Archives of Computational Methods in Engineering (2021) 28:2897–2919

https://doi.org/10.1007/s11831-020-09481-7

ORIGINAL PAPER

Nature Inspired Techniques and Applications in Intrusion Detection

Systems: Recent Progress and Updated Perspective
Kutub Thakur1 · Gulshan Kumar2

Received: 1 January 2020 / Accepted: 20 August 2020 / Published online: 31 August 2020
© CIMNE, Barcelona, Spain 2020

Abstract
Nowadays, it has become a necessity for operational and reliable operation of networks due to our increased dependency
over the network services. However, intruders are continuously attempting to break into the networks and disturbing the
network services using a variety of attack vectors and technologies. This motivates us to develop the techniques that ensure
operational and reliable network, even in changing scenarios. Recently, most of the researchers have focused on the employ-
ment of techniques inspired by a natural phenomenon to detect the intrusions effectively. Nature-Inspired Techniques (NITs)
have the ability to adapt to a constantly changing environment. Thus, they help to provide in-built resiliency to failures and
damages, collaborative, survivable, self-organizing and self-healing capabilities to IDSs. The paper presents an analysis of
NITs, and their classification based on the source of their inspiration. A comprehensive review of various NITs employed
in intrusion detection is presented. Analysis of prominent research indicates that NITs based IDSs offers high detection rate
and low false positive rate in comparison to the conventional IDSs. The NITs enables more flexibility in IDSs because of
their employability into hybrid IDSs leading to detection on the basis of anomalies as well as signatures, leading in improv-
ing detection results of known and unknown attacks. The paper attempts to identify NITs’ advantages, disadvantages and
significant challenges to the successful implementation of NITs in the intrusion detection area. The main intention of this
paper is to explore and present a comprehensive review of the application of NITs in intrusion detection, covering a variety
of NITs, study of the techniques and architectures used and further the contribution of NITs in the field of intrusion detec-
tion. Finally, the paper ends with the conclusion and future aspects.

1 Introduction types of network are not designed by keeping security into

considerations. Most of the traditional security mechanisms
Several techniques and technologies such as firewalls, are unable to provide appropriate security over these net-
encryption, secure network protocols have been employed works. So, there is an acute demand for security mechanisms
for restricting the unauthorized use of computer systems. that are capable of detecting any unauthorized attempt to
With the evolution of security technologies, the attackers break into a computer system. This has led to the develop-
are also continuing to adopt new techniques for breaking the ment of Intrusion Detection System (IDS) and is treated as
security of computer systems. In addition to the ever-chang- an essential element of security mechanism nowadays. IDS
ing attacker techniques, new network types like MANET, is a security technology capable of identifying an unauthor-
WSN, SDN have appeared that lead to a more complicated ized attempt called intrusion to break into the security of a
situation of ensuring computer systems’ security. These new computer system or network by violating security objec-
tives. The important security objectives include Availabil-
* Gulshan Kumar ity, Integrity, Confidentiality, Accountability and Assurance
[email protected] [208]. The IDS monitors target sources of activities, such
Kutub Thakur as audit and network traffic data in a computer or network
[email protected] systems and employs various techniques to detect unauthor-
ized activities as intrusions. The main objective of IDS is to
1
Department of Professional Security Studies, New Jersey detect all intrusions in an efficient manner. The implementa-
City University, Jersey City, USA
tion of IDS allows network administrators to detect security
2
Department of Computer Applications, Shaheed Bhagat objective violations. These security objective violations
Singh State Technical Campus, Ferozepur, Punjab, India

13
Vol.:(0123456789)
2898 K. Thakur, G. Kumar

can range from external attackers trying to gain unauthor- of the problem has increased tremendously. It has generated
ized access to network security infrastructure or making the need for effective optimization techniques. Mathemati-
resources unavailable to insiders abusing their access of the cal optimization techniques are only tools for optimizing
system resources. problems before the proposal of heuristic optimization tech-
However, effective and efficient development of IDS is a niques. These methods are mostly deterministic and suffer
real challenge because of meeting the requirement of high from one major problem called local optima entrapment.
true positive rate and low false positive rate for the ever- Some of them, such as gradient-based algorithm requires
changing trend of intrusions using minimum computing derivation of search space as well. This makes these tech-
resources as early as possible. The quick detection of intru- niques highly inefficient in solving real problems like intru-
sion may help to reduce the loss of unauthorized access of sion detection.
a computer system. NITs are meta-heuristics techniques [247]. These tech-
Denning [57] proposed the first model of IDS and there- niques are influenced by the existing natural behaviors/phe-
after, a lot of models have been proposed for effective intru- nomena for the solution of an optimization-like problem in
sion detection. Axelsson [12] proposed a common architec- nature. A very simple example of inspiration is the behavior
ture for IDS as depicted in Fig. 1. According to Axelsson of a colony or a swarm while searching for the best food
[12], common components of IDS consist of the followings: source. In information technology, the meta-heuristic term
“Network to monitor” that is the identity to be monitored describes a computational way of optimizing a problem by
for intrusions. This can be a single host or a network; “Data iteratively trying to improve a candidate solution with regard
collection and storage unit” that is responsible for collect- to a given metric of quality. Alternatively, these techniques
ing the data of various events and converts them in proper attempt a systematical trial-and-error approach for finding
format and store to disk; “Data analysis and processing unit” an optimal solution. Moreover, most of these NITs by defini-
that is the brain of IDS. It contains the whole functionality to tion are easily adaptable to parallel computing, which makes
find the suspicious behaviour of attack traffic. On detecting them applicable in very large scale problems.
an attack, a signal is generated for alerting network admin- After the successful implementation of genetic algorithms
istrator. Based on the type of IDS, action can be raised by by Holland et al. [96], inspired from the natural selection
the system itself to alleviate the problem or signal is passed and reproduction phenomenon, there is a countless number
to the network administrator to take appropriate the action; of advances in different techniques inspired from the natu-
“Signal:” This part of the system handles all output from an ral phenomenon in different application domains over the
IDS. The output may be either an automated response to an last two decades in the computer science. A large number
intrusion or alert of malicious activity for a network security of techniques mimicking some phenomena in nature have
administrator. yielded a wide spectrum of applications. The most popular
Many researchers employed techniques from different implementations inspired from the nature are PSO [66] algo-
disciplines like statistical techniques, pattern matching tech- rithm, Ant Colony Optimization (ACO) [145], Differential
niques, artificial intelligence techniques and optimization Evolution (DE) [209], Evolutionary Strategy (ES) [185],
techniques for developing an effective IDS. and Evolutionary Programming (EP) [76, 245] and many
Recently, the researchers in the field are motivated by more have been developed for complicated multidimensional
the natural phenomenon and developed several techniques continuous and combinatorial optimization problems. These
inspired by nature for effective intrusion detection. Nature techniques have been successfully implemented for a wide
Inspired Techniques (NITs) are generally used for the opti- variety of applications, including intrusion detection.
mization process for finding the best possible solution(s) to Nature-inspired IDS are usually lightweight systems
a given problem. Over the last few decades, the complexity which are simple to implement, self-configurable, highly
adaptable and extremely robust. These advantages of NITs
have been identified in the field of intrusion detection, and
hence increased the level of interest of researchers as well as
industry. In spite of the wide usage of nature-inspired tech-
niques in the field of intrusion detection, no comprehensive
survey of recent researches in the field of intrusion detection
exists. So, it motivates us to perform a critical analysis of
state of the art of NITs based IDSs to provide insights of
researches that have been done till date, its challenges and
prospective future work in the field.
This study presents a classification of research work
Fig. 1  General architecture of IDSs of NITs to date ad its application in the field of intrusion

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2899

detection. The categorization of NITs is being done on the turns loses of a real-time analysis capability of an IDS
basis of the motivation of the natural phenomenon behind [28, 204].
the technique. • Most of the existing intrusion detection techniques
The rest of this paper is organized as follows. Section 2 strive to obtain a single solution that lacks classifica-
highlights the major challenges of building an effective and tion trade-offs [69].
efficient IDS. A brief history of development in NITs is pre- • Non availability of a globally acceptable standard/met-
sented in Sect. 3 followed by salient features of NITs in ric for evaluating an IDS [82, 173].
Sect. 4. Section 5 describes the classification of NITs by • Lack of a standard evaluation dataset that can simulate
their source of inspiration. Section 6 provides a list of NIT realistic network environments [173].
applications in different fields. Section 7 presents the promi- • Highly imbalanced attack class distribution [230].
nent researches that employed NITs in the field of intrusion • Continuous adaptation of an IDS to a constantly chang-
detection. The critical issues of NITs for effective intrusion ing environment [230].
detection are concluded, followed by a list of promising • The inherent problem of writing correct patterns for an
future research directions in Sect. 8 at the end of this paper. IDSs [69, 168];
• Current IDS do not properly aggregate and correlate
the alarms that lead to a flood of false alarms for the
2 Major Challenges of Intrusion Detection network administrator [55].
• Network normal behavior can be subjective, and anom-
In the real world, Intrusion detection process involves the alies may not be well defined. Since, the normal profile
processing of high dimensional network and audit data. Pro- is subject to the current state of normality in the net-
cessing of high dimensional data is highly computationally work, which may be compromised by very low inten-
expensive. It may lose the real time analysis capability of sity attacks [138, 230].
an IDS. So, there is a requirement to reduce the compu- • Intrusion detection software mechanisms themselves
tational overhead to make an IDS fast and operational in are not inherently survivable; It lacks to defend itself
the real world. The computational overhead may be reduced from attacks [12, 82, 173].
by applying an appropriate feature selection technique that
selects relevant and non-redundant features. Another sig- These causes enforce an IDS to be fast, flexible (instead
nificant problem for the IDSs is the distribution of the data of strict thresholds), adaptive (instead of fixed rules),
that is also dynamic changing with the passage of time. The dynamic learning of new patterns and aggregate logically
data may have patterns of novel attacks. Non-availability of correlated false alarms to identify the root of alarms. Thus,
signatures of the novel attacks in the database of the IDS an efficient IDS should address all these issues, includ-
leads to high false alarm rate and low detection accuracy. ing reduction of false positives, fast processing of large
In fact, practitioners, as well as researchers, have observed volume of network traffic and adapting to the changing
that an IDS can easily trigger thousands of alarms per day, environment for the novel attacks.
up to 99% of which are false positives (i.e. alarms that were NITs are high-level problem independent frameworks
mistakenly triggered as malicious events) [107]. Most of for solving optimization problems that require high com-
the attacks are likely to generate multiple related alarms. putational time and power to obtain the best results from a
This flood of false alarms makes it very difficult to identify given set of data points such as intrusion detection. These
the hidden true positives (i.e. those alarms that correctly techniques are capable of finding solution to a problem
flag attacks) [107]. The most appealing way to reduce false quickly. This solution may not be the best of all possi-
alarms is to develop a better IDS that generate fewer false ble solutions to the problem but still, they stand valid as
alarms. The process of reducing false alarms is very chal- they do not require an excessively long time to be solved.
lenging because false alarms are the result of many prob- NITs work on a population of solutions leading to gener-
lems. The major problems include the following: ate a set of non-inferior solutions simultaneously. This
helps network administrators to tradeoff between evalua-
• Low detection efficiency and high false alarm rate [29, tion metrics for IDSs such as True Positive Rate and False
82, 230]. Positive Rate. Generation of a diverse set of non-inferior
• Low throughput and the high cost, mainly due to higher solutions can help to build an accurate ensemble solution
data rates (Gbps) that characterize current wide band for the problem of intrusion detection. Recently, several
transmission technologies [82]. researchers formulated intrusion detection as an optimi-
• Processing of a large volume of data with less informa- zation problem and solved it by using NITs taking nature
tion loss [138, 230] and processing a large volume of of intrusion detection problem and capabilities of NITs,
data results in extra computational overhead which in described in Sect. 7.

