genetic algorithm and artificial neural network for network...
TRANSCRIPT
Genetic algorithm and artificial neural network
for network forensic analytics
Dijana Oreški, Darko Andročec
Faculty of Organization and Informatics, University of Zagreb, Varaždin, Croatia
[email protected], [email protected]
Abstract - Rapid development of Internet of things (IoT)
technologies and their application and importance within various fields arises security issues. New threats require development of appropriate approaches to address them since information security problems could led to serious damages.
This work focuses on developing methods for prediction of undesired behavior. Literature review indicated use of advanced statistical approaches such as logistic regression or multiple regression. However, in the recent years, interest among researchers for applying artificial intelligence techniques is growing. Artificial intelligence approaches shown to be powerful tool for development of efficient predictive models in various fields. Main aim of research presented here is to apply
artificial intelligent techniques for intrusion analysis. Our approach is based on the neural networks and genetic algorithms. Neural networks results largely depend on the network parameters which are mostly achieved by trial-and-error. Trial-and-error approach requires a lot of time. Thus, we are applying genetic algorithm to optimize neural networks parameters. Experiments are conducted on the publicly available new dataset, Bot-IoT, consisting of legitimate and
simulated IoT network traffic incorporating different types of attacks. Here, we investigate: (i) the level to which available data can be a good basis for predicting intrusion, (ii) efficiency of neural network approach supported by genetic algorithm for developing useful predictive models.
Keywords - intrusion detection, machine learning, internet
of things, security, neural networks, genetic algorithm.
I. INTRODUCTION
Development of Internet of Things (IoT) and emergence of various successful examples (smart homes, smart cities...) attracted interest of cyber attackers. Various threats have emerged able to damage IoT networks, or to use IoT devices for malicious purposes. Internet of things devices and services are often not designed with security in mind, so malicious users can create botnets and other malicious software targeting things’, IoT services’, and IoT networks’ vulnerabilities. The term malicious in network forensics refers to malicious packets and malicious traffic program (irregular traffic patterns) [1]. Malicious packets can be defined as the packets that violate the principles of network communication by exploiting vulnerabilities in security devices including gateways and gaining unauthorized access to the network hosts. IT security has always been based around standards, but the relatively recent emergence of IoT devices and applications makes it difficult to create standards and enforce them in the industry. Some examples already exist where a large
number of limited IoT devices was used to launch a large scale attack (e.g., distributed denial of service (DDoS) attacks such as Remaiten and Mirai). IoT networks can both amplify and be the targets of DDoS or botnet attacks.
IoT botnets are a collection of smart devices hijacked
by cybercriminals to conduct attacks like DDoS or activities like cryptocurrency mining [2]. IoT botnets often use old vulnerabilities, cryptocurrency mining, hiding their command and conquer center, and employing unique evasion tactics. Trend Micro recommends the following best practices to secure IoT devices: start security from the design phase, apply patches as soon as they become available, use secure configuration, use strong and hard to guess passwords, and apply network segmentation [2]. In IoT environments, it is also important to develop forensics methods for successful identification of inappropriate or suspicious behavior. Many tools for real-time network traffic exist, but real-time monitoring at any level requires significant human and hardware resources, so it is generally more practical to archive all traffic and analyze subsets as necessary. This process is known as reconstructive traffic analysis, or network forensics [3]. In this work, we investigate performance of hybrid methodology consisting of contrast mining techniques in feature selection phase and combination of genetic algorithm and neural networks in predictive modelling for IoT attack detection task.
The remaining sections of this article are organized as
follows: In Section 2, a related work (current state-of-the-art) is given. Section 3 describes steps of the analysis by explaining dataset used in the research with a brief overview of techniques. Section 4 gives results with the focus on prediction accuracy. Finally, Section 5 concludes this paper and gives guidelines for future research.
II. RELATED WORK
Researchers and professionals in network forensics field require new tools and techniques to tackle new
attack trends. Tools to assist with network forensics come
in a variety of forms: packet sniffers, fingerprinting,
mapping, location identification, email traffic, trace back
services, and honeypots [4]. Khan et al. [1] reviewed the
fundamental mechanism of network forensics techniques
through an extensive review of related literature. They
have proposed a thematic taxonomy for the classification
of current network forensics techniques based on its
MIPRO 2020/ISS 1457
implementation as well as involved target data sets.
Authors also listed the most important network forensics
challenges as: intelligent network forensics tools, data
extraction locations, access to IP address, data privacy,
data integrity, data storage on the network devices, and
high speed data transmission.
