An Efficient Intrusion Detection System Using Improved Bias Based Convolutional Neural Network Classifier

Today’s modern society has faced many challenges due to the rapid digitization and growing number of hackers, which makes the networking-based systems to become a target place for intruders. The attacks may allure the users, and it compromised the whole system and makes the security the biggest challenge. In this regard, the best way to combat the issues is by exploring new ways to defend the network against threats. More recently, Intrusion Detection Systems (IDS) is a key enabling technology in maintaining the novel network security. Indeed, some existing systems utilize Improved Relevance Vector Machine (IVRM) classifier for performing intrusion detection in network-based systems. In this work, feature selection is done by using Gaussian Firefly Algorithm and Improved Relevance Vector Machine (IRVM) based classification is performed according to the selected features. However, for large-scale intrusion dataset, the intrusion detection is not robust; hence, it leads to high attack rates. The proposed system designed an Improved Bias based Convolutional Neural Network (ICNN) for high attack intrusion detection. For embracing high-security factors and enhanced protection, the proposed system performs three phases, such as preprocessing, feature selection, and classification. The first phase employs the KDD dataset and Kalman filtering method followed by feature selection utilizes Inertia Weight based Dragonfly Algorithm (IWDA) and finally identified the intrusion attacks using Improved Bias based Convolutional Neural Network (IBCNN) classifier. In this work, a novel model performed with the KDD dataset. The suggested method evaluated in terms of accuracy, f-measure, recall, and precision for examining performance compared with existing systems.

For performing the elimination of duplicate and extraneous traits from the datasets, feature selection is a widely accepted technique in many systems. It selects the most optimal subsets from the massive data and hence provides the enhanced characterization of patterns. More often, filter and wrapper methods are the techniques that are performed in feature selection [10]. In filter methods, the independent measure is chosen as a criterion in order to estimate the association of the features. Typically, information, distance, and consistency are considered as independent measures. Contrastingly, in wrapper methods, the value of the features has been evaluated by employing learning algorithms. Due to the intensive nature of the data, wrapper methods are the most acceptable feature selection method as it has the capability of dealing with massive data sets. Consecutively for dimensionality reduction, metaheuristic algorithms such as Ant Colony Optimization (ACO), Particle Swarm Optimization (PSO) and Genetic Programming (GP) are used in computationally intensive applications. Metaheuristics are now accepted as the preferable measure since they perform better by utilizing a reduced number of computational resources.
At present, the data mining techniques such as Decision Tree, Naïve Bayes (NB), Neural network, and Support Vector Machines (SVM) [11] are employed for modeling classification in IDS. Though the data mining techniques often used in some IDS, issues such as false-positive rates and data redundancy still been a challenge. It also possesses a dilemma in detection rates and thus yields apocryphal values. The critical factor of IDS is the adaptability in high-speed networks while handling large scales of data in a reduced time. Since the IDS are not robust, and the difficulty persists in data-intensive applications, which paves the way for the intruders to enter in. Hence the proposed system investigates preprocessing and feature selection so as to enhance the accuracy rates of classification performed in IDS. The proposed system is classified into three phases. a) Preprocessing b) feature selection and c) classification. Also, for the better replacement of missing values Kalman filtering algorithm is applied in KDD dataset. Followed by preprocessing, Inertia Weight based Dragonfly Algorithm (IWDA) is used for performing feature selection. In this phase, accuracy is obtained by generating objective function for getting optimal solutions. Finally, for performing better classification, Improved Bias based Convolutional Neural Network (IBCNN) is applied.

2.Literature Review
Several researches have been done in investigating IDS in terms of security and privacy. Since the intrusion in some systems poses serious implications such as tampering of data and acquiring secret information across the trusted network. Some of the techniques and methodologies suggested to thwart from such issues are mentioned in this section.
In [12], Intelligent Water Drops (IWD)-based feature selection is proposed for IDS for maintaining accuracy of the system. It focuses on optimizing the feature selection by employing novel classifiers. This method generally uses a bio inspired algorithm that are combined with SVM classifier for the assessment of the selected traits. Consequently, the optimization is attained at a better level by performing several numbers of rounds. The authors have tested the values from KD CUP'99 dataset and the performance are analyzed with existing systems. The obtained results shown that the suggested method outperforms the recent models in terms of intended detection rate, false alarm rate and accuracy.
Followed by [12], Kuang et al. [14] put forth and IDS model which combines Chaotic Particle Swarm Optimization (ICPSO) and Kernel Principal Component Analysis (KPCA) to ameliorate the performance of support vector machines. In this method, KPCA performed for reducing the training time and dimension reduction. On the other hand, ICPSO used for the optimization of tube size, kernel parameters, and punishment factors. The overall system is intended for chaos optimization and premature processing. It further divides the training dataset into ten samples, which further yields a 96% detection rate and 1% of false alarm rate. Since this method offers some diversified features, the challenges due to the handling of seamless data sets remain challenging.