13
2900 K. Thakur, G. Kumar

3 History of Nature‑Inspired Techniques some cuckoo species in 2009 [240]. The proposed method
simulates the complex social interactions of cuckoo-
NITs are usually non-deterministic algorithms or sto- host species co-evolution partly. The same researcher
chastic in nature that is inspired by natural phenomenon. simulated bat algorithm in 2010 that was inspired by
These algorithms differ from traditional algorithms that the echolocation features of microbats [236]. Bat algo-
are deterministic in nature like Newton’s method [242]. rithm employs frequency tuning in combination with
The deterministic algorithms follow a fixed path to solu- the variations of loudness and pulse emission rates dur-
tions starting from a given point [239]. ing foraging. These algorithms are considered as swarm
Initially, non-deterministic algorithms were introduced intelligence based algorithms because these algorithms
by Alan Turing in his technical report in 1948 [220]. Later, are inspired by social interactions and their biologically
in the 1960s, researchers started simulating evolutionary inspired rules.
programming and genetic algorithm on the basis of Dar- There is also a different set of algorithms that are not
win theory of evolution of biological system [96]. They inspired by swarm intelligence. These algorithms are
simulated the genetic operators of crossover and muta- inspired by the existing physical phenomenon. The signifi-
tion as operations of the algorithms. Fooel et al. [77] used cant development in this category of algorithms includes
evolution programming for developing a learning tool of harmony search algorithm that is music-inspired algorithm
artificial intelligence. These algorithms fall under the cat- [83], gravitational search algorithm (GSA) that is a physics-
egory of evolutionary programming. inspired algorithm [183], flower pollination algorithm (FPA)
Later in 1983, Kirkpatrick et al. proposed simulated inspired by the pollination features of flowering plants [237].
annealing that simulated the annealing process of metals This class of algorithms works population of solutions but
and used it to optimize the solution of the problems [126]. does not belong to swarm based algorithms.
It was added by Glover by proposing the Tabu search algo-
rithm to use memory and history for enhancing the search
capability of the algorithm in 1989 [84]. 4 Salient Features of Nature‑Inspired
In 1992s, swarm based algorithms were proposed. Ini- Techniques
tially, Dorigo [62] proposed a swarm based algorithm
called ant colony optimization (ACO) using key features Several NITs have been developed to date, inspired by dif-
of social ants to design procedure for optimization. he used ferent natural phenomena, the social behavior of species,
pheromone and rules as local interactions in ACO. In the animals and birds etc. These techniques have many advan-
same time. Koza et al. suggested genetic programming by tages over deterministic and conventional techniques that
means of natural selection [129]. It was followed by the make them successful in solving many complex problems
development of particle swarm optimization in 1995 by in different domains. The salient features of NITs are listed
Kennedy et al. [124] that simulates the swarm behavior as below [242, 249].
of fish and birds. Development of Differential Evolution
used vectorized mutation and is not inspired by natural 1. NITs possess the ability to find true global optimality
phenomenon [209]. Differential Evolution has been widely like a real global optimizer.
used for developing several new nature inspired algo- 2. These techniques do not require prior knowledge about
rithms. In same times, Wolpert and Macready proposed the problem.
No-Free-Lunch (NFL) theorem. NFL theorem impacted 3. These techniques have the capability to solve nonlin-
optimization and machine learning developments [229]. ear, multimodal problems with discontinuity without
This theorem again activates research in NITs. Nakrani employing any gradient-free method.
and Tovey simulated honeybee algorithm for optimizing 4. NITs employ stochastic methods in terms of random
Internet hosting centres in 2004 [164]. It was followed by numbers as initialization of population. So, every run
the development of bees algorithm in 2005 [176, 234]. result in different output in contrast to deterministic
Karaboga et al. developed an artificial bee colony (ABC) algorithms.
algorithm for optimization problems [112]. These algo- 5. NITs are capable of escaping local minima problem.
rithms are motivated from aspects of the foraging behav- 6. Exploitation and Exploration capabilities: NITs have
iour of social bees. At the same time, Yang et al. developed the capabilities of optimizing local search as well as
a firefly algorithm (FA) by getting inspired by the flashing global search referred to as exploitation and explora-
behaviour of tropic firefly species [238]. tion, respectively. These capabilities are achieved with
Yang and Deb developed cuckoo search (CS), inspired the use of actual search methods of the NIT and its
by the brood parasitism of the reproduction strategies of design. The NIT achieves a tradeoff between exploita-
tion and exploration for generating better results in terms

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2901

of convergence and accuracy. But, achieving a tradeoff

between exploitation and exploration is a challenging
task in NITs.
7. Diversity: IT refers to variation in candidate solutions
of a population of NIT. Candidate solutions with greater
diversity or randomness can lead to better quality results
of NIT in terms of accuracy. Maintaining diverse can-
didate solutions in the population of NIT can avoid its
premature convergence. But, maintaining a diverse pop-
ulation throughout the execution of NIT is a challenging
task.
8. Operators: Operations on population controls the trade-
off between exploitation and exploration, diversity and
convergence of NITs. Several key operators have been
proposed that generates new and promising candidate
solutions in the population of NIT during its execution.
Selecting the right set of operators for a given NIT is a
crucial task that has a direct impact on the convergence
of NIT and accuracy of results.

5 Classification of Nature‑Inspired
Techniques

Most of the optimization techniques can be classified based

upon the number of solutions that are being optimized
simultaneously, treated as candidate solutions. Initially, the
techniques may start optimizing a single solution/objective
or a set of solutions/objectives chosen randomly. Accord-
ingly, the optimization techniques can be categorized as an
individual based optimization or population-based optimi-
zation techniques as depicted in Fig. 2. The optimization
techniques have been designed to optimize predefined cri-
teria known as the fitness of the solution. These techniques
have pros and cons associated with them. As individual
based techniques require less computing resources but may
get trapped in a local optimum. Whereas, population-based
techniques require high computational power, ensuring bet- Fig. 2  Classification of optimization techniques
ter convergence to global optima. Many individual based
optimization techniques like Tabu Search (TS) [76, 84],
Hill Climbing [53], Iterated Local Search (ILS) [141], and
Simulated Annealing (SA) [126] have been employed for
building an effective IDS. In addition, many researchers have
also employed population based optimization techniques like
Glowworm Swarm Optimization (GSO) [130], Bees Algo-
rithm (BA) [177], Artificial Bee Colony (ABC) algorithm
[112], Bat Algorithm (BA) [236], Firefly Algorithm (FA)
[235], Cuckoo Search (CS) algorithm [240], Cuckoo Opti-
mization Algorithm (COA) [181] for finding an optimized Fig. 3  Classification of Population based optimization techniques
solution for intrusion detection.
Population-based techniques can be further categorized inspiration for developing the technique. The major source
into three different classes on the basis of the source of of inspiration includes evolution, swarm, physical phenom-
enon or others as depicted in Fig. 3.

13
2902 K. Thakur, G. Kumar

Evolution based optimization techniques are related in Table 1  Classification of eolution based NITs (in chronological
some respects to living organisms [54]. These methods are order)
an attempt to mimic the genetic improvement of human S. no. Optimization technique Year Study
beings or the natural behaviour of animals to provide real-
1 Genetic algorithm 1992 [96]
istic, low-cost solutions to complex problems that are hith-
2 Differential evolution optimization algorithm 1997 [209]
erto unsolvable by conventional means. The techniques like
3 Marriage in honey bees 2001 [1]
Biogeography-based Optimization (BBO) algorithm [202],
4 Gene expression programming 2001 [74]
evolutionary membrane algorithm [140], human evolution-
5 Queen-bee evolution 2003 [108]
ary model [160], and Asexual Reproduction Optimization
6 Invasive weed optimization algorithm 2006 [148]
(ARO) [73] designed on the basis of evolution involve the
7 Human evolutionary model 2007 [160]
optimization following the natural evolution of spices. The
8 Monkey search algorithm 2007 [163]
Evolution based optimization techniques are summarized
9 Viral systems optimization approach 2008 [45]
in Table 1.
10 Biogeography-based optimization algorithm 2008 [202]
The development trend of evolution based NITs over
11 Fish-school search 2008 [18]
last three decades is represented in Fig. 4. It can be eas-
12 Roach infestation algorithm 2008 [92]
ily assessed that the major developments in evolution based
13 Human-inspired algorithm 2009 [250]
NITs research has taken place in the last decade. In this
14 Group search optimizer 2009 [93]
decede, a total of 30 out of 38 NITs have been developed
15 Paddy field algorithm 2009 [178]
by extending the concept of evolution as listed in Table 1.
16 Asexual reproduction optimization 2010 [73]
Swarm based optimization techniques are inspired by the
17 Termite colony optimization 2010 [94]
natural processes of plants, foraging behaviors of insects
18 Eco-inspired evolutionary algorithm 2011 [170]
and social behaviors of animals. Techniques like Glowworm
19 Great salmon run 2012 [162]
Swarm Optimization (GSO) [130], Bees Algorithm (BA)
20 Opt bees 2012 [143]
[177], Artificial Bee Colony (ABC) algorithm [112], Bat
21 Japanese tree frogs calling 2012 [95]
Algorithm (BA) [236] are designed by following the behav-
22 Evolutionary membrane algorithm 2012 [140]
iour of swarms of the species. The swarm based optimiza-
23 Swine flow optimization algorithm 2013 [174]
tion techniques are summarized in Table 2.
24 Dolphin echolocation 2013 [119]
The development trend of swarm based NITs over last
25 Egyptian vulture 2013 [211]
three decades is represented in Fig. 5. It can be easily
26 Cuttlefish algorithm 2013 [68]
observed that the major developments in swarm based NITs
27 Symbiotic organisms search 2014 [33]
research have taken place from 2008–2019. In this period, a
28 Ecogeography-based optimization 2014 [253]
total of 42 out of 54 NITs have been developed using swarm
29 Brain storm optimization 2015 [198]
intelligence as listed in Table 2.
30 Sperm whale algorithm 2016 [67]
Physical phenomenon based optimization techniques is
31 Virulence optimization algorithm 2016 [102]
inspired by the evolution of research related to physical phe-
32 Lion optimization algorithm 2016 [246]
nomena and laws of science. Techniques like Gravitational
33 Duelist agorithm 2016 [21]
Search Algorithm (GSA) [183], Chemical Reaction Optimi-
34 Spotted hyena optimizer 2017 [60]
zation (CRO) [135], Artificial Chemical Reaction Optimiza-
35 Neuronal communication 2017 [9]
tion Algorithm (ACROA) [6], Charged System Search (CSS)
36 Mushroom reproduction optimization algo- 2018 [19]
algorithm [123], Ray Optimization (RO) [120] have been rithm
designed on the basis of the physical phenomenon of the 37 Socio evolution and learning optimization 2018 [134]
nature. Physical phenomenon based optimization techniques algorithm
have been summarized in Table 3. 38 Biology migration algorithm 2019 [251]
The development trend of physical phenomenon based
NITs over last three decades is represented in Fig. 6. It can
be easily observed that the major developments in physi- The development trend of other criteria based NITs over
cal phenomenon based NITs research has taken place from last three decades is represented in Fig. 7. It can be easily
2012–2019. In this period, a total of 33 out of 42 NITs have observed that the major developments in physical phenom-
been developed using physical phenomenon of nature as enon based NITs research have taken place from 2012–2019.
listed in Table 3. In this period, 31 out of 37 NITs have been developed using
Optimization techniques that have been developed on a physical phenomenon of nature as listed in Table 4.
other criteria than above mentioned aspects are summarized Figure 8 represents a comparative analysis of trends in
in Table 4. NITs using different concepts in the last three decades.

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2903

Table 2  Classification of sarm based NITs (i chronological order)

S. no. Optimization technique Year Study

1 Ant colony optimization algorithm 1992 [43]

2 Particle swarm optimization algorithm 1995 [66]
3 Bee system optimization algorithm 2001 [142]
4 Fish swarm school 2002 [137]
5 BeeHive optimization algorithm 2004 [227]
6 Artificial immune system 2005 [41]
7 Bees swarm optimization 2005 [65]
8 Cat swarm optimization algorithm 2006 [35]
9 Shuffled frog-leaping algorithm 2006 [71]
Fig. 4  Development trend of evolution based NITs 10 Virtual ant algorithm 2006 [243]
11 Good lattice swarm optimization 2007 [210]
12 Artificial Bee Colony algorithm 2007 [112]
It can be observed that major developments have taken 13 Fast bacterial swarming algorithm 2008 [36]
place based on swarm and physical phenomenon optimiza- 14 Bumblebees algorithm 2009 [44]
tion techniques. Figure 9 presents the percentage of NITs 15 Glow worm swarm optimization 2009 [130]
developed using different concepts. It can be seen that per- 16 Cuckoo search algorithm 2009 [240]
centage bifurcation of NITs for evolution based, swarm 17 Hunting search algorithm 2009 [166]
based, physical phenomenon based and other criteria 18 Intelligent water drops algorithm 2009 [193]
based NITs is 22%, 32%, 24% and 22% respectively. Fig- 19 Hierarchical swarm model 2010 [31]
ure 10 presents the development of NITs in the last three 20 Consultant-guided search 2010 [101]
decades. It can be observed that major developments have 21 Bacterial foraging optimization 2010 [172]
taken place in the period of 2012–2019. In these 7 years 22 Bat agorithm 2010 [236]
of period, there is a large number of studies for develop- 23 Firefly algorithm 2010 [235]
ing new NITs. 24 Hunting search 2010 [167]
Implementation of optimization techniques, though 25 Eagle strategy 2010 [241]
mostly straightforward, can be a tedious task [17]. Several 26 Bees algorithm 2011 [177]
software frameworks are freely available on the Internet for 27 Cuckoo optimization algorithm 2011 [181]
solving optimization problems. Important frameworks for 28 Dolphin echolocation 2012 [120]
implementing optimization techniques are listed below. 29 Fruit fly optimization algorithm 2012 [169]
30 Krill herding optimization algorithm 2012 [81]
1.PISA: A platform and programming language inde- 31 Weightless swarm algorithm 2012 [217]
pendent interface for search algorithms 32 Grey wolf optimizer 2014 [157]
 (http://www.tik.ee.ethz.ch/pisa/) 33 Wolf search 2012 [215]
2. Open BEAGLE: A C++ evolutionary computation 34 Dynamic virtual bats algorithm 2014 [218]
framework 35 Ant lion optimizer 2015 [149]
 (https​://code.googl​e.com/p/beagl​e/) 36 Moth-flame optimization algorithm 2015 [150]
3. ParadisEO: A C++ software framework for 37 Shark smell optimization 2016 [5]
metaheuristics 38 Crow search algorithm 2016 [10]
 (http://parad​iseo.gforg​e.inria​.fr/) 39 Sheep shepherding algorithm 2016 [125]
4. Evolving Objects: An evolutionary computation frame- 40 Dragonfly optimization algorithm 2016 [151]
work 42 Multi-verse optimizer 2016 [156]
 (http://eodev​.sourc​eforg​e.net/) 43 Sine cosine algorithm 2016 [152]
5. METSlib: A metaheuristic modeling framework and 44 Whale optimization algorithm 2016 [155]
optimization toolkit in C++ 45 Killer whale optimization 2017 [22]
 (https​://proje​cts.coin-or.org/metsl​ib) 46 Salp swarm algorithm 2017 [154]
6. GAlib: A C++ library of genetic algorithm compo- 47 Earthworm optimisation algorithm 2018 [225]
nents 48 Moth search algorithm 2018 [224]
 (http://lance​t.mit.edu/ga/) 49 Grasshopper optimization algorithm 2018 [158]
7. ECF: A C++ evolutionary computation framework 50 Cheetah based optimization algorithm 2018 [127]
 (http://gp.zemri​s.fer.hr/ecf/) 51 Emperor penguin optimizer 2018 [61]

13
2904 K. Thakur, G. Kumar

Table 2  (continued) 6 Applications of Nature Inspired

S. no. Optimization technique Year Study Techniques
52 Artificial coronary circulation system 2019 [121]
Nature-inspired algorithms have become popular and
based optimization algorithm
powerful techniques to solve optimization problems, com-
53 Squirrel search algorithm 2019 [104]
putational intelligence problems, data mining problems,
54 The sailfish optimizer 2019 [192]
machine learning problems, transport and vehicle rout-
ing problems. Large number of examples and use cases of
NITs exists in different fields for successfully solving their
problems in comparison to the conventional and determin-
istic solutions [24, 27, 46, 80, 105, 128, 132, 144, 199,
201, 205, 219, 239, 242, 244] There exist a wide variety of
applications of NITs and accordingly literature is expand-
ing very quickly. The most significant the most recent
application areas of NITs are listed below.

