2 Clavijo Marco and López Héctor and Quinatoa Oswaldo

Intruder detection for wlan based on swarm intelligence

Clavijo Marco1 and López Héctor1
and Quinatoa Oswaldo1

Universidad Politécnica Salesiana , Quito, Ecuador

https://www.ups.edu.ec

Abstract. In the current environment where computer networks are

subject to possible attacks, it is important to determine and identify the
intruder through an algorithm for evaluating collective behavior in a host
group connected to an affected network. The swarm intelligence method
allows us the guidance to logical movement of the network points to an
optimal region for a search of the possible intruder. In this article we will
use the swarm algorithm that imitates the interaction of particles or birds
during the flight in search of food, in this way each particle or in this case
host determines its transmission speed taking into account the current
position and the reached one in the optimal region, with this the intruder
is identified within a proposed wlan network. A register of the best
achieved positions of each particle is created allowing to evaluate and
identify anomalous changes within the network which are not frequent
and not concurrent. The intelligence of swarms adapts to the possible
scalability of the network, also does not interfere with the availability,
integrity and confidentiality of the information. The before mentioned
characteristic is important because it is not executed on the user’s side,
therefore, it does not impede its optimal development of the activities it
has in charge.

Keywords: First keyword · Second keyword · Another keyword.

1 Introductioo
n
The security in the network has become an indispensable factor in the information technology, that
has allowed several possibilities, including the ability to manage remotely the systems, due to the
development of the Internet which is subject to intrusions and that causes insecurity in the network
infrastructure. [1] The intrusion is a set of actions whose objective is to damage, compromise the
security, integrity and confidentiality of the available resources of the network. There are
techniques in charge of protecting information, but these techniques always present new
vulnerabilities, due to the attacks present in it, these continue to develop. Approaches inspired by
biology resulted in the appearance of a variety of fields of research, ranging from engineering,
informatics, economics, medicine and social sciences, in the same way these techniques are
proposed to be used for the detection of intruders, the intelligence of Swarm is one of them. The
techniques and algorithms are inspired by the behavior of insects, birds that have the ability to
solve complex tasks in the form of a swarm. The intelligence of Swarms allows the collective study
of systems composed of several individuals, those who interact locally and with their environment.
The detection of intruders has been studied extensively on the basis of computer networks which is
a preventive technique for possible attacks that could be carried out. In the present article the
presence of one or more intruders will be determined which will access the local wireless network in
an unauthorized way, these could be visualized and at the same time expelled from the network
obtaining in this way an optimal management of the authorized users and not authorized. In
addition to mitigate possible attacks to active users that are present in the network through the use
of the stochastic dissemination search which belongs to the swarm intelligence family, which will
provide us with the necessary information to detect unauthorized users within The wlan, in
addition to its position will be determined based on the signal strength received by the infiltrated
device.
In this investigation the host will be related as ants which will use a form of direct communication
between similar agents so that the system behaves in a stochastic way. This implies that there will
 Detección de intrusos para wlan basado en la inteligencia de enjambre 3
be an increase in new users in the scenario that could be managed and protected. an optimal way
taking into account that the information of the same users will be less exposed to different types of
attacks made by infiltrated users in the network.

2 Related Works

In the investigation of "The NA vector swarm-based distance vector routing to support multiple quality
of service (QoS) metrics in adhoc mobile networks" conducted by the authors R.Asokan, AMNatarajan
and A.Nivetha, they seek to write a New algorithm, which proposes to optimize the colony to support
delays, fluctuations and energy restrictions, but the implementation of the algorithm also needs to take
into account the jitter metric to keep the minimum and maximum delay values, in such argument, the
base algorithm that is swarm is not oriented to the investigation of intrusion detection, however it
makes use of it focused on optimizing the routing protocol. [2]
The article by Cauvery NK, and KV Viswanatha that has the title "Improved colony-based algorithm for
routing in ad hoc mobile networks", presents an improved algorithm to generate routes between the
originating and destination node in what is an ad network. hoc, uses swarm intelligence for routing,
avoiding the retransmission of lost packets when reserving resources in nodes, improving performance,
the drawback is the swarm algorithm by particle, the same one that is not oriented to the detection of
intruders, but offers an alternative way of designing an intelligent system, in
 4 Clavijo Marco and López Héctor and Quinatoa Oswaldo

which autonomy replaces the preprogrammed control for greater flexibility and robustness. [3]
Yuk Ying Chung and Noorhaniza Wahid talk about a Hybrid Network Intrusion Detection System
using Simplified Swarm Optimization (SSO), propose a new swarm-based hybrid intrusion detection
system for the selection of uniqueness and optimization for the classification of intrusion data, in
order to improve the performance of the classification, this technique works better than other data
mining operations, where the authors demonstrated as a result the hybrid SSO algorithm is faster in
convergence and more efficient In solution, the article contains bases of the intrusion detection by
means of an intelligent swarm, but it does not focus the optimization in a specific scenario as are the
different network environments. [4]
In the research of Rajani Muraleedharan and Lisa Ann Osadciw on the elaboration of an environment
of work of detection of instructions for networks of sensors that use Honeypot (trap system) and
intelligence of swarm. The current attacks are analyzed in order to predict future attacks through
pattern recognition through intelligent functions, which allow to reduce false alarms but the
investigation does not cover issues found in the context of swarm intelligence such as: particles of
swarm optimization or optimization of an ant colony; These issues are fundamental when evaluating
the collective behavior of an environment composed of several network points, methods for the
construction of stable solutions and with more possibility of success in the detection of intruders. [5]
M. Abadi and S. Jalili developed a research on the use of binary particle swarm optimization for the
minimization analysis of large-scale network attack graphics; It establishes polynomial
approximation algorithms and analysis to encode all the edges in a plot of attacks and prevent an
intruder from achieving its objective. The analysis is developed through the encounter of a minimum
critical set of exploits to disconnect the initial nodes and the objective nodes. In the investigation, the
possibility of the existence of a bottleneck or communication funnel where a series of unanswered
requests was made at the same time producing a queue is not considered. The aforementioned
existence temporarily prevents the development of network attack graphics, a fundamental element
of research. [6]
In the investigation of a defense technique based on swarms for traffic jams in wireless sensor
networks proposed by S. Periyanayagi and V. Sumathy; the adaptation to a change in the topology of
the network is analyzed through the defense technique used to mitigate the bottlenecks that are
generally interpreted as interruptions or collisions. This technique allows the transmitter and
receiver to change the channels to limit the channel maintenance overhead. There is a drawback in
the research because swarm intelligence is not applied optimally because it is not evaluated
 Detección de intrusos para wlan basado en la inteligencia de enjambre 5

