Optimizing an IDS (Intrusion Detection System) by Means of Advanced Metaheuristics

Intrusion Detection Systems (IDSs) are a primary research area in Cybersecurity nowadays. These are programs or methods designed to monitor and analyze network traffic aiming to identify suspicious patterns/attacks. MSNM (Multivariate Statistical Network Monitoring) is a state-of-the-art algorithm capable of detecting various security threats in real network traffic data with high performance. However, semi-supervised MSNM heavily relies on a set of weights, whose values are usually determined using a relatively simple optimization algorithm. This work proposes the application of various Evolutionary Algorithm approaches to optimize this set of variables and improve the performance of MSNM against four types of attacks using the UGR'16 dataset (includes real network traffic flows). Furthermore, we analyzed the performance of a Particle Swarm Optimization approach and a Simulated Annealing algorithm, as a baseline. The results obtained are very promising and show that EAs are a great tool for enhancing the performance of this IDS.