Even though IoT is slowly been assimilated in one
form or another in everyday life, there is no doubt that
there exist a number of issues with respect to security and
privacy [5]. Zhang et al. [6] have investigated general information security background of IoT and continued on
with information security related challenges that IoT will
encounter. They divided the ongoing IoT research work
into the following categories: object identification and
locating in IoT; authentication and authorization in IoT;
privacy in IoT; lightweight cryptosystems and security
protocols; software vulnerability and backdoor analysis in
IoT; malware in IoT; and Android platform. As the main
challenges for IoT security, Zhang et al. [6] identified the
heterogeneity and the large scale of smart things. Dorri et
al. [7] showed how to use blockchain technology for IoT security and privacy on the case study of a smart home.
Khan and Salah [8] surveyed major security issues for
IoT and outlined security requirements for IoT along with
the existing attacks, threats, and state-of-the-art solutions.
They also discussed basic characteristics of the
blockchain based security solutions and analysis of their
effectiveness for securing IoT. Blockchain can be used to
register and give identity to connected IoT devices.
Additionally, blockchain smart contracts have the ability
to provide a de-centralized authentication rules and logic
to be able to provide single and multiparty authentication
to an IoT Device [8]. As open challenges, Khan and Salah [8] have listed the following: IoT resource
limitations; heterogeneous devices; interoperability of
security protocols; single points of failure;
hardware/firmware vulnerabilities; trusted updates and
management; and blockchain vulnerabilities.
Major IoT security issues include IoT botnets. Kolias
et al. [9] described the Mirai variants and imitators as
samples of sophisticated IoT botnets. DDos attacks by
Mirai and other similar botnets shows how IoT devices
can pose the security risks. The main reasons malicious users choose IoT devices for botnets are: constant and
unobtrusive operation of IoT devices, lack of their
security, poor maintenance, considerable possible attack
traffic, and no interactive or minimally interactive user
interfaces. Meidan et al. [10] proposed a network-based
anomaly detection method for the IoT that uses deep
autoencoders to detect anomalous network traffic from
compromised IoT devices. The evaluation was done by
detecting IoT-based botnets Mirai and BASHLITE.
There are many existing works on IoT network
forensics and using machine learning methods and techniques to tackle IoT security problems. Andročec and
Vrček [11] systematically reviewed the state-of-the art to
classify the research on machine learning for the IoT
security, and concluded that machine learning methods
were mostly used for IoT intrusion detection and
authentication. The most mentioned machine learning
algorithms or techniques in the primary studies of their
systematic review were: Support Vector Machine,
Artificial Neural Network, Naïve Bayes, Decision Tree,
kNN, k-Mean, and Random forest. Koroniotis et al. [5]
investigate machine learning techniques to develop IoT
network forensic mechanism to track botnets. They have
used the UNSW-NB15 dataset to detect botnets’ attacks
and their tracks. Their proposed network forensic architecture consists of traffic collection, network feature
selection, machine learning techniques, and evaluation
metrics. They have experimented with the following
machine learning methods: Association Rule Mining
(ARM), Artificial Neural Network (ANN), Naïve Bayes
(NB), and Decision Tree (DT). Hossain et al. [12]
proposed a forensic investigation framework called
Probe-IoT using a public digital ledger to find facts in
criminal incidents in IoT-based systems. It collects
interactions among various IoT entities as evidence and
stores them securely as transactions in public, distributed and decentralized blockchain network.
Xiao et al. [13] reviewed the IoT security solutions
based on machine-learning techniques and methods
including supervised learning, unsupervised learning, and
reinforcement learning. The main challenges to
implement the machine learning-based security
techniques in IoT are partial state observations,
computation and communication overhead of machine
learning-based security schemes to IoT devices and
networks. Supervised and unsupervised machine learning
sometimes fail to detect the attacks, so backup security solutions have to be designed and incorporated. Hussain
et al. [14] systematically reviewed the security
requirements, attack vectors, and the current machine
learning (ML) and deep learning (DL)-based security
solutions for the IoT networks. They also claim that the
datasets needed for ML and DL algorithms are still
scarce, which makes benchmarking the efficiency of the
ML- and DL-based security solutions a difficult task.
Chatterjee et al. [15] presented their deep neural network-
based framework that allows real-time authentication of
wireless nodes. The proposed method eliminates the need for preamble-based or key-based identification of modern
IoT nodes and enables low-cost secure authentication
using the intrinsic properties of the radio-frequency
signal.
Miettinen et al. [16] developed a system capable of
automatically identifying the types of IoT devices and
enabling enforcement of rules for constraining the
communications of vulnerable devices. The device-type
identification is based on monitoring the communication
behavior of IoT devices to generate device-specific
fingerprints with the help of a machine learning-based classification model. Shakeel et al. [17] introduced the
deep learning based Deep-Q-Networks for reducing the
malware attacks while managing the health information.