the use of each of its intermediary algorithms such as: swarm particle optimization or ant colony
optimization. With this a better defense will be achieved because the general application of the swarms does
not evaluate the collective behavior in its entirety.
A study of swarm intelligence techniques in intrusion detection is a research developed by P. Amudha and
H. Abdul Rauf; describes the operation of an intrusion detection system and its elements that through a
KDD-Cup99 intrusion detection data set derived from DARPA the collective behavior is evaluated through
the various swarm intelligence methods and is established a comparison of performance over time but the
investigation does not consider the consequences of the application of the different methods in an intrusion
prevention system where in addition to preventing the attacks is stopped through various network security
measures and evolution of vulnerabilities.
The present article " Reducing map of intrusions, detection system based on a swarm of particles for cluster"
describes the use of this type of algorithms to detect intruders by means of a programming model Mapreduce
which takes its model of parallel processing with intense applications of data In a scenario where there is
great processing capacity with the objective of avoiding failures in the nodes and establishing an adequate
load balancing, unlike the present investigation, the swarm optimization algorithm is introduced in the
wireless network scenario, which presents greater gaps in security plus we discussed a supervised parallel
algorithm thanks to this we can obtain an almost exact position of the intruder so we can take respective
measures to limit the signal range.
In the following article, called "Mining of network data for intrusion detection. Through the combination of
SVMs with networks of ant colonies "written by Wenying Feng describes the implementation of several
models of intrusion detection systems used for data mining among them an analytical line processing tool
called OLAP and intelligence of optimization of colony ACO which makes a comparison with traditional
classification methods such as SVM, DT and GA proposing that one of the best techniques is the colonization
of ants that belongs to the family of swarm optimization that will be used in our investigation of an different
way since it will be simulated in a wlan network for the detection of intruders and in turn detect anomalies
in the flow of network traffic.
The article called "A new system of detection of intrusions based on fast learning network" written by
Mohammed Hasan Ali; Bahaa Abbas Dawood Al Mohammed; Alyani Ismail; and Mohamad Fadli Zolkipli
proposes the use of a new learning algorithm known as Extreme Learning Machine (ELM) which works in
parallel with the intrusion detection based on ANN and the PSO algorithm which must be trained for greater
effectiveness which goes collecting characteristics of several attacks this leads us to investigate how to
identify them optimally, but does not present the implementation for
 6 Clavijo Marco and López Héctor and Quinatoa Oswaldo

wireless networks and the mitigation of possible threats to authorized users.

References
1. B. G. Goodarzi, H. Jazayeri, and S. Fateri, “Intrusion detection system in computer
network using hybrid algorithms(SVM and ABC),” J. Adv. Comput. Res., vol. 5, no.
4, pp. 43–52, 2014.
2. S.K., Nivetha and Ramasamy, Asokan and Senthilkumaran, N, A swarm-based hy-
brid routing protocol to support multiple Quality of Service (QoS) metrics in mobile
ad hoc networks, 2013 4th International Conference on Computing, Communications
and Networking Technologies, ICCCNT 2013, pp. 1-8, 7 2013.
3. Cauvery, NK and Viswanatha, KV, Enhanced ant colony based algorithm for routing
in mobile ad hoc n, World Academy of Science, Engineering and Technology, vol.
46, pp. 30–35, 2008.
4. Y. Y. C. a. N. Wahid, A hybrid network intrusion detection system using simplified
swarm optimiza, Applied Soft Computing, vol. 12, no 9, pp. 3014-3022, 2012.
5. R. Muraleedharan y L. Osadciw, An intrusion detection framework for Sensor Net-
works using Honeypot and Swarm Intelligence, 2009.
6. Shams, Mohammad and Jalili, Saeed, Using Binary Particle Swarm Optimization for
Minimization Analysis of Large-Scale Network Attack Graphs, Scientia Iranica, vol.
15, 2009.
7. Amudha, P and Rauf, Abdul H, A Study on Swarm Intelligence Techniques in In-
trusion Detection, IJCA Special Issue on Computational Intelligence & Information
Security, no 1, pp. 9–16, 2012
8. Periyanayagi, S and Sumathy, V, A swarm based defense technique for jamming
attacks in wireless sensor networks, International Journal of Computer Theory and
Engineering, vol. 3, p. 816, 2011.
9. I. Aljarah, S. A y Ludwig, MapReduce intrusion detection system based on a particle
swarm optimization clustering algorithm, pp. 1-24, 2013.
10. W. Feng, Mining network data for intrusion detection through combining SVMs with
ant colony networks, pp. 1-14, 2014.
11. M. H. Ali, B. A. Dawood y A. Mohammed, A New Intrusion Detection System Based
on Fast Learning Network and Particle Swarm Optimization, pp. 2-7, 2018.