1. Intrusion detection
2. Inverse Problems and Parameter Identification
3. Design Optimization in Engineering
4. Image Processing
5. Traveling Salesman Problem
6. Classification
7. Vehicle Routing
8. Clustering
Fig. 5  Development trend of swarm based NITs
9. Feature Selection
10. Deep Belief Networks
11. Scheduling
12. Swarm Robots
13. Software Testing, and many more.
8. ECJ: A Java-based evolutionary computation research
system Several review papers have been published in the recent
 (https​://cs.gmu.edu/ eclab​/proje​cts/ecj/) past summarizing NITs, their working and applications in
9. HeuristicLab: A framework for heuristic and evolution- different domains [3, 59, 216, 242, 249]. A few surveys
ary algorithms focused application of NITs for detecting intrusions, but
 (http://dev.heuri​sticl​ab.com/) to a limited extent. For example, Wu et al. [230] focused
10. jMetal: Metaheuristic algorithms in Java upon a limited subset of computational techniques. Simi-
 (http://jmeta​l.sourc​eforg​e.net/) larly, Kumar et al. [133] also analyzed some of the AI-
11. JAMES: A Java metaheuristics search framework based technique for intrusion detection. The current study
 (http://www.james​frame​work.org/) presents an exhaustive study mainly targeted only to NITs
12. MOEA Framework: A free and open source Java based IDSs to date. The representative nature inspired
framework for multiobjective optimization research works for effective IDSs have been compared and
 (http://www.moeaf​ramew​ork.org/) highlighted the importance, applicability, advantages, and
13. Watchmaker Framework: An object-oriented frame- challenges of nature inspired techniques to IDSs.
work for evolutionary/genetic algorithms in Java
 (http://watch​maker​.uncom​mons.org/)
14. Pyevolve: A complete genetic algorithm framework in
Python 7 Nature‑Inspired Techniques Based
 (http://pyevo​lve.sourc​eforg​e.net/) Intrusion Detection
15. Jenetics: An evolutionary algorithm library written in
Java Recently, several complex problems have been solved
 (http://jenet​ics.io/) using the techniques inspired by natural phenomenon.
16. DEAP: Distributed evolutionary algorithms in Python By taking their advantages into consideration, NITs have
 (https​://githu​b.com/DEAP/deap)

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2905

Table 3  Classification of S. no. Optimization technique Year Study

physical phenomenon based
NITs (in chronological order) 1 Self-driven particles 1995 [222]
2 Bayesian optimization algorithm 2005 [175]
3 River formation dynamics 2007 [180]
4 Central force optimization 2008 [78]
5 Gravitational search algorithm 2009 [183]
6 Chemical reaction optimization 2010 [135]
7 Charged system search algorithm 2010 [123]
8 Galaxy-based search algorithm 2011 [194]
9 Spiral optimization 2011 [214]
10 Artificial chemical reaction optimization algorithm 2012 [6]
11 Ray optimization 2012 [120]
12 Big bang-big crunch 2012 [248]
13 Electro-magnetism optimization 2012 [48]
14 Water cycle algorithm 2012 [70]
15 Black Hole algorithm 2013 [91]
16 Atmosphere clouds model 2013 [233]
17 Gases Brownian motion optimization 2013 [2]
18 Simulated raindrop algorithm 2014 [100]
19 Colliding bodies optimization 2014 [122]
20 Kinetic gas molecules optimization algorithm 2014 [159]
21 Water wave optimization 2015 [252]
22 Vortex search algorithm 2015 [64]
23 Ions motion algorithm 2015 [106]
24 Optics inspired optimization 2015 [114]
25 Weighted attraction method 2015 [79]
26 Vision correction algorithm 2016 [125]
27 Sonar inspired optimization 2017 [221]
28 Rain-fall optimization algorithm 2017 [109]
29 Rain water algorithm 2017 [20]
30 Thermal exchange optimization 2017 [118]
31 Fractal-based algorithm 2017 [110]
32 Hydrological cycle algorithm 2017 [228]
33 Chemotherapy science algorithm 2017 [189]
34 Effect of sunlight on the leaf germination based meta-heuristic 2018 [98]
algorithm
35 Pity beetle algorithm 2018 [111]
36 Find-fix-finish-exploit-analyze meta-heuristic algorithm 2019 [115]
37 Pastoralist optimization algorithm 2019 [4]
38 Henry gas solubility optimization 2019 [90]
39 Expectation algorithm 2019 [195]
40 Harris hawks optimization 2019 [153]
41 Flow regime algorithm 2019 [213]
42 Artificial electric field algorithm for global optimization 2019 [232]

been employed successfully to a wide range of research Several researchers mainly focused on swarm intelli-
problems, including engineering, computer science, eco- gence based techniques for building effective IDSs. The
nomics, medicine, social sciences, and intrusion detection.

13
2906 K. Thakur, G. Kumar

Table 4  Classification of other criteria based NITs (in chronological

order)
S. No. Optimization technique Year Study

1 Grammatical evolution 1998 [186]

2 Harmony search optimization algorithm 2001 [83]
3 Imperialist competitive algorithm 2007 [11]
4 Seeker optimization algorithm 2009 [49]
5 League championship algorithm 2009 [113]
6 Social emotional optimization 2010 [42]
7 Differential search algorithm 2012 [38]
8 Flower pollination algorithm 2012 [237]
9 Teaching-learning-based optimization 2012 [182]
Fig. 6  Development trend of physical phenomenon based NITs
10 Anarchic society optimization 2012 [197]
11 Backtracking optimization search 2013 [40]
12 Coral reef optimization algorithm 2013 [188]
significant researchers in the field of IDSs using NITs are
13 Mine blast algorithm 2013 [187]
summarized in following subsections.
14 Artificial cooperative search 2013 [39]
15 Elitist self-adaptive step-size search algorithm 2014 [13]
7.1 Evolutionary Based Techniques
16 Guided stochastic search 2014 [14]
17 Symbiotic organisms search 2014 [33]
Evolutionary techniques have been treated as artificial intel-
18 Soccer league competition algorithm 2014 [161]
ligence techniques inspired from a natural evolution process
19 State of mater search 2014 [47]
of species like animals, human beings etc. inspired by the
20 Search group algorithm 2015 [85]
unique abilities of the natural evolution process, and sev-
21 Adaptive dimensional search 2015 [89]
eral researchers solved complex problems. The significant
22 World cup optimization algorithm 2016 [184]
researches in the field of intrusion detection are described
23 Passing vehicle search 2016 [190]
below.
24 Football game inspired algorithm 2016 [72]
Genetic algorithm, a most popular search technique, was
25 Yin-Yang-pair optimization 2016 [179]
used to find approximate solutions to optimization and search
26 Cancer treatment algorithm 2016 [125]
problems [80, 133]. These techniques have been extensively
27 Cohort intelligence 2017 [131]
employed in the domain of ID to differentiate normal net-
28 Owl search algorithm 2018 [103]
work traffic from anomalous one. The major advantages
29 Cricket chirping algorithm 2018 [58]
of the genetic algorithm are flexibility and robustness as
30 Farmland fertility based meta heuristic algo- 2018 [196]
a global search method. In addition, a genetic algorithm rithm
search converges to a solution from multiple directions and 31 Car tracking optimization algorithm 2018 [32]
is based on probabilistic rules instead of deterministic ones. 32 Chaotic whale optimization algorithm 2018 [117]
The disadvantage of the genetic algorithm is high resource 33 Sea lion optimization algorithm 2019 [146]
consumption. Crosbie et al. [46] have utilized a genetic 34 Artificial feeding birds algorithm 2019 [136]
algorithm for sparse trees to detect anomalies. They have 35 Bus transportation algorithm 2019 [23]
tried to minimize the occurrence of false positives by utiliz- 36 Kidney-inspired algorithm 2019 [165]
ing human input in a feedback loop. Balajinath et al. [15] 37 Deer hunting optimization algorithm 2019 [25]
have utilized a Genetic algorithm for ID to learn individual
user behaviour and detect abnormal user activities. The user
behaviour is described by a 3-tuple <Match index, Entropy
index, Newness index>. Further, these values of a sample decision tree to represent the data. They used the “Detection
command in a user session are compared with the baseline to rate minus the false positive rate” as their preference crite-
find out anomalies. Dasgupta et al. [51] have used a genetic rion to distinguish among the data. Fulp et al. [80] suggested
algorithm for examining host-based IDSs. They have used a method to create a moving target defence by manipulat-
the genetic algorithm for the meta-learning step, on labelled ing the configuration of computer system directly to search
vectors of statistical classifiers. Each of the statistical clas- diverse and secure configurations to be placed in service at
sifiers was a 2-bit binary encoding of the abnormality of a varying time intervals. The authors are motivated here for
particular feature, ranging from normal to dangerous. Chit- the concept that alternative configurations identified by GA
tur et al. [34] have applied a genetic algorithm and used a can disrupt the information of attacker’s about the system.

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2907

Fig. 7  Development trend of other criteria based NITs

Fig. 10  Comparative analysis of trend of NITs

security of configuration setting individually is considered

as the fitness of chromosome. A sequence of various opera-
tors like selection, crossover, and mutation processes are
performed to find new possibilities of secure configuration
settings of the computer system.
Kumar and Kumar [132] developed an evolutionary
approach for IDS based on multi-objective GA, where the
Archive-based Micro Genetic Algorithm 2 (AMGA2) was
used to find optimal trade-offs for multiple criteria, and, in
order to integrate the decisions of base classifiers, majority
voting was used. The approach applied a generalized classi-
Fig. 8  Comparative analysis of trend of NITs using different concepts fication applicable to any field, but there was a high compu-
tational cost in obtaining fitness functions. On similar lines,
Malik et al. [144] presented a classifier based on binary par-
ticle swarm optimization (BPSO) and random forests for
classification and detection of probe attacks in networks. The
performance was validated using the KDD 99 data set. The
method performed well for the probe attacks, but with the
shortcoming that samples in training and testing were from
the same distribution.
Bukhtoyarov et al. [27] developed a probabilistic
approach to designing base neural network classifiers,
called probability based generator of neural network struc-
tures (PGNS). The aggregation of neural network classifiers
was performed with genetic programming-based ensembles
(GPEN). GPEN utilized genetic programming operators, to
find an optimal function for combining the base classifiers
into an ensemble. The research was conducted on the KDD
99 data set, where the goal was to distinguish between a
probe and non-probe attacks, based on nine of the 41 attrib-
Fig. 9  Percentage of NITs using different concepts utes. They compared the results with those published in
other research [144]. The results that were obtained using
their approach showed better detection accuracy of probe
So, it enables the attacker to acts on false or regularly chang- attacks than almost all the competing approaches included
ing information, thus requiring to expend more resources. in [144]. The only approach that had a better detection accu-
The authors proposed to encode the configuration setting racy and fewer false positives was the PSO-RF approach.
of the computer system as chromosomes of GA, and the This method is particularly good in detecting probe attacks,

