Hybridization of K-Means and Firefly Algorithm for intrusion detection system

  • Arvinder Kaur
  • Saibal K. Pal
  • Amrit Pal SinghEmail author
Original Article


During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks. Indeed, it is difficult to provide secure information systems and to maintain them in a secure state during their lifetime. An IDS is a device or software application that monitors network or system activities for malicious task or policy violations and produces reports to a management station. A metaheuristic is a high-level problem independent algorithmic framework. These are problem-independent techniques and do not take advantage of any specificity of the problem. The main aim of meta-heuristic algorithms is to quickly find solution to a problem. This solution may not be the best of all possible solutions to the problem but still they stand valid as they do not require excessively long time to be solved. Firefly Algorithm is one of the new metaheuristic algorithms for optimization problems inspired by the flashing behavior of fireflies. In this work, a new algorithm for anomaly detection has been introduced which is a hybridization of K-Means and Firefly Algorithm. The algorithm uses clustering to build the training model and uses classification to evaluate on the test set. The subject algorithm is evaluated on the NSL-KDD dataset, which is quite impressive. Further, a comparison study has been performed between the newly developed algorithm with other clustering algorithms including K-Means + Cuckoo, K-Means + Bat, K-Means, K-Means++, Canopy and Farthest First. The results show that K-Means + Firefly and K-Means + Bat outperforms by a huge margin.


Firefly Algorithm K-Means NSL-KDD Intrusion detection system 


  1. Ambusaidi MA, He X, Nanda P, Tan Z (2016) Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans Comput 65(10):2986–2998MathSciNetCrossRefzbMATHGoogle Scholar
  2. Fister I, Yang XS, Brest J (2013) Modified firefly algorithm using quaternion representation. Expert Syst Appl 40(18):7220–7230CrossRefGoogle Scholar
  3. Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The WEKA data mining software: an update. ACM SIGKDD Explor Newsl 11(1):10–18CrossRefGoogle Scholar
  4. Kayacik HG, Zincir-Heywood AN, Heywood MI (2005). Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets. In: Proceedings of the third annual conference on privacy, security and trust, Oct 2005Google Scholar
  5. Kolias C, Kambourakis G, Maragoudakis M (2011) Swarm intelligence in intrusion detection: a survey. Comput Secur 30(8):625–642CrossRefGoogle Scholar
  6. Laftah Al-Yaseen W, Ali Othman Z, Ahmad Nazri MZ (2015) Hybrid modified-means with C4. 5 for intrusion detection systems in multiagent systems. Sci World J. doi: 10.1155/2015/294761 Google Scholar
  7. McHugh J (2000) Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Trans on Inf Syst Secur 3(4):262–294CrossRefGoogle Scholar
  8. Mukherjee S, Sharma N (2012) Intrusion detection using naive Bayes classifier with feature reduction. Procedia Technol 4:119–128CrossRefGoogle Scholar
  9. Pal SK, Rai CS, Singh AP (2012) Comparative study of firefly algorithm and particle swarm optimization for noisy non-linear optimization problems. Int J Intell Syst Appl 4(10):50Google Scholar
  10. Pan W, Li W (2005) A hybrid neural network approach to the classification of novel attacks for intrusion detection. In: International symposium on parallel and distributed processing and applications. Springer, Berlin, pp 564–575, Nov 2005Google Scholar
  11. Panda M, Patra M (2009) A novel classification via clustering method for anomaly based network intrusion detection system. Int J Recent Trends Eng 2(1):1–6Google Scholar
  12. Qin Y, Yang B, Xu G, Hou W (2007) Research on evolutionary immune mechanism in KDD. In: Proceedings of intelligent systems and knowledge engineering, pp 94–99Google Scholar
  13. Ravale U, Marathe N, Padiya P (2015) Feature selection based hybrid anomaly intrusion detection system using K means and RBF kernel function. Proc Comput Sci 45:428–435CrossRefGoogle Scholar
  14. Revathi S, Malathi A (2013) A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int J Eng Res Technol 2:1848–1853Google Scholar
  15. Song D, Heywood MI, Zincir-Heywood AN (2003) A linear genetic programming approach to intrusion detection. In: Genetic and evolutionary computation conference. Springer Berlin, pp 2325–2336, July 2003Google Scholar
  16. Song J, Zhu Z, Price C (2014) Feature grouping for intrusion detection system based on hierarchical clustering. In: Teufel S, Min TA, You I, Weippl E (eds) Availability, reliability, and security in information systems. CD-ARES 2014. Lecture Notes in Computer Science, vol 8708. Springer, Cham, pp 270–280, September 2014Google Scholar
  17. Stolfo SJ, Fan W, Lee W, Prodromidis A, Chan PK (2000) Cost-based modeling for fraud and intrusion detection: results from the JAM project. In: DARPA information survivability conference and exposition, 2000. DISCEX’00. Proceedings, vol 2. IEEE, pp 130–144Google Scholar
  18. Tan Z, Jamdagni A, He X, Nanda P, Liu RP, Hu J (2015) Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans Comp 64(9):2519–2533MathSciNetCrossRefzbMATHGoogle Scholar
  19. Tang R, Fong S, Yang XS, Deb S (2012) Integrating nature-inspired optimization algorithms to K-means clustering. In: Seventh international conference on digital information management (ICDIM), pp 116–123. IEEE, Aug 2012Google Scholar
  20. Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: IEEE symposium on computational intelligence for security and defense applications, 2009. CISDA 2009. IEEE, pp 1–6, July 2009Google Scholar
  21. Wang Q, Megalooikonomou V (2005). A clustering algorithm for intrusion detection. In: Defense and security. International Society for Optics and Photonics, pp 31–38, Mar 2005Google Scholar
  22. Yang XS (2010) Firefly algorithm, Levy flights and global optimization. In: Research and development in intelligent systems, XXVI. Springer, London, pp 209–218Google Scholar
  23. Yang XS, He X (2013) Firefly algorithm: recent advances and applications. Int J Swarm Intell 1(1):36–50CrossRefGoogle Scholar
  24. Zhong S, Khoshgoftaar TM, Seliya N (2007) Clustering-based network intrusion detection. Int J Reliab Qual Saf Eng 14(02):169–187CrossRefGoogle Scholar

Copyright information

© The Society for Reliability Engineering, Quality and Operations Management (SREQOM), India and The Division of Operation and Maintenance, Lulea University of Technology, Sweden 2017

Authors and Affiliations

  • Arvinder Kaur
    • 1
  • Saibal K. Pal
    • 2
  • Amrit Pal Singh
    • 1
    Email author
  1. 1.USICTGGSIPUNew DelhiIndia
  2. 2.SAGDRDONew DelhiIndia

Personalised recommendations