio-inspired algorithm, which is the Grey Wolf Optimization algorithm (GWO), that enhances the efficacy of the IDS in detecting both normal and anomalous traffic in the network. The main improvements cover the smart initialization phase that combines the filter and wrapper approaches to ensure that the informative features will be included in early iterations. In addition, we adopted a high-speed classification method, the Extreme Learning Machine (ELM), and used the modified GWO to tune the ELM’s parameters. The proposed technique was tested against various meta-heuristic algorithms using the UNSWNB-15 dataset. Because the generic attack is the most common attack type in the dataset, the primary goal of this paper was to detect generic attacks in network traffic. The proposed model outperformed other methods in minimizing the crossover error rate and false positive rate to less than 30%. Furthermore, it obtained the best results with 81%, 78%, and 84% for the accuracy, F1-score, and G-mean measures, respectively.