13
2908 K. Thakur, G. Kumar

but it was not tested on unseen attacks. Another disadvan- [8] employed Lion optimization algorithm for effective and
tage is that its accuracy is not as high as other techniques. accurate DDoS detection in SDNs. The proposed detection
Shirazi et al. [199] designed an intelligent multi-genetic technique was robust enough to detect DDoS attack within
algorithm based classifier for detecting the anomalies. The the least magnitude of attack traffic. The authors combined
authors incorporated information theory measures like Social Lion Behavior with CNN. Lion optimization algo-
entropy and mutual information for selecting the most sig- rithm was used for selecting the prominent features and
nificant features for different attacks. The features of KDD CNN as a classifier of DDoS attack, leading to accurate and
Cup 99 data was ranked, and out of them, only the top five qucik results in comparison to state of the art techniques.
features were utilized with GA and a linear classifier. The
proposed system reported an accuracy of 92.94% for KDD 7.2 Physical Phenomenon Based Techniques
dataset.
Similarly, Tsang et al. [219] developed a multi-objective Literature review of the application of physical phenom-
genetic system combined with fuzzy logic for detecting the enon based NITs for intrusion detection field is not so rich
intrusions. The proposed system draws the fuzzy rule-based because most of these NITs are recent developments and are
information from network traffic by using an agent-based emerging class of NITs which has just attracted researchers
evolutionary computation framework consisting of a fuzzy of the field. Bostani et al. [24] presented a hybrid feature
set agent (FSA) and an arbitrator agent. FSA formats fuzzy selection method called BGSA using Binary Gravitational
set information initially by using the fuzzy sets distribu- Search Algorithm (BGSA) and Mutual Information (MI)
tion strategy. Each FSA creates an offspring by crossover for improving the efficiency of standard BGSA as a feature
and mutation operations to search the global optimal fuzzy selection algorithm. The BGSA is used as a wrapper-based
rule. An arbitrator agent has been employed for evaluation feature selection method for performing a global search by
by collecting the fitness values shared from each FSA. It integrating MI as a filter-based method for calculating the
returns the highest fitness values. The reported results indi- feature-feature and the feature-class shared information with
cate 92.77% accuracy for intrusion detection. the aim of pruning the subset of features. This strategy found
Shrivastava et al. [201] used rough set SVM for designing the features considering the least redundancy to the selected
an anomaly-based intrusion detection system. The authors features and also the most relevance to the target class. The
employed GA and rough set theory for selecting KDD fea- authors considered two-objective functions of maximizing
tures in order to reduce CPU usage and memory utilization. the detection rate and minimizing the false positive rate as a
SVM has been used for classification purpose. fitness function to control the search direction of the stand-
Mbikayi [147] used an evolutionary approach for gen- ard BGSA. The reported results using NSL-KDD dataset as
erating rules for matching anomalous network connections benchmark proved that the BGSA could reduce the feature
in DARPA based intrusion detection dataset. The author space dramatically and led to higher accuracy as well as
mainly focused on genetic algorithms. He proposed to uti- the detection rate in comparison to representative standard
lize an evolutionary approach for rule generation using the feature selection techniques in the field.
IP address of the source and destination machines, and their Dash [52] presented two new hybrid intrusion detection
ports, total duration of network connections, state of connec- methods using gravitational search (GS), and a combina-
tions, the protocol being used, and a total number of bytes tion of GS and particle swarm optimization (GSPSO). The
transferred from source to destination machines. The evolu- proposed techniques have been employed to train an arti-
tionary approach finds the optimal value from a predefined ficial neural network (ANN) and the resulted tow models:
set of values for each feature of the dataset. GS-ANN and GSPSO-ANN for effective intrusion detec-
Deng et al. [56] developed a distributed intrusion detec- tion. The reported results have been compared with other
tion based on hybrid gene expression programming and conventional methods such as decision tree, ANN based on
cloud (DID-HGEPCloud) computing. In the DID-HGEP- gradient descent (GD-ANN), ANN based on genetic algo-
Cloud, attribution reduction with noise data based on rough rithm (GA-ANN)and ANNbased on PSO (PSO-ANN) using
set and a global intrusion model based on non-linear least NSL-KDD dataset as benchmark dataset. It has been proved
squares were applied to improve the efficiency and accuracy that the results obtained by GS-ANN and GSPSOANN are
of intrusion detection. At the same time, the MapReduce statistically significant based on the popular Wilcoxon’s rank
programming framework of cloud computing was adopted, sum test in comparison to other representative techniques.
and parallelisation of the model of the proposed algorithm
was performed to enhance its ability to manage massive and 7.3 Swarm Based Techniques
high-dimensional data.
The lion optimization algorithm is a recent development Swarm intelligence has been treated as an artificial intelli-
in NITs by Yazdani and his team [246]. Arivudainambi et al. gence technique inspired by a swarm of species like a school

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2909

of fish swims, a flock of birds. Inspired by the unique abili- applied mutation operators and improved the binary PSO
ties of swarm behaviour, several researchers solved complex algorithm in addition to parameter settings of support vec-
problems like intrusion detection [128]. Soroush et al. [205] tor machine and feature selection. They implemented the
suggested a boosting ant colony-based data miner detect- proposed method in a parallel environment using the Parallel
ing the intrusions using a hybrid model of ant colony sys- Virtual Machine (PVM). The proposed has been evaluated
tem [63] and ant-miner algorithm [171]. They focused on for its performance on the basis of benchmark datasets.
extracting a classification rule set from network dataset. The Chung et al. [37] suggested a new hybrid network intru-
extracted ruleset further utilized to differentiate the intrusive sion detection system. The proposed IDS uses two different
and non-intrusive behaviours of network traffic. concepts for selecting features and classification of intru-
Particle swarm optimization (PSO), developed by Ken- sions. They proposed to employ the intelligent dynamic
nedy et al. [124] is one of the most commonly used NIT swarm based rough set (IDS-RS) for feature selection. The
that optimizes a problem by iteratively trying to improve a classification of intrusions is done by using simplified swarm
candidate solution with regard to a given measure of qual- optimization with weighted local search (SSO-WLS) strat-
ity. It solves a problem by having a population of candidate egy. The reported results indicate the improvement of per-
solutions, here dubbed particles, and moving these particles formance using SSO-WLS than that of the performance of
around in the search-space according to simple mathematical anomaly detection techniques based on decision rules gen-
formulae over the particle’s position and velocity. Several eration. The proposed method successfully demonstrated
researchers formulated the intrusion detection problem in its robustness using KDDCup 99. In the proposed method,
terms of particles of PSO as candidate solutions in differ- the position update strategy for each particle is performed
ent ways. Some researchers used PSO as a way to optimize using the weighted predetermined constant values. Once the
weights of NN and some preferred it for selecting promising gbest has been obtained during the local search of the pbest,
features for intrusion detection. For example, Srinoy et al. the WLS process will be stopped. Therefore, the proposed
[207] utilized PSO to implement a feature selection and method is able to support SSO throughout the searching
SVM with the one-versus-rest technique serving as a fitness mechanism. Further, to enhance the performance of SSO-
function of PSO for classification. The aim of the proposed WLS, the advantages of the IDS-RS approach has been
method for differentiation between normal and intrusive applied to eliminate the irrelevant features during the pre-
nature of data classes and to identify emerging attacks. The processing phase of network intrusion datasets and extracted
proposed methods complete its functionality into two dif- six most significant features from the dataset. It has been
ferent stages. The first stage involves the preprocessing of proved empirically that the proposed method enables an
training data for identification of relevant features, performs overall performance of the A-NIDS with 93.3% accuracy.
conversion of textual/discrete data to normalized numerical The results also indicate its better performance than most
values, and take care of null values. The second stage con- commonly used benchmark classifiers, namely SVM and
sists of PSO and SVM clusters for detecting groups of data. Nave Bayes.
The reported results indicate better accuracy in comparison Ant Colony Optimization (ACO) algorithm also proved
to other methods. The authors of [99, 139] also proposed a its effective performance in detecting intrusions and select-
hybrid approach for PSO and SVM. These authors proposed ing promising features for effective intrusion detection.
to set the kernel parameters of SVM in training procedure, Sreelaja et al. [206] implemented a swarm intelligence
along with the feature selection to increase the classification based ACO for detecting intrusions for sinkhole attacks in
accuracy using PSO. They suggested that approaches are wireless sensor networks (WSNs). The proposed work is
optimization mechanisms, which simultaneously combined divided into two parts. The first part describes the genera-
the binary PSO for the feature selection part with the con- tion of alerts by the sensor nodes in the WSN on detecting
tinuous-valued PSO for the SVM kernel parameter setting. sinkhole attacks by a rule matching method using an Ant
Wang et al. [226] proposed a hybrid approach of PSO Colony Optimization technique. An Ant Colony Optimi-
and SVM for effective intrusion detection. They employed zation based Attack Detection (ACO-AD) algorithm has
Binary PSO for identifying an optimal feature subset that been proposed to generate alerts by the sensor nodes of the
was further used for specification of free parameters for wireless sensor networks based on the node ids and the link
SVM [86]. They employed PSO for selecting the relevant quality defined in the ruleset. The second part provides a
features of dataset and SVM for classification of a data- description of the identification of the intruder using a
set. The reported results indicate improved performance voting analysis method. Each alerting node transmits the
in comparison to other techniques in the field of intrusion suspect list of node IDS to the neighboring alerted nodes
detection. Chen et al. [30] proposed an improved hybrid to agree on the intruder. The suspect list sent by the alerted
method of PSO and SVM than that proposed was in [99, node is signed using a key. An Ant Colony Optimization
139]. The author introduced a weighted fitness function, techniques of obtaining minimized Boolean expression are

13
2910 K. Thakur, G. Kumar

used to generate the minimum number of keys for sign- intrusions from the ISCX Intrusion Detection Dataset. The
ing the suspect list. An Ant Colony Optimization Boolean results have shown improvement over the existing methods.
Expression Evolver Sign Generation (ABXES) algorithm Tabatabaefar et al. [212] developed a distributed IDS
has been proposed to distribute the keys to the alerted using AIS. They proposed to generate two kinds of anti-
nodes to sign the suspect list. The alerted nodes on receiv- bodies using negative and positive selection methods for
ing the suspect list count the occurrence of each node id intrusive and non-intrusive network data. The antibodies
in the suspect list. The node id having the highest count are formulated as hyper-sphere shapes having a centre and
is identified as the intruder. The advantage of the pro- radius. The centre was represented as a vector of the val-
posed method using Ant Colony Optimization for intrusion ues for the selected features. The distance was measured in
detection is that the sensor nodes generate alerts based on terms of Euclidean distance. The authors employed PSO for
the node ids in the ruleset without generating false posi- updating the radius of the antigens. Experimental results of
tives. Also, each alerted sensor node stores log n keys for the proposed approach were reported as 99.1% for TPR and
verifying the authenticity of the suspect list using an ACO 1.9% for FPR.
approach. Thus the storage in each alerted sensor node Ferriyan et al. [75] employed Genetic Algorithm with
is minimized when compared to the one-way hash chain one-point crossover for determining an optimal set of fea-
function approach used in Light Weight Intrusion Detec- tures before using any machine learning techniques to detect
tion Architecture (LIDeA) approach to detect the intruder intrusive activities from KDD dataset. They used many
node. The number of searches using an ACOAD algorithm supervised machine learning techniques like Random For-
for matching the nodeid in the sender field of the packet est, K-Nearest Neighbour, Decision Trees, Bayesian Net-
with the node ids in the ruleset is less when compared to works and Naive Bayes. The experimental results proved
the existing rule matching approaches. that the Random Forest method produces the highest accu-
Danane et al. [50] used a combined approach of Fuzzy racy among the other methods.
logic and NIT like Genetic algorithm for detecting intrusions Cuckoo Search (CS) is simple NIT but proves its effec-
using KDD as benchmark dataset. They used standard fea- tive performance over intrusion detection field by tuning
tures of KDD dataset and attempted to improve the detection the parameters of some non-linear transformations func-
rate using fuzzy logic for ambiguous inputs. The reported tions with the help of diverse objective functions. Shitharth
results validated their approach in comparison to individual et al. [200] proposed an Intrusion Weighted Particle-based
techniques of genetic algorithm and fuzzy logic. Cuckoo Search Optimization (IWP-CSO) using Hierarchi-
Bamakan et al. [16] proposed an effective intrusion detec- cal Neuron Architecture based Neural Network (HNA-NN)
tion framework on the basis of a new adaptive, robust, pre- technique. The main focus of their research wad to detect
cise optimization method, namely, time-varying chaos par- and classify the intrusions in a SCADA network based on the
ticle swarm optimization (TVCPSO). The proposed method optimization. Firstly, it involves the input of network dataset,
enables the simultaneous setting of parameters and select where the attributes are arranged and the clusters. Then,
features for multiple criteria linear programming (MCLP) the features are optimized to select the best attributes by
and support vector machine (SVM). The authors proposed using the proposed IWP-CSO algorithm. Finally, the intru-
a weighted objective function for considering the tradeoff sions in a network are classified by employing the proposed
between the maximizing the detection rate and minimiz- HNA-AA algorithm. The experimental results indicate the
ing the false alarm rate, in addition to consideration of the performance of the proposed system in terms of sensitiv-
number of features. They also proposed the chaotic concept ity, specificity, precision, recall, accuracy, Jaccard, Dice and
to be adopted in PSO and time-varying inertia weight and false detection rate.
time-varying acceleration coefficient for making the particle Kaur et al. [116] proposed a new approach to anomaly
swarm optimization algorithm faster in searching the opti- detection that is a hybrid Simple K-Means and Firefly Algo-
mum and avoiding the search being trapped in local optima. rithm for detecting intrusions. The authors used the K-means
The NSL-KDD dataset has been used as a benchmark data algorithm to perform clustering but it has some issues. The
set for validating the performance of the proposed method. issues of k-means clustering were eliminated using the Fire-
The reported results indicate better performance of the pro- fly Algorithm. Their proposed approach used clustering to
posed method in terms of detection rate and false alarm rate build the training model and used classification to evaluate
in comparison to that of using all features of NSL-KDD on the test set. The proposed approach was evaluated on
dataset. the NSLKDD dataset resulting in comparatively accurate
The artificial immune system is a new kind of NIT have results.
showed its effective performance for IDSs. Brown et al. [26] Ali et al. [7] proposed to use a combination of Fast
designed a multiple detector system. The proposed system Learning Networks (FLN) and PSO. FLN is a particular
comprises of various kinds of AIS methods for detecting kind of ANN for detecting malicious activities in KDD99