Research Article
Vol. 12 No.6 (2021), [2468][2469][2470][2471][2472][2473][2474][2475][2476][2477][2478][2479][2480][2481][2482] To overcome the disadvantages, Ingre et al. [15] examine the NSL-KDD with the Decision Tree-Based Intrusion Detection System. It models a Correlation Feature Selection (CFS) subset evaluation for performing feature selection. Further, it enhances the IDS performance by feature selection. To analyze the performance of the suggested venture, feature selection is carried out before and after the classification. Here two types of classification are performed, namely five class classification for normal and types of attack and binary class classification for normal and attack. The values that are obtained from the proposed method is further analyzed for high DR and accuracy by comparing it with the existing techniques. The simulation has shown that the binary class classification outperforms five-class classification. Though the system performs high-class classification, it possesses disadvantages due to the increasing number of new threats.
To address the above challenges, Zhao et al. [16] proposed an effectual 2 stage method to distinguish the intrusions in the network. It propagates the pool of solutions that are non-dominating and optimal; in turn, the ensembles are used for detecting the intrusions effectively. Additionally, it creates Pareto optimal solutions to express the chromosome structure at stage one with pareto front. Likewise, in the second stage to obtain auxiliary ensembles, another kind of nearness to the Pareto front is made. Consecutively, the voting approach is equipped for computing the prediction ensembles from self-predictions. Moreover, finally, the validation is done by using the benchmark NSL-KDD dataset. The obtained values from the simulation have clearly shown that the suggested method shows better performance when compared to the other existing systems. They have formulated the classification measure to handle the generation of optimal solutions to improve the detection accuracy while acting upon majority and minority threats. The simulation results have shown 97% detection accuracy and a 2% falsepositive rate for KDD.
Though the 2 stage method paves the way for high prediction, the methods to detect the intrusions in the network-based systems is still sparse. Hence, Chandrasekhar et al. [17] have designed a model comprises of 4 steps in which the k-means clustering serves for generating diversified training subsets which depend on the acquired subset. Here, several neuro-fuzzy data models are trained to get optimal datasets. Followed by the clustering, vectors of the respective values have been acquired using SVM classification. At last, to detect the intrusions, radial SVM is adapted. The experimental results have shown that the proposed system possesses better applicability and ability when compared to BP, multiclass SVM, and decision trees.
Later, Kim et al. [18] utilized KDD Cup 99 datasets to design AI-based IDS exploiting Deep Neural Networks. This model assists the system in combating the growing network attacks. Initially, data preprocessing is done using data transformation and normalization for the input values obtained from the DNN model. Then the DNN algorithm applied to get the learning model through preprocessing and the KDD Cup 99 dataset used for the verification, respectively. Lastly, simulation using the latest models performed to analyze the detection and false alarm rate, and hence the detection efficacy ascertained. Thus, it paved the way for a better understanding of the novel way of performing intrusion detection.
Followed by Kim et al.,in [19], a unique way of optimization of kernel parameters achieved through the combination of Principal Component Analysis and Support Vector Machines. It formally diminishes the training and testing time. Hence the accuracy is improved while performing identification of intrusions. It further tested on the KDD dataset. Moreover, by considering the minority attacks(U2R, R2L), the KDD datasets are further split into training and testing to predict the occurrence of future attacks.
In [20], a novel method for network-based IDS proposed by Belouch in which 2 stage classifier and a RepTree algorithm suggested. This method initially takes the input from UNSW-NB15 and the NSL-KDD data set. In the initial stage, the model splits the network traffic into TCP, UDP, and the rest of the other protocols. Further, it classifies the data for standard and anomaly. Consecutively, in the second stage, accurate intervention is chosen by employing a multiclass algorithm. It effectively classifies the anomaly detected in the initial phase. The features are further reduced to less than 20 features as per the design of the protocol by employing the feature selection techniques. The simulation results have revealed that the detection accuracy was estimated from 88%, 95%, and 89% 85% for a complete UNSW-NB15 and NSL-KDD dataset.

