An Enhanced Bat Echolocation Approach for Security Audit Trails Analysis Using Manhattan Distance

  • Wassila GuendouziEmail author
  • Abdelmadjid Boukra
Part of the Operations Research/Computer Science Interfaces Series book series (ORCS, volume 62)


Security Audit Trail Analysis problem consists in detecting predefined attack scenarios in the audit trails. Each attack scenario is defined by a number of occurrences of auditable events. This problem is classified as an NP-Hard combinatorial optimization problem. In this paper, we propose to use the Bat echolocation approach to solve such problem. The proposed approach named an Enhanced Binary Bat Algorithm (EBBA) is an improvement of Bat Algorithm (BA). The fitness function is defined as the global attacks risks. In order to improve , the fitness function is combined with the Manhattan distance measure. Thus, intrusion detection process is guided, on one hand, by the fitness function that aims to maximize the global attacks risks and, on the other hand, by the Manhattan distance that attempts to reduce false Positives and false negatives. The best solution retained has the smallest Manhattan distance. Experiments show that the use of the Manhattan distance improves substantially the intrusion detection quality. The comparative study proves the effectiveness of the proposed approach to make correct prediction.


Intrusion detection Security audit trail analysis Combinatorial optimization problem NP-Hard Manhattan distance Metaheuristics Bat algorithm 


  1. 1.
    A. Abraham, C. Grosan, Evolving intrusion detection systems, in Genetic Systems Programming, ed. by N. Nedjah, L. Mourelle, A. Abraham. Studies in Computational Intelligence, vol. 13 (Springer, Berlin/Heidelberg, 2006)Google Scholar
  2. 2.
    J. Cannady, Artificial neural networks for misuse detection, in Proceedings of the 98 National Information Systems Security Conference (NISSC’98) (Virginia Press, Arlington, 1998), pp. 443–456Google Scholar
  3. 3.
    M. Daoudi, Security audit trail analysis using harmony search algorithm, in Proceeding of the Eighth International Conference on Systems (ICONS), Seville, 2013Google Scholar
  4. 4.
    M. Daoudi, M. Ahmed-Nacer, An intrusion detection approach using an adaptative parameter-free algorithm, in Proceeding of the Ninth International Conference on Systems (ICONS), Nice (2014), pp. 178–184Google Scholar
  5. 5.
    M. Daoudi, A. Boukra, M. Ahmed-Nacer, Security audit trail analysis with biogeography based optimization metaheuristic, in Proceedings of the International Conference on Informatics Engineering & Information Science: ICIES, ICIEIS 2011, Part II, CCIS 252, ed. by A. Abd Manaf et al. (Springer, Berlin/Heidelberg, 2011), pp. 218–227CrossRefGoogle Scholar
  6. 6.
    M. Dass, Lids: a learning intrusion detection system. Master of Science, The University of Georgia, Athens, Georgia, 2003Google Scholar
  7. 7.
    A. Diaz-Gomez, D.F. Hougen, A genetic algorithm approach for doing misuse detection in audit trail files, in CIC 06 Proceeding of the 15th International Conference on Computing (CIC) (IEEE Computer Society, Washington, DC, 2006), pp. 329–335Google Scholar
  8. 8.
    Y. Haidong, G. Jianhua, D. Feiqi, Collaborative rfid intrusion detection with an artificial immune system. J. Intell. Inf. Syst. 36(1), 1–26 (2010)Google Scholar
  9. 9.
    C. Kolias, G. Kambourakis, M. Maragoudakis, Swarm intelligence in intrusion detection: A survey. Comput. Secur. 30(8), 625–642 (2011)Google Scholar
  10. 10.
    W. Lee, J. Salvatore, K. Mok, Mining audit data to build intrusion detection models, in Proceedings of the 4th International Conference on Knowledge Discovery and Data Mining, New York (1998), pp. 66–72Google Scholar
  11. 11.
    P.G. Majeed, S. Kumar, Genetic algorithms in intrusion detection systems: a survey. Int. J. Innov. Appl. Stud. 5(3), 233–240 (2014)Google Scholar
  12. 12.
    L. Mé, Audit de sécurité par algorithmes génétiques. Ph.D. thesis, Institut de Formation Supérieure en Informatique et de Communication de Rennes, 1994Google Scholar
  13. 13.
    S. Mirjalili, S.M. Mirjalili, X.S. Yang, Binary bat algorithm. Neural Comput. Appl. 25(3), 663–681 (2013)Google Scholar
  14. 14.
    A. Sanjay, R.K. Gupta, Intrusion detection system: a review. Int. J. Secur. Appl. 9(5), 69–76 (2015)Google Scholar
  15. 15.
    E. Tombini, Amélioration du diagnostic en détection díntrusions: etude et application dúne combinaison de méthodes comportementale et par scénarios. Ph.D. thesis, Institut National des Sciences Appliquées de Rennes, 2006Google Scholar
  16. 16.
    D.P. Vinchurkar, A. Reshamwala, A review of intrusion detection system using neural network and machine learning technique. Int. J. Eng. Sci. Innov. Technol. 1(2), 54–63 (2012)Google Scholar
  17. 17.
    B. Xu, A. Zhang, Application of support vector clustering algorithm to network intrusion detection, in Proceedings of the International Conference on Neural Networks and Brain ICNN & B’05, Beijing, vol. 2 (2005), pp. 1036–1040Google Scholar
  18. 18.
    X.S. Yang, A new metaheuristic bat-inspired algorithm, in Nature Inspired Cooperative Strategies for Optimization (NICSO 2010), ed. by J.R. Gonzalez, et al. vol. 284 (Springer, Berlin/Heidelberg, 2010), pp. 65–74Google Scholar
  19. 19.
    X.S. Yang, Bat algorithm for multi-objective optimisation. Int. J. Bio-Inspired Comput. 3(5), 267–274 (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.Faculty of Electronics and Computer Science Laboratory LSIUSTHB BP 32 16111 El AliaBab-Ezzouar AlgiersAlgeria

Personalised recommendations