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2911

dataset. FLN suffers from the limitation of not using opti- of attacks, failure prediction, and failure detection in a power
mal weights, leading to low detection accuracy. The authors system. They utilized the Mississippi State University and
proposed to use PSO for optimizing the weights of FLN and Oak Ridge National Laboratory databases of power-system
hence resulted in improving detection accuracy. The result- attacks to demonstrate the proposed model and show the
ant solution is compared with existing evolutionary methods experimental results. The WOA is able to train the ANN
and proved its superiority over the other methods. to find the optimal weights in comparison to conventional
The authors of the study [97] suggested generating an training methods.
Artificial Immune System (AIS) methods using KDD data-
set. Specifically, the authors employed the Clonal Selection 7.4 Other Criteria Based Techniques
Algorithm (CSA) and Negative Selection Algorithm (NSA)
on features of KDD dataset. The results of their experiments NITs belonging to ‘other criteria’ are also mostly newly
proved that the proposed system was better than other exist- developed and also emerging of NITs, particularly in the
ing methods for detecting intrusions using KDD dataset. field of intrusion detection. The recent development growth
Seth and Chandra [191] suggested an efficient meta-heu- rate of this category of NITs is greater than the other ones.
ristic based intrusion detection system (MIDS) in the cloud. Victoire et al. [223] refined differential evolution (RDE)
Their proposed scheme incorporates a modified grey wolf search algorithm to generate fuzzy rules capable of detecting
optimization (MGWO) method for relevant feature selection intrusive behaviors. In the presented algorithm, the global
from input dataset whereas the k-Nearest Neighbor (k-NN) population is divided into sub-populations, each assigned
was utilized for binary classification of the input dataset. to a distinct processor. Each subpopulation consists of the
They proposed a modification to the grey wolf optimization same class fuzzy rules. These rules evolve independently
algorithm for feature selection from cloud specific intrusion in the proposed parallel manner. The modified method is
dataset and used kNN for classification of intrusions. validated for superiority using KDD 1999 intrusion detec-
Xu et al. [231] analyzed that Elephant Herd Optimization tion dataset. Singh et al. [203] applied Flower Pollination
(EHO) algorithm has a good classification ability in reduc- Algorithm (FPA) to select the optimal features for accurate
ing feature redundancy. But, the EHO algorithm converges and quick intrusion detection. Further, three predefined fea-
too quickly in the searching process, and it is then easy to ture selection algorithms have been used to selects the most
fall into the local optimum, which constrains the classifica- critical attributes for anomaly detection. The performance
tion performance of the algorithm. In order to address this of FPA and three predefined algorithms have been compared
issue, the authors improved Elephant Herd Optimization on fifteen features of kyoto 2006+ of Intrusion Detection
based on Levy Flight strategy (LFEHO) that overcomes the System (IDS).
defects of easy precocity and low convergence accuracy of The techniques presented in above-cited sections can be
the original EHO algorithm. The classification performance summarized and compared in terms of different aspects, as
is improved under the premise of ensuring the accuracy rate depicted in Table 5.
using KDD CUP 99 intrusion detection dataset.
Hajisalem and Babaie [88] hybridized a classification
method using Artificial Bee Colony (ABC) and Artificial 8 Conclusion and Future Research
Fish Swarm (AFS) algorithms. They used Fuzzy C-Means Directions
Clustering (FCM) and Correlation-based Feature Selection
(CFS) techniques to divide the training dataset and remove Though briefly, the paper has reviewed various NITs, and
the irrelevant features, respectively. Then, they generated their classification based on the source of inspiration. A
If-Then rules using the CART technique as per the selected comprehensive review of various nature-inspired based
features in order to distinguish the normal and anomaly techniques employed in intrusion detection (ID) is presented
records. Likewise, the proposed hybrid method was trained here. Table 6 highlights the advantages and disadvantages
via the generated rules. The simulation results on NSL-KDD of different types of NITs employed for detecting intrusions.
and UNSW-NB15 datasets demonstrated that the proposed It has been observed that these techniques contribute
method outperforms in terms of performance metrics and to different aspects of selecting the features and creating a
can achieve 99% detection rate and 0.01% false positive rate. model for classification of intrusive and no intrusive data.
Haghnegahdar and Wang [87] proposed an intrusion Various NITs applied to intrusion detection has been ana-
detection model based on a whale optimization algorithm lyzed and further compared considering various parameters
(WOA) for training an artificial neural network (ANN). The for a better understanding of the readers in the field.
WOA is applied to initialize and adjust the weight vector As per the discussion above, there is a trend of combin-
of the ANN to achieve the minimum mean square error. ing NITs with machine learning (ML) techniques to design
The proposed WOA-ANN model addressed the challenges IDSs. Researchers combined NITs with ML techniques like

13
2912 K. Thakur, G. Kumar

Table 5  Nature inspired techniques for intrusion detection

Study Inspiration of NIT NIT Detection methodology Attack Performance

[46] Evolutionary GA Anomaly Known + unknown Moderate

[15] Evolutionary GA Signature Known + unknown Moderate
[51] Evolutionary GA Signature Known + unknown Moderate
[80] Evolutionary GA Anomaly Known + unknown Moderate
[132] Evolutionary Multi-objective GA Anomaly Known + unknown High
[144] Evolutionary PSO Anomaly Known + unknown High
[27] Evolutionary GA Anomaly Known + unknown High
[199] Evolutionary Multi-objective GA Anomaly Known + unknown High
[219] Evolutionary Multi-objective GA Anomaly Known + unknown High
[201] Evolutionary GA Anomaly Known + unknown High
[8] Evolutionary Lion Optimization Algorithm Feature selection, Anomaly Known + unknown High
[24] Physical phenomenon BGSA Anomaly Known + unknown High
[52] Physical phenomenon GS + PSO Anomaly Known + unknown High
[16] Swarm PSO Anomaly Known + unknown High
[139] Swarm PSO Anomaly Known + unknown High
[99] Swarm PSO Anomaly Known + unknown High
[30] Swarm Binary PSO Anomaly Known + unknown High
[200] Swarm CSO Signature Known + unknown Moderate
[37] Swarm PSO Anomaly Known + unknown High
[206] Swarm ACO Anomaly Known + unknown High
[205] Swarm ACO Signature Known + unknown Moderate
[226] Swarm PSO Anomaly Known + unknown High
[207] Swarm PSO Anomaly Known + unknown Moderate
[116] Swarm Firefly Anomaly Known + unknown Moderate
[191] Swarm grey wolf algorithm, kNN Anomaly Known + unknown Moderate
[231] Swarm Elephant Herd algorithm, Levy Flight strategy Anomaly Known + unknown Moderate
[88] Swarm Artificial Bee Colony, Artificial Fish Swarm Anomaly, misuse Known + unknown Moderate
[87] Swarm Whale optimization algorithm, ANN Anomaly Known + unknown High
[223] Other differential evolution Anomaly, feature selection Known + unknown Moderate
[203] Other Flower Pollination Algorithm Anomaly, feature selection Known + unknown Moderate

Table 6  Advantages and disadvantages of nature inspired techniques

NIT Advantages Disadvantages

Evolution based Flexible, robust, converge to a solution from mul- High resource consuming, trap in local minima
tiple directions, Works by internal rules, no need
to know problem rules
Physical phenomena based Ability to find near global optimum solution Slow Convergence, trap in local minima
Swarm based Robust, reliance on the single agent is small, very Non optimal due to no central control, inefficient
small impact on system performance due to resource allocation, uncontrollable, unpredictable, non
failure of a single agent, adaptable immediate

ANN, SVM, Naive Bayes, Decision Tree, RF, k-Means, and model for attack detection, optimizing feature set, and fea-
clustering for enhancing the performance of the ML model ture selection. NITs have been used to develop new hybrid
by optimizing the parameters of the model. NITs are also and/or ensemble models for effective and efficient IDSs in
capable of detecting known and unknown patterns to detect the real world. In spite of several successful implementation
the intrusions from network traffic easily, and thus, improv- and applications of NITs for intrusion detection, there are
ing the ability of an IDS. It can be summarized that NITs many challenges that must be tackled for future research in
have been widely used to optimize the parameters of the ML the intrusion detection field.

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2913

1. No doubt, combining NITs with ML models have several future research directions which should be investi-
increased the performance of the model for detecting gated. These techniques can be further extended to design
intrusions. But, the selection of an optimized set of autonomous networks for tackling the intrusions. The auton-
parameters for the respective ML model is a crucial and omous networks may be strengthened using NITs to take
challenging task. countermeasures upon detection of intrusions. Thus, these
2. There is a lack of standard realistic benchmark data- systems can further enhance independence, flexibility and
set for training a specific classifier as IDSs. There is survivability without human intervention.
an acute need to simulate realistic network traffic for The present paper includes a comprehensive survey of
appropriate training of IDSs for accurate detection of NITs and assessment to current IDSs. However, there remain
intrusions. many open issues and future challenges. For example, NITs
3. Selection of appropriate features without any redun- require high computational power for computing fitness
dancy or irrelevance that represent a true relation with functions iteratively, limiting its applications in wireless
intrusion is utmost crucial. So, appropriate network fea- networks due to limited power. The NITs must be regulated
tures must be taken into consideration for biulding an for the sensitivity of alerting malicious attacks to decrease
effective, accurate and quick IDS. the false alarm rate. Another major issue includes parallel-
4. Intruders are continually changing their ways to break ism. No doubt, high-performance computing makes real-
into the system. In order to keep the system secure, IDS time IDSs at low-cost commodity hardware possible, and
must be adaptable to the ever changing network environ- it is possible to opt the parallelism for NITs based IDSs.
ment and maintain the detection accuracy of the system. However, there are still many open challenges like the divi-
5. Availability of recent development in the speed of sen- sion of IDS jobs in parallel sub-jobs, the coordination and
sors, computational power and network speed has led to management of multiple parallel nodes.
flow of a huge amount of network traffic. IDS must of
fast enough to process such a large volume of data.
Compliance with Ethical Standards
Analysis of prominent researches in the field indicates that
NITs based IDSs offers high detection rate and low false Conflict of interest The authors declare that there is no conflict of in-
terest regarding the publication of this paper.
positive rate in comparison to the conventional IDSs. Nature
inspired techniques enables more flexibility in IDSs because
of their employability into hybrid IDSs leading to detec-
tion on the basis of anomalies as well as signatures, thus References
results in the detection of known as well as unknown attacks.
1. Abbass HA (2001) Mbo: marriage in honey bees optimization-a
These techniques generally require a classification algorithm haplometrosis polygynous swarming approach. In: Proceedings
to be trained in detecting the intrusions in an ever-changing of the 2001 congress on evolutionary computation (IEEE Cat.
environment. It can be concluded that these techniques can No. 01TH8546), vol 1, IEEE, pp 207–214
2. Abdechiri M, Meybodi MR, Bahrami H (2013) Gases Brownian
be combined to form hybrid IDSs that offers more ability motion optimization: an algorithm for optimization (gbmo). Appl
to gain high detection accuracy, low false positive rate, Soft Comput 13(5):2932–2946
adaptability of the changing environment without any prior 3. Abdel-Basset M, Abdel-Fatah L, Sangaiah AK (2018)
knowledge about the intrusions and its classes. However, Metaheuristic algorithms: a comprehensive review. In: Compu-
tational intelligence for multimedia big data on the cloud with
for making them work in real-time applications, they must engineering applications, Elsevier, pp 185–231
be provided high computational power. This review paper 4. Abdullahi IM, Mu’azu MB, Olaniyi OM, Agajo J (2018) Pas-
reveals that NITs established the rationals as follows: 1) they toralist optimization algorithm (poa): a novel nature-inspired
provide behaviour as well as knowledge-based IDSs 2) they metaheuristic optimization algorithm. In: International confer-
ence on global and emerging trends, pp 101–105
are capable of offering batch as well as real-time IDSs and 5. Abedinia O, Amjady N, Ghasemi A (2016) A new metaheuris-
3) they can be employed in stand alone as well as distributed tic algorithm based on shark smell optimization. Complexity
IDSs. 21(5):97–116
It has been found that techniques inspired by swarm intel- 6. Alatas B (2012) A novel chemistry based metaheuristic optimiza-
tion method for mining of classification rules. Expert Syst Appl
ligence and evolution process remained the focus of their 39(12):11080–11088
applications in the field of intrusion detection. However, the 7. Ali MH, Al Mohammed BAD, Ismail A, Zolkipli MF (2018) A
techniques inspired by physical phenomena as well as other new intrusion detection system based on fast learning network
criteria, remain pending to explore for their employment. and particle swarm optimization. IEEE Access 6:20255–20261
8. Arivudainambi D, Varun Kumar KA, Sibi Chakkaravarthy
It can be easily concluded from the above discussion that S (2019) Lion ids: a meta-heuristics approach to detect ddos
the NIT based intrusion detection field is quite young and attacks against software-defined networks. Neural Comput Appl
emerging with new concepts and applications. There are 31(5):1491–1501