Research Article
Vol.12 No.6 (2021), 2468-2482 Later Ambusaidi et al. [21] proposed an enhanced method for selecting the optimal features required for classification analytically. The author has presented an information-based algorithm to handle linear and non-linear data features. In this way of feature selection, the effectiveness then evaluated for network-based IDS. Furthermore, Least Square Support Vector Machine based Intrusion Detection System is modeled by utilizing the features that are obtained through selection algorithms. Additionally, the performance of the system was analyzed for various parameters such as error rate and time efficiency. The simulation is done using the data taken from KDD Cup 99, NSL-KDD, and Kyoto 2006+. The results obtained have shown better performance compared to existing systems.
In [22], the authors have presented a novel approach for the effective classification of intrusion attacks. They have formulated Alternating Decision Trees (ADT) to the data obtained from the intrusions. Also, it has been extended to the further classification of the several types of attacks. Specifically, ADT is a fascinating approach that utilizes the decision trees intended for binary classification problems. Also, it is widely accepted as a supervised boosting algorithm. The authors have utilized the NSL-KDD data sets for further analysis. They have obtained an accuracy ranges from 97.15 to 97.61% in the case of DOS, Probe, U2R, and R2L.

Proposed methodology
In this proposed research work, Improved Bias based Convolutional Neural Network is introduced for IDS. The designed system comprises of (i) Preprocessing

Input datasets
The KDD dataset is used for exploring testing and training the input samples. This dataset is provided by UCIKDDArchive(1999). Generally, KDD is widely accepted dataset for its trustworthiness and benchmarking. This assist in assessing the intrusion detection systems. MATLAB simulation is used here for evaluating the KDD

Preprocessing
In our proposed system Kalman filtering is used for data preprocessing to remove the noisy data for further process. The KDD dataset usually consists of numerals and categorical values. In some cases, the tuple values may get missed due to some external values. Hence the proposed Kalman filtering mainly used for handling and processing the missing values to avoid ambiguous results.
Usually deriving the equation and calculating the covariance error are the means of discovering the missing values in the KDD dataset. Thus, the unambiguity can be reduced at a considerable rate and thereby classification accuracy can be ascertained.Also, Kalman filtering paves way for finding out and projecting the lost data.Moreover, prediction is done for the data while updating the coefficient approximation of the Kalmanfilterby taking lose of data into account. Meanwhile, the mean value of the data is also getting updated with the lost data.  The finest estimated location of the train is determined by the combination of prediction and measurement data. Furthermore, the missing values are filled by the foreseen values that are present in the KDD dataset. Thus, the proposed system offers a finest recovery mechanism for the intrusion data by adopting the proposed Kalman Filter techniques.

Feature selection
In this section, feature selection is performed by exploiting the data set which gets preprocessed in the initial stage.Subsequently, Inertia Weight based Dragonfly Algorithm (IWDA) algorithm for accomplishing feature selection. The attribute selection or feature selection then facilitating the swarm behavior of dragon fly individuals by employing the Dragonfly Algorithm (DA). Since, DA is a metaheuristic optimization algorithm, it initiates the optimization with the clique of solutions that are obtained randomly. This often resembles most of the SI based optimization algorithms. According to that, the DA initialize the process by creating a random number of solutions for a given optimal problem. More specifically, the performance of DA is influenced by the dragon Where ( , ) is the location of i th feature plotted for every i th iteration , ( , ) denotes the location of j th feature that are obtained for very t th iteration; N is the number of adjoining features ; and ( , ) is the separation motion of the feature i for the iteration t. Furthermore, the alignment function is expressed below. Here ( , ) ) is the velocity of the neighboring feature j for the iteration t followed by ( , ) which denotes the alignment motion of the featureifortheiteration t. Additionally, cohesion motion is expressed as

Classification
After the feature selection is performed, the obtained margins are tending to posed for the classification by using the proposed Improved Bias based Convolutional Neural Network (IBCNN). One such distinct deep network is the Convolutional Neural Network which handles the umpteen hidden layers intended for convolution and sub sampling so as to get the ascending values of features that are obtained from the input dataset.
More specifically CNN comprising of 3 layers: (i) convolutional layer (ii) subsampling layer (iii) abundant connection layer [23]. The CNN mainly includes the input layer to initialize the input , output layer to get the output and hidden layer to get accuracy as shown in figure 2. The proposed Improved Bias based Convolutional Neural Network (IBCNN) efficiently classifies the maximum likelihood of attack patterns and extracts the relevant vectors. Furthermore, the values that poses biasing are getting optimized to yield the better values.

Convolution layer
In the convolutional layer, the chosen optimal features are assumed as the input followed by the kernel convolutions. Here ever block of the matrix is convoluted without dependent on the adjacent attributes to generate  .6 (2021), 2468-2482 the output. The final outcome of the convolution is further used for the generation of the output. More often, the kernel is expressed as the filter and the corresponding output is obtained by the kernels and the attribute maps of the size i*i.
The proposed CNN can accomplish umpteen number of hidden layers and the input, output of the succeeding layer are the attributes as per concerned. Also, it contains several number of n filters for every convolutional layer. Further the filters are getting convoluted with the obtained inputs and the maps(n*) that are obtained from the prior process is same as the no.of filters that are formulated in the operation.
( ) is the generated output of the layer l that is formulated below.
The kernel generates attribute map. After the convolution layer, the activation function can be applied for nonlinear transformation of the outputs of the convolutional layer: ( ) denotes the activation function and is considered as the received input.
The proposed system yields the value RELUs that can be expressed as ( ) = max (0, ). The function stated is widely used in the most advanced deep learning methods. It mainly helps in minimizing the synergy and multidimensional results. In the cases of receiving the input as negative, the RELU directly replaces the value of the output as 0. And, it yields the positive value if the input values received are same. The important feature of the activation function is its rapid training feature in the cases of error derivative and it comes to the lower value and gets saturated leads to the vanishing of weighted update and it is termed as vanishing gradient problem.

