Abstract
A new approach inspired by bees defensive behaviour in nature is proposed to improve Intrusion Detection System (IDS). In honeybee colonies, guards discriminate nestmates from non-nestmates at a hive entrance using an approach contains Undesirable-Absent (UA) or Desirable-Present (DP), and Filtering Decision (FD) methods. These methods are used to detect intruder and classify its type. In the proposed approach, the UA detector is responsible for detecting pre-defined attacks based on their attack signatures. Neural network trained by Bees Algorithm (BA) was used to learn the patterns of attacks given in training dataset and use these patterns to find specific attacks in test dataset. The DP detector is responsible for detecting anomalous behaviours based on the trained normal behaviour model. Finally, FD method is used to train the UA detector in real-time to detect new intrusions. The performance of the proposed IDS is evaluated by using KDD'99 dataset, the benchmark dataset used by IDS researchers. The experiments show that the proposed approach is applied successfully and able to detect many different types of intrusions, while maintaining a low false positive rate.