Enhanced Simulating Annealing and SVM for Intrusion Detection System in Wireless Sensor Networks

Wireless Sensor Networking (WSN) is among the most recent technologies with uses ranging from medicine to the military. Nevertheless, WSNs are impervious to numerous types of cyber-attacks that could compromise the performance of the entire network, which could lead to fatal problems such as a routing attacks, denial-of-service attack, probe, etc. Key management protocols, secure routing, and authentication protocols cannot offer WSN protections for such kinds of attacks. The intrusion detection scheme is the way to solve the issue. This paper proposes an Enhanced simulated annealing based support vector machine algorithm for intrusion detection. Traditional features selection algorithm simulating annealing takes much time to run. So, to avoid this problem, we have introduced Enhanced simulated annealing. From the performance results, it can be seen that our proposed feature selection method provides better performance results than the existing method.


Introduction
The WSN is a group of simple and cheap sensing devices that are configured with environmental sensors and interact with each other over a wireless radio system.Many WSN applications need a vast number of sensor nodes to run unmonitored.It creates significant utilization and administration issues.Worse still, it is often difficult to reach the deployment region at all, for example in military applications and dangerous areas.Therefore, sensor networks have to become fully independent and show responsiveness and adaptability in live time, without indirect user or admin action, to alterations in evolution [1].
In terms of security risks, this need is much more imperative.An intrusion could be described as a collection of behavior that can contribute to a device being unauthorized to enter or change it.Intrusion detection schemes are entrusted with tracking computer networks, identifying potential network intrusions and notifying consumers to the presence of intrusions, and reorganizing the network if it is[2] possible.
DARPA 1999[3] and KDD CUP 99 [4]database records are used for various researches.In this paper NSL KDD 99 [5]database used for Intrusion detection system.The overall work flow of suggested work is given in figure 1.Initially features selection is done by proposed enhanced simulated annealing method.In figure 2 the prosed features selection flow was given.After features selection we split the features as train set and test set.Finally, classification is done by Support vector machine (SVM) algorithm.

Fig. 1 Overall process of proposed work
In this paper simulated annealing was adopted for feature selection purposes.However traditional simulated annealing very slow to find out the optimal solution.So, it may cause to take much time consumption and less performance.The selection of the initial temperature value affects the performance and time consumption.So initial temperature value is computed by grey wolf optimization.The best cost value of grey wolf optimization is considered as the initial temperature value of simulated annealing.

Simulated Annealing
Simulated annealing is an efficient and common method for optimization purposes.It helps analyze global optima in the presence of local optima."Annealing" relates to an analogy of thermodynamics, especially when metals are cold and anneal.It uses the fitness function of the problem of optimization instead of the energy of the object.Simulated annealing enhances this strategy by introducing two components.The first one is the Metropolis Algorithm [16], which is adopted when serving states to permit the solver to discover the potential locations of solutions that have not been improved.Of that kind "bad" conditions are allowed by the Boltzmann criterion: Where ∆ is the energy change, represents the cost function, and   is the temperature.If   is large, several "bad" conditions are recognized, and most of the optimal solution is accessible.The second, by analogy to the annealing of material, is to reduce the temperature again.Afterward visiting several situations and noticing that the fitness function is gradually decreasing, the temperature is lowered and the size of permitted "bad" states is thus limited.Later decreasing the temperature to a minimal rate several times, the process can then be "quench" by embracing only "good" situations to determine a local minimum fitness function.

Classification
The procedure of grouping things on the basis of features is classification.Here, nodes are categorized as normal and abnormal nodes based on the enhanced simulated annealing features.Numerous machine learning methods is suggested for intrusion detection [17][18] [19].Various proposed methods used SVM for classification [20][21] [22].

Support vector machine
An SVM is a supervised model of machine learning that utilizes classification techniques for problems with binary classification [23].They categorize fresh feature after providing an SVM system set of labeled training data with each class.
For several practical issues, it can resolve linear and non-linear issues and perform well.The SVM method's vision is to develop the best decision boundary or line that can differentiate n-dimensional area into class labels so that in the future we can conveniently apply the new feature in the right category.This boundary of the best decision is named a hyperplane.
The extraordinary vectors which help to develop the hyperplane are chosen by SVM.Such extraordinary cases are referred to as support vectors, and the method is therefore referred to as the Support Vector Machine.SVM is classified as two type one is linear SVM and another one is nonlinear SVM.

Linear SVM:
Linear SVM generally handle the two set of features which means group 1 and group 2.Since it is twodimensional space, we can differentiate these 2 classes conveniently by using a horizontal line.There could be several lines, however, that can differentiate these classes.The SVM method finds the nearest point in both groups of lines.The space between the hyperplane and the vectors is named the margin.And SVM's objective of maximizing this margin.The maximum-margin hyperplane is known as optimal hyperplane [24].

Nonlinear SVM:
If the data is set in a linear manner, it can be segregated using a line, but we could not draw a one line for non-linear data.Two-dimension data are used for linear SVM but in nonlinear SVM need to insert one more dimension to segregate these points [25].This paper is structured as follows: the related work is described in Section 2; the proposed methodology is provided in Section 3; the experimental results and discussion are presented in Section 4 and the conclusion is reported in Section 5.