Sub sampling Layer
The convolution layer is succeeded by the sub sampling layer. The main function of the sub sampling layer is the dimensionality-reduction that are spatially distributed in which the attribute maps are generated by the preceding convolutional layer. To attain the values the masking of b*b is taken and the sub sampling is performed for the mask and maps = ( down ( −1 ) + ) (12) Where, down (·) speaks to a sub-examining capacity. Regularly, this capacity will total over each particular n-by-n qualities in the information dataset with the goal that the yield is n-times littler along both spatial measurements. Each yield map is given its own multiplicative inclination β and an added substance predisposition b. The output layer uses Softmax activation function: where are the weight value of the attributes that should be tuned by the complete fully connected layer in order to form the representation of each class and f is the transfer function which represents the nonlinearity. The proposed system classifies the input attributes into fourtypes of attack such as DOS, R2L, U2R and probe.

Experimental results
KDD dataset is used for exploring testing and training the input samples. This dataset is provided by UCIKDD Archive (1999). Generally, KDD is widely accepted dataset for its trustworthiness and benchmarking. This assist in assessing the intrusion detection systems. MATLAB simulation is used here for evaluating the KDD dataset. The characteristics of our proposed setup are: (i) 41 features (ii) 9 absolute features (iii) 32 consecutive extracts.

TABLE 2. CONFUSION MATRIX FOR SECURITY ATTACK CLASSIFICATION
The performance of the proposed IBCNN with IWDA approach is compared with the existing IRVM with GFA approach in terms of accuracy, precision, recall, f-measure and time complexity.

Accuracy
The accuracy is computed as like : Accuracy = T p + T n (T p + T n + F p + F n ) (

Precision
It is the measure of the total number of positive samples that are presumed to be positive that are gathered from the positive samples. Specifically, the values are selected for the false positive and true positive.

Recall
It is the measure assessed for predicting the positive instances from the dataset of positive instances already trained. It relies on the True positive rate and the detection rate.

F-measure
F-measure computes the accuracy of the system by taking recall r and precision f

Time complexity
It takes the amount of time to classify the attacks in the KDD dataset with improved CNN By plotting the experimental values of IBCNN and IWDA approach, it is evident that the proposed system outperforms the existing system for the factors such as accuracy and precision as shown above (figure 3). As stated in above sections, the optimal features that are obtained by IBCNN improves the detection and accuracy rate. The performance results are examined for IBCNN and IWDA , in which the proposed model yields 97.7% accuracy and existing model yields 97% accuracy. Moreover, the precision of IBCNN is 95% and IRVM is 91.4%

Figure 4: Recall and F-measure comparison
The Figure 4 depicts that the proposed system shows better enhancement with recall and f-measure values when compared with the IWDA approach. In IBCNN the values of the bias are optimized to get the better recall values. The experimental results revealed that the proposed system gives 78% of the recall accuracy as the IRVM produces only 75%. Additionally, the f-measure of proposed system is 91.4% whereas the IRVM yields 89.2% The above graph (figure 6) reveals that the propose system outperforms the existing methods by producing good f-measure. It is evident that the proposed IBCNN gives reduced time complexity of 6.27s when compared to the IRVM with 8.75s

Conclusion and Future Work
The proposed Improved Bias based Convolutional Neural Network (IBCNN) model efficiently performs the enhanced IDS. Also, the proposed model facilitated the selection of optimal features that are obtained preprocessed information using Inertia Weight based Dragonfly Algorithm. Moreover, Kalman filtering is adopted for preprocessing the raw data. The suggested system utilizes the selected features for performing the effective IDS. The classification is then performed by the Improved Bias based Convolutional Neural Network (IBCNN) on the selected attributes. Since, the proposed model exploits the KDD dataset for effective classification. The simulation results have shown that the proposed system produces the better performance when compared with the existing systems in terms of recall, f-measure, accuracy and precision. Despite of the advantages, the combat measures for tackling the attacks with signature and buffer overflow needs addressing. Hence, enhanced deep learning have to be put forth to overcome the issues and challenges faced in the existing researches.