13
2914 K. Thakur, G. Kumar

9. Asil Gharebaghi S, Ardalan Asl M (2017) New meta-heuristic In: International conference on intelligent data engineering and
optimization algorithm using neuronal communication. Iran Univ automated learning, Springer, pp 255–265
Sci Technol 7(3):413–431 28. Cannady J, Harrell J (1996) A comparative analysis of current
10. Askarzadeh A (2016) A novel metaheuristic method for solv- intrusion detection technologies. In: Proceedings of the fourth
ing constrained engineering optimization problems: crow search technology for information security conference, vol 96
algorithm. Comput Struct 169:1–12 29. Chandola V, Banerjee A, Kumar V (2009) Anomaly detection: a
11. Atashpaz-Gargari E, Lucas C (2007) Imperialist competitive survey. ACM Comput Surv (CSUR) 41(3):15
algorithm: an algorithm for optimization inspired by imperialistic 30. ling Chen H, Yang B, jing Wang S, Wang G, zhong Li H, bin
competition. In: 2007 IEEE congress on evolutionary computa- Liu W et al (2014) Towards an optimal support vector machine
tion, IEEE, pp 4661–4667 classifier using a parallel particle swarm optimization strategy.
12. Axelsson S (2000) Intrusion detection systems: a survey and tax- Appl Math Comput 239:180–197
onomy. Technical report 31. Chen H, Zhu Y, Hu K, He X (2010) Hierarchical swarm model:
13. Azad SK, Hasançebi O (2014) An elitist self-adaptive step-size a new approach to optimization. In: Discrete dynamics in nature
search for structural design optimization. Appl Soft Comput and society
19:226–235 32. Chen J, Cai H, Wang W (2018) A new metaheuristic algo-
14. Azad SK, Hasançebi O, Saka M (2014) Guided stochastic search rithm: car tracking optimization algorithm. Soft Comput
technique for discrete sizing optimization of steel trusses: A 22(12):3857–3878
design-driven heuristic approach. Comput Struct 134:62–74 33. Cheng MY, Prayogo D (2014) Symbiotic organisms search:
15. Balajinath B, Raghavan S (2001) Intrusion detection through a new metaheuristic optimization algorithm. Comput Struct
learning behavior model. Comput Commun 24(12):1202–1212 139:98–112
16. Bamakan SMH, Wang H, Yingjie T, Shi Y (2016) An effective 34. Chittur A (2001) Model generation for an intrusion detection
intrusion detection framework based on mclp/svm optimized by system using genetic algorithms. High School Honors Thesis,
time-varying chaos particle swarm optimization. Neurocomput- Ossining High School. In cooperation with Columbia Univ
ing 199:90–102 35. Chu SC, Tsai PW, Pan JS (2006) Cat swarm optimization. In:
17. Bandarua S, Debb K (2016) Metaheuristic techniques. In: Deci- Pacific Rim international conference on artificial intelligence,
sion sciences: theory and practice, Taylor & Francis Group, New Springer, pp 854–858
York, pp 693–750. 36. Chu Y, Mi H, Liao H, Ji Z, Wu Q (2008) A fast bacterial swarm-
18. Bastos Filho CJ, de Lima Neto FB, Lins AJ, Nascimento AI, ing algorithm for high-dimensional function optimization. In:
Lima MP (2008) A novel search algorithm based on fish school 2008 IEEE congress on evolutionary computation (IEEE world
behavior. In: 2008 IEEE international conference on systems, congress on computational intelligence), IEEE, pp 3135–3140
man and cybernetics, IEEE, pp 2646–2651 37. Chung YY, Wahid N (2012) A hybrid network intrusion detec-
19. Bidar M, Kanan HR, Mouhoub M, Sadaoui S (2018) Mushroom tion system using simplified swarm optimization (sso). Appl Soft
reproduction optimization (mro): a novel nature-inspired evo- Comput 12(9):3014–3022
lutionary algorithm. In: 2018 IEEE congress on evolutionary 38. Civicioglu P (2012) Transforming geocentric Cartesian coordi-
computation (CEC), IEEE, pp 1–10 nates to geodetic coordinates by using differential search algo-
20. Biyanto T, Syamsi M, Fibrianto H, Afdanny N, Gunawan K, rithm. Comput Geosci 46:229–247
Rahman A, Pratama J, Abdillah A (2017) Optimization of energy 39. Civicioglu P (2013) Artificial cooperative search algorithm for
efficiency and conservation in green building design using numerical optimization problems. Inf Sci 229:58–76
duelist, killer-whale and rain-water algorithms. In: International 40. Civicioglu P (2013) Backtracking search optimization algo-
conference of applied science and technology for infrastructure rithm for numerical optimization problems. Appl Math Comput
engineering 219(15):8121–8144
21. Biyanto TR, Fibrianto HY, Nugroho G, Hatta AM, Listijorini 41. Coello CAC, Cortes NC (2005) Solving multiobjective optimiza-
E, Budiati T, Huda H (2016) Duelist algorithm: an algorithm tion problems using an artificial immune system. Genet Program
inspired by how duelist improve their capabilities in a duel. In: Evolvable Mach 6(2):163–190
International conference on swarm intelligence, Springer, pp 42. Coello CAC, Zacatenco CSP (2012) List of references on con-
39–47 straint-handling techniques used with evolutionary algorithms.
22. Biyanto TR, Irawan S, Febrianto HY, Afdanny N, Rahman AH, Inf Sci 191:146–168
Gunawan KS, Pratama JA, Bethiana TN et al (2017) Killer whale 43. Colorni A, Dorigo M, Maniezzo V et al (1992) Distributed
algorithm: an algorithm inspired by the life of killer whale. Pro- optimization by ant colonies. In: Proceedings of the first Euro-
cedia Comput Sci 124:151–157 pean conference on artificial life, vol 142, Cambridge, MA, pp
23. Bodaghi M, Samieefar K (2019) Meta-heuristic bus transporta- 134–142
tion algorithm. Iran J Comput Sci 2(1):23–32 44. Comellas F, Martinez-Navarro J (2009) Bumblebees: a multia-
24. Bostani H, Sheikhan M (2017) Hybrid of binary gravitational gent combinatorial optimization algorithm inspired by social
search algorithm and mutual information for feature selection in insect behaviour. In: Proceedings of the first ACM/SIGEVO sum-
intrusion detection systems. Soft Comput 21(9):2307–2324 mit on genetic and evolutionary computation, ACM, pp 811–814
25. Brammya G, Praveena S, Ninu Preetha N, Ramya R, Rajakumar 45. Cortés P, García JM, Muñuzuri J, Onieva L (2008) Viral sys-
B, Binu D (2019) Deer hunting optimization algorithm: a new tems: a new bio-inspired optimization approach. Comput Oper
nature-inspired meta-heuristic paradigm. Comput J. https​://doi. Res 35(9):2840–2860
org/10.1093/comjn​l/bxy13​3/54982​33 46. Crosbie M, Dole B, Ellis T, Krsul I (1996) E. spa ord. idiot-users
26. Brown J, Anwar M, Dozier G (2016) Intrusion detection using guide. Technical report, TR-96-050, Purdue University, COAST
a multiple-detector set artificial immune system. In: 2016 IEEE Laboratory
17th international conference on information reuse and integra- 47. Cuevas E, Echavarría A, Ramírez-Ortegón MA (2014) An opti-
tion (IRI), IEEE, pp 283–286 mization algorithm inspired by the states of matter that improves
27. Bukhtoyarov V, Zhukov V (2014) Ensemble-distributed approach the balance between exploration and exploitation. Appl Intell
in classification problem solution for intrusion detection systems. 40(2):256–272

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2915

48. Cuevas E, Oliva D, Zaldivar D, Pérez-Cisneros M, Sossa H the kdd cup’99 data set and multi-objective evolution of neu-
(2012) Circle detection using electro-magnetism optimization. ral network classifier ensembles from imbalanced data. PhD
Inf Sci 182(1):40–55 thesis, Bournemouth University
49. Dai C, Chen W, Zhu Y, Zhang X (2009) Seeker optimization 70. Eskandar H, Sadollah A, Bahreininejad A, Hamdi M (2012)
algorithm for optimal reactive power dispatch. IEEE Trans Power Water cycle algorithm—a novel metaheuristic optimization
Syst 24(3):1218–1231 method for solving constrained engineering optimization prob-
50. Danane Y, Parvat T (2015) Intrusion detection system using lems. Comput Struct 110:151–166
fuzzy genetic algorithm. In: 2015 International conference on 71. Eusuff M, Lansey K, Pasha F (2006) Shuffled frog-leaping
pervasive computing (ICPC), IEEE, pp 1–5 algorithm: a memetic meta-heuristic for discrete optimization.
51. Dasgupta D, Gonzalez F (2001) An intelligent decision support Eng Optim 38(2):129–154
system for intrusion detection and response. In: Information 72. Fadakar E, Ebrahimi M (2016) A new metaheuristic football
assurance in computer networks, pp 1–14 game inspired algorithm. In: 2016 1st Conference on swarm
52. Dash T (2017) A study on intrusion detection using neural intelligence and evolutionary computation (CSIEC), IEEE, pp
networks trained with evolutionary algorithms. Soft Comput 6–11
21(10):2687–2700 73. Farasat A, Menhaj MB, Mansouri T, Moghadam MRS (2010)
53. Davis L (1991) Bit-climbing, representational bias, and test suite Aro: a new model-free optimization algorithm inspired from
design. In: ICGA, pp 18–23 asexual reproduction. Appl Soft Comput 10(4):1284–1292
54. Deb A (2011) Introduction to soft computing techniques: artifi- 74. Ferreira C (2001) Gene expression programming: a new adap-
cial neural networks, fuzzy logic and genetic algorithms. In: Soft tive algorithm for solving problems. arXiv preprint arXiv​
computing in textile engineering, Elsevier, pp 3–24 :cs/01020​27
55. Debar H, Wespi A (2001) Aggregation and correlation of intru- 75. Ferriyan A, Thamrin AH, Takeda K, Murai J (2017) Feature
sion-detection alerts. In: Proceedings of recent advances in intru- selection using genetic algorithm to improve classification in
sion detection, Springer, pp 85–103 network intrusion detection system. In: 2017 International
56. Deng S, Zhou AH, Yue D, Hu B, Zhu LP (2017) Distributed electronics symposium on knowledge creation and intelligent
intrusion detection based on hybrid gene expression program- computing (IES-KCIC), IEEE, pp 46–49
ming and cloud computing in a cyber physical power system. 76. Fogel LJ, Owens AJ, Walsh MJ (1966) Artificial intelligence
IET Control Theory Appl 11(11):1822–1829 through simulated evolution
57. Denning D (1987) An intrusion-detection model. IEEE Trans 77. Fooel L, Owens A, Walsh M (1966) Artificial intelligence
Softw Eng 2:222–232 through simulated evolution. Wiley, New York
58. Deuri J, Sathya SS (2018) Cricket chirping algorithm: an efficient 78. Formato R (2008) Central force optimization: a new nature
meta-heuristic for numerical function optimisation. Int J Comput inspired computational framework for multidimensional search
Sci Eng 16(2):162–172 and optimization. In: Nature inspired cooperative strategies for
59. Dhal KG, Ray S, Das A, Das S (2019) A survey on nature- optimization (NICSO 2007), pp 221–238
inspired optimization algorithms and their application in 79. Friedl G, Kuczmann M (2015) A new metaheuristic optimiza-
image enhancement domain. Arch Comput Methods Eng tion algorithm, the weighted attraction method. Acta Technica
26(5):1607–1638 Jaurinensis 8(3):257–266
60. Dhiman G, Kumar V (2017) Spotted hyena optimizer: a novel 80. Fulp EW, Gage HD, John DJ, McNiece MR, Turkett WH, Zhou
bio-inspired based metaheuristic technique for engineering appli- X (2015) An evolutionary strategy for resilient cyber defense.
cations. Adv Eng Softw 114:48–70 In: Global communications conference (GLOBECOM), IEEE,
61. Dhiman G, Kumar V (2018) Emperor penguin optimizer: a bio- pp 1–6
inspired algorithm for engineering problems. Knowl Based Syst 81. Gandomi AH, Alavi AH (2012) Krill herd: a new bio-inspired
159:20–50 optimization algorithm. Commun Nonlinear Sci Numer Simul
62. Dorigo M (1992) Optimization, learning and natural algorithms. 17(12):4831–4845
PhD thesis, Politecnico di Milano 82. Garcia-Teodoro P, Diaz-Verdejo J, Macia-Fernandez G,
63. Dorigo M, Gambardella LM (1997) Ant colony system: a coop- Vazquez E (2009) Anomaly-based network intrusion detec-
erative learning approach to the traveling salesman problem. tion: techniques, systems and challenges. Comput Secur
IEEE Trans Evol Comput 1(1):53–66 28(1–2):18–28
64. Dougan B, Olmez T (2015) A new metaheuristic for numeri- 83. Geem ZW, Kim JH, Loganathan GV (2001) A new heuristic
cal function optimization: Vortex search algorithm. Inf Sci optimization algorithm: harmony search. Simulation 76(2):60–68
293:125–145 84. Glover F (1989) Tabu searchpart i. ORSA J Comput
65. Drias H, Sadeg S, Yahi S (2005) Cooperative bees swarm for 1(3):190–206
solving the maximum weighted satisfiability problem. In: Inter- 85. Gonccalves MS, Lopez RH, Miguel LFF (2015) Search group
national work-conference on artificial neural networks, Springer, algorithm: a new metaheuristic method for the optimization of
pp 318–325 truss structures. Comput Struct 153:165–184
66. Eberhart R, Kennedy J (1995) A new optimizer using particle 86. Grandvalet Y, Canu S (2003) Adaptive scaling for feature selec-
swarm theory. In: Proceedings of the sixth international sympo- tion in svms. In: Advances in neural information processing sys-
sium on micro machine and human science, MHS’95, IEEE, pp tems, pp 569–576
39–43 87. Haghnegahdar L, Wang Y (2019) A whale optimization algo-
67. Ebrahimi A, Khamehchi E (2016) Sperm whale algorithm: an rithm-trained artificial neural network for smart grid cyber intru-
effective metaheuristic algorithm for production optimization sion detection. In: Neural computing and applications, pp 1–15
problems. J Nat Gas Sci Eng 29:211–222 88. Hajisalem V, Babaie S (2018) A hybrid intrusion detection sys-
68. Eesa AS, Brifcani AMA, Orman Z (2013) Cuttlefish algorithm— tem based on abc-afs algorithm for misuse and anomaly detec-
a novel bio-inspired optimization algorithm. Int J Sci Eng Res tion. Comput Netw 136:37–50
4(9):1978–1986 89. Hasanccebi O, Azad SK (2015) Adaptive dimensional search: a
69. Engen V (2010) Machine learning for network based intrusion new metaheuristic algorithm for discrete truss sizing optimiza-
detection: an investigation into discrepancies in findings with tion. Comput Struct 154:1–16

