An Adaptive Hybrid Intrusion Detection Framework Using GoogleNet, Gradient Boosting, SVM, and Ant Colony Optimization for DDoS and Botnet Attack Detection

With the growth of cloud computing, Internet-of-Things (IoT) and distributed network architectures, myriad distributed cyberattacks including Distributed Denial-of-Service (DDoS) and Intrusion via Botnets have been given a turbocharge. Because of the limitations on scalability, feature representation and adaptability, traditional intrusion detection systems (IDS) don't necessarily capture all the time the new and subtle attacks. In this context this research is motivated towards designing Adaptive Hybrid Intrusion Detection Framework - Deep learning (DL) and machine learning (ML) schemes with optimization based feature selection scheme to accurately and timely detect the attacks.

The proposed scheme is with hybrid approach with different types of classifiers (GoogleNet, Gradient Boosting (GB) and Support Vector Machine (SVM)) used in a single framework. The Ant Colony Optimization (ACO) is used as the main feature selection and optimization technique to determine which are the most relevant traffic attributes to be considered and reduce computation complexity. Using GoogleNet, deep hierarchical feature extraction is performed on the network traffic representations and the classifiers utilized are Gradient Boosting along with SVM for efficient classification of malicious traffic and benign traffic. It is then proposed to adopt the ensemble decision mechanism to improve its robustness and generalization in the various attack scenarios.

Two benchmark intrusion detection datasets (CICIDS2017 & Bot-IoT) are used for evaluation. Experimental test results show that the proposed hybrid model has a significantly higher accuracy, precision, recall and FPR when compared to individual classifiers. At the same time, within the hybrid system, the accuracy of detection is guaranteed at >98%, including effective low-rate DDoS and stealthy traffic from botnets. Furthermore, the use of explainable artificial intelligence methods enhances the interpretability and trust in operations.

It is noted that, optimized feature selection methods along with hybrid DCNN and CNN can be an apt solution, which is scalable and adaptive for deploying IDS of modern era in cloud and edge computing environment for optimized feature selection.