Intrusion Detection in Computer Networks Through Combining Particle Swarm Optimization and Decision Tree Algorithms

Nowadays, network-based computer systems have an essential role in modern society and therefore can be targeted by enemies or intruders. To provide complete security in a computer system that is connected to the network, the use of firewalls and other intrusion prevention mechanisms is not always enough, and it is necessary to use other systems called intrusion detection systems. This type of system detects and notifies the user if an intruder passes through the firewall and antivirus and enters the system. Data mining techniques and methods are used to improve the function of these types of systems and to correctly detect intrusions. Due to a large number of features in the intrusion detection data, in this study, a subset of desired features was first selected by using a combination of graph-based clustering algorithm and Particle Swarm Optimization (PSO). Then, to classify the data and to detect intrusion, a model using the standard decision tree data mining technique is shown. The implementation of the proposed method is evaluated by using the NSL-KDD database, which has more realistic records than other intrusion detection data. The results of the experiments show a high functionality of the proposed method.