13
2916 K. Thakur, G. Kumar

90. Hashim FA, Houssein EH, Mabrouk MS, Al-Atabany W, Mir- 112. Karaboga D, Basturk B (2007) A powerful and efficient algo-
jalili S (2019) Henry gas solubility optimization: a novel phys- rithm for numerical function optimization: artificial bee colony
ics-based algorithm. Future Gener Comput Syst 101:646–667 (abc) algorithm. J Global Optim 39(3):459–471
91. Hatamlou A (2013) Black hole: a new heuristic optimization 113. Kashan AH (2009) League championship algorithm: a new
approach for data clustering. Inf Sci 222:175–184 algorithm for numerical function optimization. In: 2009 Inter-
92. Havens TC, Spain CJ, Salmon NG, Keller JM (2008) Roach national conference of soft computing and pattern recognition,
infestation optimization. In: 2008 IEEE swarm intelligence IEEE, pp 43–48
symposium, IEEE, pp 1–7 114. Kashan AH (2015) A new metaheuristic for optimiza-
93. He S, Wu QH, Saunders J (2009) Group search optimizer: an tion: optics inspired optimization (oio). Comput Oper Res
optimization algorithm inspired by animal searching behavior. 55:99–125
IEEE Trans Evol Comput 13(5):973–990 115. Kashan AH, Tavakkoli-Moghaddam R, Gen M (2019) Find-
94. Hedayatzadeh R, Salmassi FA, Keshtgari M, Akbari R, Ziarati fix-finish-exploit-analyze (f3ea) meta-heuristic algorithm: an
K (2010) Termite colony optimization: A novel approach for effective algorithm with new evolutionary operators for global
optimizing continuous problems. In: 2010 18th Iranian confer- optimization. Comput Ind Eng 128:192–218
ence on electrical engineering, IEEE, pp 553–558 116. Kaur A, Pal SK, Singh AP (2018) Hybridization of k-means and
95. Hernandez H, Blum C (2012) Distributed graph coloring: an firefly algorithm for intrusion detection system. Int J Syst Assur
approach based on the calling behavior of japanese tree frogs. Eng Manag 9(4):901–910
Swarm Intell 6(2):117–150 117. Kaur G, Arora S (2018) Chaotic whale optimization algorithm.
96. Holland JH (1992) Genetic algorithms. Sci Am 267(1):66–73 J Comput Des Eng 5(3):275–284
97. Hooks D, Yuan X, Roy K, Esterline A, Hernandez J (2018) 118. Kaveh A, Dadras A (2017) A novel meta-heuristic optimiza-
Applying artificial immune system for intrusion detection. In: tion algorithm: thermal exchange optimization. Adv Eng Softw
2018 IEEE fourth international conference on big data com- 110:69–84
puting service and applications (BigDataService), IEEE, pp 119. Kaveh A, Farhoudi N (2013) A new optimization method: Dol-
287–292 phin echolocation. Adv Eng Softw 59:53–70
98. Hosseini F, Kaedi M (2018) A metaheuristic optimization algo- 120. Kaveh A, Khayatazad M (2012) A new meta-heuristic method:
rithm inspired by the effect of sunlight on the leaf germination. ray optimization. Comput Struct 112:283–294
Int J Appl Metaheuristic Comput (IJAMC) 9(1):40–48 121. Kaveh A, Kooshkebaghi M (2019) Artificial coronary circula-
99. Huang CL, Dun JF (2008) A distributed pso-svm hybrid system tion system: a new bio-inspired metaheuristic algorithm. Sci Iran
with feature selection and parameter optimization. Appl Soft 26(5):2731–2747
Comput 8(4):1381–1391 122. Kaveh A, Mahdavi VR (2014) Colliding bodies optimization: a
100. Ibrahim A, Rahnamayan S, Martin MV (2014) Simulated rain- novel meta-heuristic method. Comput Struct 139:18–27
drop algorithm for global optimization. In: 2014 IEEE 27th 123. Kaveh A, Talatahari S (2010) A novel heuristic optimization
Canadian conference on electrical and computer engineering method: charged system search. Acta Mech 213(3):267–289
(CCECE), IEEE, pp 1–8 124. Kennedy R (1995) Particle swarm optimization. In: Proceed-
101. Iordache S (2010) Consultant-guided search: a new metaheuris- ings of IEEE international conference on neural networks IV, vol
tic for combinatorial optimization problems. In: Proceedings 1000, p 33
of the 12th annual conference on Genetic and evolutionary 125. Kim JH, Choi YH, Ngo TT, Choi J, Lee HM, Choo YM, Lee EH,
computation, ACM, pp 225–232 Yoo DG, Sadollah A, Jung D (2016) Ku battle of metaheuristic
102. Jaderyan M, Khotanlou H (2016) Virulence optimization algo- optimization algorithms 1: development of six new/improved
rithm. Appl Soft Comput 43:596–618 algorithms. In: Harmony search algorithm, Springer, pp 197–205
103. Jain M, Maurya S, Rani A, Singh V (2018) Owl search algo- 126. Kirkpatrick S, Gelatt CD, Vecchi MP et al (1983) Optimization
rithm: a novel nature-inspired heuristic paradigm for global by simulated annealing. Science 220(4598):671–680
optimization. J Intell Fuzzy Syst 34(3):1573–1582 127. Klein CE, Mariani VC, dos Santos Coelho L (2018) Cheetah
104. Jain M, Singh V, Rani A (2019) A novel nature-inspired algo- based optimization algorithm: a novel swarm intelligence para-
rithm for optimization: Squirrel search algorithm. Swarm Evol digm. In: ESANN
Comput 44:148–175 128. Kolias C, Kambourakis G, Maragoudakis M (2011) Swarm
105. Jamil M, Yang XS (2013) A literature survey of benchmark intelligence in intrusion detection: a survey. Comput Secur
functions for global optimization problems. arXiv preprint 30(8):625–642
arXiv​:1308.4008 129. Koza JR, Koza JR (1992) Genetic programming: on the program-
106. Javidy B, Hatamlou A, Mirjalili S (2015) Ions motion algo- ming of computers by means of natural selection, vol 1. MIT
rithm for solving optimization problems. Appl Soft Comput press, New York
32:72–79 130. Krishnanand K, Ghose D (2009) Glowworm swarm optimisa-
107. Julisch K (2003) Clustering intrusion detection alarms to sup- tion: a new method for optimising multi-modal functions. Int J
port root cause analysis. ACM Trans Inf Syst Secur (TISSEC) Comput Intell Stud 1(1):93–119
6(4):443–471 131. Kulkarni AJ, Krishnasamy G, Abraham A (2017) Cohort intel-
108. Jung SH (2003) Queen-bee evolution for genetic algorithms. ligence: a socio-inspired optimization method. Springer, Berlin
Electron Lett 39(6):575–576 132. Kumar G, Kumar K (2013) Design of an evolutionary approach
109. Kaboli SHA, Selvaraj J, Rahim N (2017) Rain-fall optimization for intrusion detection. Sci World J
algorithm: a population based algorithm for solving constrained 133. Kumar G, Kumar K, Sachdeva M (2010) The use of artificial
optimization problems. J Comput Sci 19:31–42 intelligence based techniques for intrusion detection: a review.
110. Kaedi M (2017) Fractal-based algorithm: a new metaheuris- Artif Intell Rev 34(4):369–387
tic method for continuous optimization. Int J Artif Intell 134. Kumar M, Kulkarni AJ, Satapathy SC (2018) Socio evolution and
15(1):76–92 learning optimization algorithm: a socio-inspired optimization
111. Kallioras NA, Lagaros ND, Avtzis DN (2018) Pity beetle algo- methodology. Future Gener Comput Syst 81:252–272
rithm-a new metaheuristic inspired by the behavior of bark bee- 135. Lam AY, Li VO (2010) Chemical-reaction-inspired metaheuristic
tles. Adv Eng Softw 121:147–166 for optimization. IEEE Trans Evol Comput 14(3):381–399

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2917

136. Lamy JB (2019) Artificial feeding birds (afb): a new 158. Mirjalili SZ, Mirjalili S, Saremi S, Faris H, Aljarah I (2018)
metaheuristic inspired by the behavior of pigeons. In: Grasshopper optimization algorithm for multi-objective opti-
Advances in nature-inspired computing and applications, mization problems. Appl Intell 48(4):805–820
Springer, pp 43–60 159. Moein S, Logeswaran R (2014) Kgmo: a swarm optimization
137. Li X (2002) An optimizing method based on autonomous algorithm based on the kinetic energy of gas molecules. Inf Sci
animats: fish-swarm algorithm. Syst Eng Theory Pract 275:127–144
22(11):32–38 160. Montiel O, Castillo O, Melin P, Díaz AR, Sepúlveda R (2007)
138. Lim S, Jones A (2008) Network anomaly detection system: the Human evolutionary model: a new approach to optimization.
state of art of network behaviour analysis. In: Proceedings of Inf Sci 177(10):2075–2098
international conference on convergence and hybrid information 161. Moosavian N, Roodsari BK (2014) Soccer league competition
technology (ICHIT), IEEE, pp 459–465 algorithm: a novel meta-heuristic algorithm for optimal design
139. Lin SW, Ying KC, Chen SC, Lee ZJ (2008) Particle swarm opti- of water distribution networks. Swarm Evol Comput 17:14–24
mization for parameter determination and feature selection of 162. Mozaffari A, Fathi A, Behzadipour S (2012) The great salmon
support vector machines. Expert Syst Appl 35(4):1817–1824 run: a novel bio-inspired algorithm for artificial system design
140. Liu C, Han M, Wang X (2012) A novel evolutionary membrane and optimisation. Int J Bioinspir Comput 4(5):286–301
algorithm for global numerical optimization. In: 2012 Third 163. Mucherino A, Seref O (2007) Monkey search: a novel
international conference on intelligent control and information metaheuristic search for global optimization. In: AIP confer-
processing (ICICIP), IEEE, pp 727–732 ence proceedings, vol 953, AIP, pp 162–173
141. Lourenco HR, Martin OC, Stutzle T (2003) Iterated local search. 164. Nakrani S, Tovey C (2004) On honey bees and dynamic
In: International series in operations research and management server allocation in internet hosting centers. Adaptive Behav
science, pp 321–354 12(3–4):223–240
142. Lucic P, Teodorovic D (2001) Bee system: modeling combinato- 165. Nayak J, Vakula K, Dash PB, Naik B (2019) Kidney-inspired
rial optimization transportation engineering problems by swarm algorithm and fuzzy clustering for biomedical data analysis.
intelligence. In: Preprints of the TRISTAN IV triennial sympo- In: Big data analytics for intelligent healthcare management,
sium on transportation analysis, pp 441–445 Elsevier, pp 269–281
143. Maia RD, de Castro LN, Caminhas WM (2012) Bee colonies 166. Oftadeh R, Mahjoob M (2009) A new meta-heuristic optimi-
as model for multimodal continuous optimization: The optbees zation algorithm: hunting search. In: 2009 fifth international
algorithm. In: 2012 IEEE congress on evolutionary computation, conference on soft computing, computing with words and per-
IEEE, pp 1–8 ceptions in system analysis, decision and control, IEEE, pp 1–5
144. Malik AJ, Shahzad W, Khan FA (2011) Binary pso and random 167. Oftadeh R, Mahjoob M, Shariatpanahi M (2010) A novel meta-
forests algorithm for probe attacks detection in a network. In: heuristic optimization algorithm inspired by group hunting of
2011 IEEE congress on evolutionary computation (CEC), IEEE, animals: Hunting search. Comput Math Appl 60(7):2087–2098
pp 662–668 168. Owens S, Levary R (2006) An adaptive expert system approach
145. Maniezzo A (1992) Distributed optimization by ant colonies. In: for intrusion detection. Int J Secur Netw 1(3):206–217
Toward a practice of autonomous systems: proceedings of the 169. Pan WT (2012) A new fruit fly optimization algorithm: taking
first European conference on artificial life, Mit Press, p 134 the financial distress model as an example. Knowl Based Syst
146. Masadeh R, Mahafzah BA, Sharieh A (2019) Sea lion optimiza- 26:69–74
tion algorithm. Sea 10(5) 170. Parpinelli RS, Lopes HS (2011) An eco-inspired evolutionary
147. Mbikayi HK (2012) An evolution strategy approach toward rule- algorithm applied to numerical optimization. In: 2011 Third
set generation for network intrusion detection systems (ids). world congress on nature and biologically inspired computing,
arXiv preprint arXiv​:1212.0170 IEEE, pp 466–471
148. Mehrabian AR, Lucas C (2006) A novel numerical optimiza- 171. Parpinelli RS, Lopes HS, Freitas AA (2002) Data mining with
tion algorithm inspired from weed colonization. Ecol Inform an ant colony optimization algorithm. IEEE Trans Evol Com-
1(4):355–366 put 6(4):321–332
149. Mirjalili S (2015) The ant lion optimizer. Adv Eng Softw 172. Passino KM (2010) Bacterial foraging optimization. Int J
83:80–98 Swarm Intell Res (IJSIR) 1(1):1–16
150. Mirjalili S (2015) Moth-flame optimization algorithm: a 173. Patcha A, Park JM (2007) An overview of anomaly detection
novel nature-inspired heuristic paradigm. Knowl Based Syst techniques: existing solutions and latest technological trends.
89:228–249 Comput Netw 51(12):3448–3470. https​: //doi.org/10.1016/j.
151. Mirjalili S (2016) Dragonfly algorithm: a new meta-heuristic comne​t.2007.02.001. URL http://www.scien​cedir​ect.com/scien​
optimization technique for solving single-objective, discrete, and ce/artic​le/pii/S1389​12860​70006​2X
multi-objective problems. Neural Comput Appl 27(4):1053–1073 174. Pattnaik SS, Bakwad KM, Sohi B, Ratho RK, Devi S (2013)
152. Mirjalili S (2016) Sca: a sine cosine algorithm for solving opti- Swine influenza models based optimization (simbo). Appl Soft
mization problems. Knowl Based Syst 96:120–133 Comput 13(1):628–653
153. Mirjalili S, Faris H, Aljarah I, Mafarja M, Chen H (2019) Harris 175. Pelikan M (2005) Bayesian optimization algorithm. In: Hier-
hawks optimization: algorithm and applications archical Bayesian optimization algorithm, Springer, pp 31–48
154. Mirjalili S, Gandomi AH, Mirjalili SZ, Saremi S, Faris H, Mir- 176. Pham D, Ghanbarzadeh A, Koc E, Otri S, Rahim S, Zaidi M
jalili SM (2017) Salp swarm algorithm: a bio-inspired optimizer (2005) The bees algorithm. Technical note, Manufacturing
for engineering design problems. Adv Eng Softw 114:163–191 Engineering Centre, Cardiff University, UK
155. Mirjalili S, Lewis A (2016) The whale optimization algorithm. 177. Pham D, Ghanbarzadeh A, Koc E, Otri S, Rahim S, Zaidi M
Adv Eng Softw 95:51–67 (2011) The bees algorithm—a novel tool for complex opti-
156. Mirjalili S, Mirjalili SM, Hatamlou A (2016) Multi-verse opti- misation. In: 2nd I* PROMS virtual international conference
mizer: a nature-inspired algorithm for global optimization. Neu- intelligent production machines and systems
ral Comput Appl 27(2):495–513 178. Premaratne U, Samarabandu J, Sidhu T (2009) A new biologi-
157. Mirjalili S, Mirjalili SM, Lewis A (2014) Grey wolf optimizer. cally inspired optimization algorithm. In: 2009 international
Adv Eng Softw 69:46–61