1458 MIPRO 2020/ISS
Their system examines the various malwares and the
unauthorized access in IoT-based health care systems.
Deep convolution neural networks were used to maintain
authentication in IoT medical data transactions.
III. EMPIRICAL ANALYSIS
Primary aim of this study is to investigate
performance of hybrid methodology consisting of
contrast mining techniques in feature selection phase and
combination of genetic algorithm and neural networks in
predictive modelling for attack detection task. Feature
selection is used for selecting the most relevant features from datasets [18] and removing irrelevant features.
There are many benefits of feature selection: reducing the
dimensionality of dataset so that the dataset is easier to
handle when performing modelling and being able to
reveal the relevant patterns within the dataset [19]. These
benefits led to increasing use of feature selection in many
domains. Feature selection is especially important in the
era of big data, when certain tasks would be impossible to
process without prior dimensionality reduction. One of
such examples is an analysis of realistic Bot-IoT datasets
presented here. Field of forensic requires big data sources for developing effective models in dealing with attacks.
In the first section of this chapter we are describing
used dataset, whereas in the second section we are
explaining methods used for data analysis.
A. Data description
Increasing development of public data repositories in various domains has created a database which makes data mining highly effective since data about various topics is easily and rapidly accessed. In this research, we have used dataset which is developed by Koroniotis, Moustafa, Sitnikova, and Turnbull [20]. Authors designed a new realistic Bot-IoT dataset in IoT networks. Description of designing the testbed configuration and simulated IoT sensors can be found in their paper [20]. Dataset is composed of 3 668 522 instances. It is to be noted that the original dataset was very large consisting of 72 000 000 instances and analyzing such data was very challenging. So, they have extracted 5% of the original dataset. Dataset contains, for each instance, 46 features. Such reduced dataset was also used in our research. Some of the features from original dataset have been transformed into a series of binary features so that they can be appropriately handled by the neural networks.
B. Methods overview
Koroniotis et al. [20] did statistical analysis of the explained dataset using Correlation Coeficient and Joint Entropy techniques in the feature selection. In this research we have used contrast mining approach for feature selection based on the STUCCO algorithm: SfFS (STUCCO for Feature Selection). SfFS application in feature selection gave the best results in our previous research when analyzing NSL-KDD data set for intrusion detection [21]. Idea of SfFS is first presented in [22]. SfFS tries to identify differences between two groups (in our case normal versus attack) by contrast sets which are
defined as conjunctions of attributes and values that differ meaningfully in their distribution across groups. SfFs in feature selection is using threshold as cutting criterion. As an evaluation measure, relevance is used. It is defined as a measure which discriminates between features on the basis of their potential in forming rules. Contrast mining techniques are essentially defined to give the rules and measures of the quality of rules (measure that differs features with respect to their potential in defining rules) as the result. SfS in feature selection yielded with ten best features presented in Table 1.
TABLE 1. BEST 10 FEATURES EXPLANATION
Feature Explanation
drate Destination-to-source packets per second
flags
number Numerical representation of feature flags
max Maximum duration of aggregated records
mean Average duration of aggregated records
min Minimum duration of aggregated records
N IN
Conn P
DstIP
Number of inbound connections per destination
IP.
N IN
Conn P
SrcIP
Number of inbound connections per source IP.
seq Argus sequence number
state
number Numerical representation of feature state
stddev Standard deviation of aggregated records
attack Class label: 0 for Normal traffic, 1 for Attack
Traffic
Ten features are selected since Koroniotis et al. [20] also selected 10 features. As such, our results will be comparable with their work. Koroniotis et al. [20] identified following ten best features: srate, drate, rate, max, state number, mean, min, stddev, gs number, seq. Our approach for feature selection, contrast set mining, yielded features explained in Table 1.
Koroniotis et al. [20] evaluated the performance of network forensic methods by applying three machine learning algorithms. The models that were trained were: Support Vector Machine (SVM), Recurrent Neural Network (RNN) and Long-Short Term Memory Recurrent Neural Network (LSTM-RNN). Neural network are shown to give the best results. There are many linear and non-linear machine learning methods available for predictive modelling. Artificial neural network became one of the most popular one since they are considered robust learners and perform well on a wide range of applications.
Scientific contribution of the research presented here is in the methodology. Contrast set mining for feature selection is applied here, following with combination of genetic algorithm and neural networks in modelling phase. Novel combination of methods have been used in order to train and test data to generate significant features and develop highly accurate models. A novel combination of
MIPRO 2020/ISS 1459
methods in predictive modelling consist of genetic algorithms and neural networks.
