Genetic programming support vector machine model for a wireless intrusion detection system

Abstract

Objectives. The rapid penetration of wireless communication technologies into the activities of both humans and Internet of Things (IoT) devices along with their widespread use by information consumers represents an epochal phenomenon. However, this is accompanied by the growing intensity of successful information attacks, involving the use of bot attacks via IoT, which, along with network attacks, has reached a critical level. Under such circumstances, there is an increasing need for new technological approaches to developing intrusion detection systems based on the latest achievements of artificial intelligence. The most important requirement for such a system consists in its operation on various unbalanced sets of attack data, which use different intrusion techniques. The synthesis of such an intrusion detection system is a difficult task due to the lack of universal methods for detecting technologically different attacks; moreover, the consistent application of known methods is unacceptably long. The aim of the present work is to eliminate such a scientific gap.Methods. Using the achievements of artificial intelligence in the fight against attacks, the authors proposed a method based on a combination of the genetic programming support vector machine (GPSVM) model using an unbalanced CICIDS2017 dataset.Results. The presented technological intrusion detection system architecture offers the possibility to train a dataset for detecting attacks on CICIDS2017 and extracting detection objects. The architecture provides for the separation of the dataset into verifiable and not verifiable elements, with the latter being added to the training set by feedback. By training the model and improving GPSVM training set, better accuracy is ensured. The operability of the new flowchart of the GPSVM model is demonstrated in terms of the entry of input data and output of data after processing using the training set of the GPSVM model. Numerical analysis based on the results of model experiments on selected quality indicators showed an increase in the accuracy of the results as compared to the known SVM method.Conclusions. Computer experiments have confirmed the methodological correctness of choosing a combination of the GPSVM model using an unbalanced CICIDS2017 dataset to increase the effectiveness of intrusion detection. A procedure for forming a training dataset based on feedback is proposed. The procedure involving the separation of datasets is shown to create conditions for improving the training of the model. The combination of the GPSVM model with an unbalanced CICIDS2017 dataset to collect a sample increases theaccuracy of intrusion detection to provide improved intrusion detection performance as compared to the SVM method.