13
2918 K. Thakur, G. Kumar

conference on industrial and information systems (ICIIS), 199. Shirazi HM, Namadchian A, khalili Tehrani A (2012) A com-
IEEE, pp 279–284 bined anomaly base intrusion detection using memetic algorithm
179. Punnathanam V, Kotecha P (2016) Yin-yang-pair optimization: a and bayesian networks. Int J Mach Learn Comput 2(5):706
novel lightweight optimization algorithm. Eng Appl Artif Intell 200. Shitharth S et al (2017) An enhanced optimization based algo-
54:62–79 rithm for intrusion detection in scada network. Comput Secur
180. Rabanal P, Rodriguez I, Rubio F (2007) Using river formation 70:16–26
dynamics to design heuristic algorithms. In: International confer- 201. Shrivastava SK, Jain P (2011) Effective anomaly based intrusion
ence on unconventional computation, Springer, pp 163–177 detection using rough set theory and support vector machine. Int
181. Rajabioun R (2011) Cuckoo optimization algorithm. Appl Soft J Comput Appl 18(3):35–41
Comput 11(8):5508–5518 202. Simon D (2008) Biogeography-based optimization. IEEE Trans
182. Rao RV, Savsani VJ, Vakharia D (2012) Teaching-learning-based Evol Comput 12(6):702–713
optimization: an optimization method for continuous non-linear 203. Singh AP, Kaur A (2019) Flower pollination algorithm for feature
large scale problems. Inf Sci 183(1):1–15 analysis of kyoto 2006+ data set. J Inf Optim Sci 40(2):467–478
183. Rashedi E, Nezamabadi-Pour H, Saryazdi S (2009) Gsa: a gravi- 204. Singh S, Silakari S (2009) A survey of cyber attack detection
tational search algorithm. Inf Sci 179(13):2232–2248 systems. Int J Comput Sci Netw Secur 9(5):1–10
184. Razmjooy N, Khalilpour M, Ramezani M (2016) A new meta- 205. Soroush E, Abadeh MS, Habibi J (2006) A boosting ant-colony
heuristic optimization algorithm inspired by fifa world cup optimization algorithm for computer intrusion detection. In: Pro-
competitions: theory and its application in pid designing for avr ceedings of the 2006 international symposium on frontiers in
system. J Control Autom Electr Syst 27(4):419–440 networking with applications (FINA 2006)
185. Rechenberg I (1973) Evolution strategy: optimization of technical 206. Sreelaja N, Pai GV (2014) Swarm intelligence based approach
systems by means of biological evolution, Fromman-Holzboog, for sinkhole attack detection in wireless sensor networks. Appl
Stuttgart, vol 104 Soft Comput 19:68–79
186. Ryan C, Collins JJ, Neill MO (1998) Grammatical evolution: 207. Srinoy S (2007) Intrusion detection model based on particle
evolving programs for an arbitrary language. In: European con- swarm optimization and support vector machine. In: IEEE sym-
ference on genetic programming, Springer, pp 83–96 posium on computational intelligence in security and defense
187. Sadollah A, Bahreininejad A, Eskandar H, Hamdi M (2013) Mine applications, CISDA 2007, IEEE, pp 186–192
blast algorithm: a new population based algorithm for solving 208. Stoneburner G (2001) Nist special publication 800-33: under-
constrained engineering optimization problems. Appl Soft Com- lying technical models for information technology security.
put 13(5):2592–2612 Gaithersburg, Estados Unidos de América. National Institute of
188. Salcedo-Sanz S, Pastor-Sánchez A, Gallo-Marazuela D, Portilla- Standards and Technology (NIST)
Figueras A (2013) A novel coral reefs optimization algorithm 209. Storn R, Price K (1997) Differential evolution—a simple and
for multi-objective problems. In: International conference on efficient heuristic for global optimization over continuous spaces.
intelligent data engineering and automated learning, Springer, J Global Optim 11(4):341–359
pp 326–333 210. Su S, Wang J, Fan W, Yin X (2007) Good lattice swarm algo-
189. Salmani MH, Eshghi K (2017) A metaheuristic algorithm based rithm for constrained engineering design optimization. In: 2007
on chemotherapy science: Csa. J Optim International conference on wireless communications, network-
190. Savsani P, Savsani V (2016) Passing vehicle search (pvs): a novel ing and mobile computing, IEEE, pp 6421–6424
metaheuristic algorithm. Appl Math Model 40(5–6):3951–3978 211. Sur C, Sharma S, Shukla A (2013) Egyptian vulture optimization
191. Seth JK, Chandra S (2018) Mids: metaheuristic based intrusion algorithm—a new nature inspired meta-heuristics for knapsack
detection system for cloud using k-nn and mgwo. In: Interna- problem. In: The 9th international conference on computing and
tional conference on advances in computing and data sciences, information technology (IC2IT2013), Springer, pp 227–237
Springer, pp 411–420 212. Tabatabaefar M, Miriestahbanati M, Grégoire JC (2017) Network
192. Shadravan S, Naji H, Bardsiri VK (2019) The sailfish optimizer: intrusion detection through artificial immune system. In: 2017
a novel nature-inspired metaheuristic algorithm for solving con- Annual IEEE international systems conference (SysCon), IEEE,
strained engineering optimization problems. Eng Appl Artif pp 1–6
Intell 80:20–34 213. Tahani M, Babayan N (2019) Flow regime algorithm (fra):
193. Shah-Hosseini H (2009) The intelligent water drops algorithm: a a physics-based meta-heuristics algorithm. Knowl Inf Syst
nature-inspired swarm-based optimization algorithm. Int J Bioin- 60(2):1001–1038
spir Comput 1(1–2):71–79 214. Tamura K, Yasuda K (2011) Spiral dynamics inspired optimiza-
194. Shah-Hosseini H (2011) Principal components analysis by the tion. J Adv Comput Intell Intell Inform 15(8):1116–1122
galaxy-based search algorithm: a novel metaheuristic for continu- 215. Tang R, Fong S, Yang XS, Deb S (2012) Wolf search algorithm
ous optimisation. Int J Comput Sci Eng 6(1–2):132–140 with ephemeral memory. In: Seventh international conference
195. Shastri AS, Jagetia A, Sehgal A, Patel M, Kulkarni AJ (2019) on digital information management (ICDIM 2012), IEEE, pp
Expectation algorithm (exa): A socio-inspired optimiza- 165–172
tion methodology. In: Socio-cultural inspired metaheuristics, 216. Thakkar A, Lohiya R (2019) Role of swarm and evolutionary
Springer, pp 193–214 algorithms for intrusion detection system: a survey. In: Swarm
196. Shayanfar H, Gharehchopogh FS (2018) Farmland fertility: a and evolutionary computation, p 100631
new metaheuristic algorithm for solving continuous optimization 217. Ting T, Man KL, Guan SU, Nayel M, Wan K (2012) Weightless
problems. Appl Soft Comput 71:728–746 swarm algorithm (wsa) for dynamic optimization problems. In:
197. Shayeghi H, Dadashpour J (2012) Anarchic society optimization IFIP international conference on network and parallel computing,
based pid control of an automatic voltage regulator (avr) system. Springer, pp 508–515
Electr Electron Eng 2(4):199–207 218. Topal AO, Altun O (2016) A novel meta-heuristic algorithm:
198. Shi Y (2015) An optimization algorithm based on brainstorm- dynamic virtual bats algorithm. Inf Sci 354:222–235
ing process. In: Emerging research on swarm intelligence and 219. Tsang CH, Kwong S, Wang H (2005) Anomaly intrusion detec-
algorithm optimization, IGI Global, pp 1–35 tion using multi-objective genetic fuzzy system and agent-based

13
Nature Inspired Techniques and Applications in Intrusion Detection Systems: Recent Progress… 2919

evolutionary computation framework. In: Fifth IEEE interna- 238. Yang XS (2012) Nature-inspired mateheuristic algorithms: suc-
tional conference on data mining, IEEE, p 4 cess and new challenges. arXiv preprint arXiv​:1211.6658
220. Turing A (2004) Intelligent machinery (1948). B. Jack Copeland, 239. Yang XS (2014) Nature-inspired optimization algorithms. Else-
p 395 vier, Amsterdam
221. Tzanetos A, Dounias G (2017) A new metaheuristic method for 240. Yang XS, Deb S (2009) Cuckoo search via lévy flights. In: World
optimization: sonar inspired optimization. In: International con- congress on nature and biologically inspired computing, 2009.
ference on engineering applications of neural networks, Springer, NaBIC 2009, IEEE, pp 210–214
pp 417–428 241. Yang XS, Deb S (2010) Eagle strategy using levy walk and firefly
222. Vicsek T, Czirok A, Ben-Jacob E, Cohen I, Shochet O (1995) algorithms for stochastic optimization. In: Nature inspired coop-
Novel type of phase transition in a system of self-driven particles. erative strategies for optimization (NICSO 2010), Springer, pp
Phys Rev Lett 75(6):1226 101–111
223. Victoire TA, Sakthivel M (2011) A refined differential evolution 242. Yang XS, He XS (2019) Mathematical foundations of nature-
algorithm based fuzzy classifier for intrusion detection. Eur J Sci inspired algorithms. Springer, Berlin
Res 65(2):246–259 243. Yang XS, Lees JM, Morley CT (2006) Application of virtual ant
224. Wang GG (2018) Moth search algorithm: a bio-inspired algorithms in the optimization of cfrp shear strengthened pre-
metaheuristic algorithm for global optimization problems. cracked structures. In: International conference on computational
Memetic Comput 10(2):151–164 science, Springer, pp 834–837
225. Wang GG, Deb S, dos Santos Coelho L (2018) Earthworm opti- 244. Yang XS, Papa J (2016) Bio-inspired computation and its appli-
misation algorithm: a bio-inspired metaheuristic algorithm for cations in image processing: an overview. In: Bio-inspired com-
global optimisation problems. IJBIC 12(1):1–22 putation and applications in image processing, Elsevier, pp 1–24
226. Wang J, Hong X, Ren Rr, Li Th (2009) A real-time intrusion 245. Yao X, Liu Y, Lin G (1999) Evolutionary programming made
detection system based on pso-svm. In: Proceedings of the inter- faster. IEEE Trans Evol Comput 3(2):82–102
national workshop on information security and application, pp 246. Yazdani M, Jolai F (2016) Lion optimization algorithm (loa):
319–321 a nature-inspired metaheuristic algorithm. J Comput Des Eng
227. Wedde HF, Farooq M, Zhang Y (2004) Beehive: an efficient 3(1):24–36
fault-tolerant routing algorithm inspired by honey bee behavior. 247. Yilmaz A, Weber GW (2011) Why you should consider nature-
In: International workshop on ant colony optimization and swarm inspired optimization methods in financial mathematics. https​://
intelligence, Springer, pp 83–94 doi.org/10.1007/978-1-4614-0231-2_20
228. Wedyan A, Whalley J, Narayanan A (2017) Hydrological cycle 248. Zandi Z, Afjei E, Sedighizadeh M (2012) Reactive power dis-
algorithm for continuous optimization problems. J Optim patch using big bang-big crunch optimization algorithm for volt-
229. Wolpert DH, Macready WG et al (1997) No free lunch theorems age stability enhancement. In: 2012 IEEE international confer-
for optimization. IEEE Trans Evol Comput 1(1):67–82 ence on power and energy (PECon), IEEE, pp 239–244
230. Wu S, Banzhaf W (2010) The use of computational intelligence 249. Zang H, Zhang S, Hapeshi K (2010) A review of nature-inspired
in intrusion detection systems: A review. Appl Soft Comput algorithms. J Bionic Eng 7:S232–S237
10(1):1–35 250. Zhang LM, Dahlmann C, Zhang Y (2009) Human-inspired
231. Xu H, Cao Q, Fang C, Fu Y, Su J, Wei S, Bykovyy P (2018) algorithms for continuous function optimization. In: 2009 IEEE
Application of elephant herd optimization algorithm based on international conference on intelligent computing and intelligent
levy flight strategy in intrusion detection. In: 2018 IEEE 4th systems, vol 1, IEEE, pp 318–321
international symposium on wireless systems within the inter- 251. Zhang Q, Wang R, Yang J, Lewis A, Chiclana F, Yang S
national conferences on intelligent data acquisition and advanced (2019) Biology migration algorithm: a new nature-inspired
computing systems (IDAACS-SWS), IEEE, pp 16–20 heuristic methodology for global optimization. Soft Comput
232. Yadav A et al (2019) Aefa: artificial electric field algorithm for 23(16):7333–7358
global optimization. Swarm Evol Comput 48:93–108 252. Zheng YJ (2015) Water wave optimization: a new nature-inspired
233. Yan GW, Hao ZJ (2013) A novel optimization algorithm metaheuristic. Comput Oper Res 55:1–11
based on atmosphere clouds model. Int J Comput Intell Appl 253. Zheng YJ, Ling HF, Xue JY (2014) Ecogeography-based opti-
12(01):1350002 mization: enhancing biogeography-based optimization with
234. Yang XS (2005) Engineering optimizations via nature-inspired ecogeographic barriers and differentiations. Comput Oper Res
virtual bee algorithms. In: International work-conference on the 50:115–127
interplay between natural and artificial computation, Springer,
pp 317–323 Publisher’s Note Springer Nature remains neutral with regard to
235. Yang XS (2010) Firefly algorithm, stochastic test functions and jurisdictional claims in published maps and institutional affiliations.
design optimisation. Int J Bioinspir Comput 2(2):78–84
236. Yang XS (2010) A new metaheuristic bat-inspired algorithm. In:
Nature inspired cooperative strategies for optimization (NICSO
2010), pp 65–74
237. Yang XS (2012) Flower pollination algorithm for global optimi-
zation. In: UCNC, Springer, pp 240–249

13