Related works
Numerous different works has been done on the classification and feature selection for the establishment of Intrusion detection systems by different investigators [26,27][28][29] [30].The PSO based Intrusion detection system algorithm is implemented along with the main component study to determine an intrusion in the WSN [9].The suggested methodology has achieved significant results in terms of false alarm rate and the count of features selected, and besides requires further improvement in terms of accuracy and detection rate.Also, when suggesting this method, the execution time necessary to analyze all threats is completely ignored.Besides, [31] developed a hybrid Intrusion detection system method in the WSN.It gives better accuracy and detection rate, but somehow it neglects the execution time and false alarm rate.To handle the IDS, [32] [33][34] [35]other optimization techniques can also be reviewed.
Apart from this various improved version of feature selection method were suggested [36] [29].In this paper author proposed an improved binary gray wolf optimizer for feature selection.Three wolves, five wolves and seven wolves were used to identify the best number of wolves.This method significantly increases the processing time compared to [9].However, that paper, they did not concert on drawback of traditional GWO algorithm.So that work will suffer from slow convergence, low solving precision, and bad local searching skill.So, it will take more time for convergence and also its lead to increase more processing time.

Proposed Methodology
The keyobjective of this paper is to classify normal and abnormal nodes from given database records.We have utilized NSL-KDD99[5]database for intrusion detection.NSL-KDD 99 database is an freedatabase available online.It has 4,898,431 records, out of which 3,925,650 records are affected records, and the remaining 972,781 records are normal.NSL-KDD 99 database is an enhancedform of the KDD-Cup 99[4]database.Table 1 indicates the attack details of the database.

Denial of service:
A DoS attack is a kind of intrusion intended to shut down a network or machine, trying to make it unavailable to its authorized parties [47].
Remote to local: R2L thread has been commonly recognized to be initiated by a hacker to gain illegal admission to a target computer across the network [48].
Probe: It is an attack [49] that is intentionally generated so that in the report its target detects and reports it with an identifiable "fingerprint." User to root: U2r attack is usually initiated while legitimately accessing a local computer to unlawfully gain the root privileges [48].

Enhanced Simulated Annealing:
One of the most common heuristic techniques to solve the optimization problem is the SA algorithm [50].Traditional simulating annealing is very slow to determine the best optimal solution.It leads to taking much time to run.So, to avoid this problem, we have introduced Enhanced simulating annealing.
Algorithm 1: Enhanced simulated annealing 1. Initializing the solution   [51] Define the initial   and final   temperature

Table.1 Different type of attacks details of NSL-KDD 99 database
We have used traditional simulated annealing as per [51].Instead of fixing the random temperature value, we have calculated the Initial temperature value by using the grey wolf optimization algorithm.The best cost of grey wolf optimizer used as the initial temperature of simulated annealing.The performance results were discussed in section4.
Finally, a support vector machine is utilized for classification purposes.

Experimental results and discussion
MATLAB is used for simulation purposes.We have analyzed our proposed algorithm performance results in terms of execution time, false alarm rate, detection rate, and accuracy.

Accuracy
It is the percentage of exactly categorized data that is a true positive (i.e., TP) and true negative (i.e., TN). Figure 1 signifies the accuracy comparison of the proposed technique with currently existing methods.Our proposed mechanism offers 6.39 % higher accuracy and 9.95 % higher accuracy while comparing with GWO-SVM [18] and PSO-SVM [9].

False alarm rate
It is the false-positive ratio between true negative and false positive.Figure 2 represents the false alarm rate comparison of the proposed technique with currently existing approaches.Compared to GWO-SVM [18] and PSO-SVM [9], our proposed mechanism provides a false alarm reduction of 73.95 % and a false alarm reduction of 89.54 %.Indicates the time it takes to complete the normality and abnormality classification.Figure 3 represents the execution time comparison of the proposed technique with currently existing approaches.Compared to GWO-SVM [18] and PSO-SVM [9], our proposed mechanism offers an execution time reduction of 28.44% and execution time reduction of 58.85 %.

Conclusion
The intrusion of wireless sensor networks is intended to weaken or eliminate these networks' ability to perform their functions.So, it is necessary to effectively perform intrusion detection.Feature selection methodology plays a major role in intrusion detection because it directly affects the performance of the classifier.So, in this work, we have proposed enhanced simulating annealing for feature selection.For classification purposes, we used the SVM algorithm.Our proposed feature selection methods offer better performance while comparing with currently existing methods.Compared to GWO-SVM and PSO-SVM, our proposed mechanism offers 8.71% higher accuracy, 81.74% lower false alarm rate, 3.92% higher detection rate, and 43.64% lower execution time.We are going to use a deep learning method for classification purposes in our future work.

Fig. 2
Fig. 2 Proposed Enhanced simulated annealing work flow

end 4 .
If thermal equilibrium is reached Go to step 5 Else Go to step 3 5.If the   is reached End Else Update  nd go to step 2.

Fig. 3
Fig. 3 Accuracy comparison of the proposed technique with existing approaches

Fig. 4 .Fig. 6
Fig.4.False alarm comparison of the proposed technique with existing approaches