Development of neural networks consists of the following steps: preparation of data and modeling, training and testing neural networks, analysis of results and selecting the best model. Before training can begin, we must define network architecture by specifying the number of units in the input layer, the number of hidden layers, the number of units in each hidden layer, and the number of units in the output layer. There are no rules as to the ‘best’ number of hidden layers or best number of neurons in the hidden layer. Network architecture definition is a trial-and-error process and largely affects the accuracy of the resulting trained network. Although suggestions are made for the number of neurons in the hidden layer range from one-half the number of input neurons [23], to two times the number of input neurons plus one [24] and to number of neurons in the hidden layer estimated as [25]: The number of neurons in the hidden layer = 2* √ (number of inputs + number of outputs). Since determining the size of the network is extremely important for network performances (if the network is too small it may not reach an acceptable level of accuracy, or if there are too many neurons it may result in an inability for the network to generalize as a universal approximator), we are optimizing number of hidden layers and hidden neurons by applying genetic algorithm. Oreski et al. [26] presented genetic algorithm application for neural network optimization. Their application of such methodology shown promising results in credit risk assessment. Several other authors applied this methodology in various different domains: e.g.: Sharma and Gedeon, 2013. [27], Beheshti et al., 2014. [28], Chiroma et al. 2017. [29], Kaiser et al., 2019. [30].
This approach represents automated technique that searches for quality parameters of neural network based on genetic algorithm. Genetic algorithm is applied to the problem of parameterization of the neural network.
The type of neural network used was multilayer feed-forward network with backpropagation network algorithm and activation function used was tangent hyperbolic. Number of training cycles varied from 300 till 600, and learning rate in range from 0.3 till 1.0.
IV. RESEARCH RESULTS
In the data analyses, we first performed feature selection and identified strong features for discriminating between the classes: attack or normal. We then assess the classification accuracy of the proposed methodology. There are several ways for testing and evaluation the accuracy of predictive models. We use the k-fold cross validation. This approach divides the data set into k subsets. Each time, one of the k subsets is used as the test set and the other k-1 subsets consist the training set.
FIGURE 1. NEURAL NETWORK – GENETIC ALGORITHM ARCHITECTURE
Parameters are calculated for
all k tests. This allows good generalization of results
since we get indication of how well the classifier will
perform on new, unseen data. We use k=10 and calculate
confusion matrix along with four standard performance
metrics: accuracy (demonstrating percentage of correctly
classified records over the total number of records),
precision (indicating number of class members classified
correctly over the total number of instances classified as
class members), recall (demonstrating the number of class members classified correctly over the total number
of class members) and F1 measure as weighted average
1460 MIPRO 2020/ISS
of precision and recall. Out of 3 668 522 instances in
dataset, 477 of them belongs to class normal, whereas 3
668 045 of them belongs to class attack. Table 2
represents results of analyzing dataset consisting of 10
best features after feature selection.
TABLE 2. CONFUSION MATRIX FOR TEN BEST FEATURES
True/Predict Normal (0) Attack (1)
Normal (0) 472 5
Attack (1) 6354 3661691
Table 3 indicates results of analyzing full dataset consisting of all features without selection.
TABLE 3. CONFUSION MATRIX FOR FULL DATASET
True/Predict Normal (0) Attack (1)
Normal (0) 452 25
Attack (1) 226354 3441691
Table 4 gives measures of accuracy, precision, recall and F1 for both, full dataset and dataset consisting of 10 best features.
TABLE 4. COMPARISON OF RESULTS
10-best Full dataset
Accuracy 0.998267 0.9382915
Precision 0.999999 0.99999274
Recall 0.998268 0.93829029
F1 0.999132 0.96815941
Our approach produced better results compared to Koroniotis et al. [20] on dataset consisting of 10 best features. Contrast set mining in feature selection identified different relevant features for given task then correlation coefficient and entropy. Contrast mining approach is focused on finding variables which make the difference between values of dependent variable. Furthermore, genetic algorithms did optimization of neural network parameters. Such approach outperforms trial and error and results with models of higher accuracy and reliability.
V. CONCLUSION
Due to heterogeneity of smart things, the security of
smart things, IoT services and IoT networks is a complex
practical and research problem. In this paper, we have
evaluated the ability of machine learning algorithms to
identify cyber-attack. We show that there is great potential in using this method. Experimental results
demonstrated superiority of proposed feature selection
(contrast mining) and predictive modelling approaches
(genetic algorithm and neural network) with respect to
previously used approach of correlation and entropy in
feature selection and SVM or neural networks in
classification. Nevertheless, there are some limitations of
this work which should be taken into account when
interpreting the results. First, contrast mining techniques
in feature selection are defined with the assumption of
feature independence. This approach has some
advantages, but there is a limitation when features
interact. Second, our approach is evaluated only on one
dataset. In future work we should extend research by
performing the evaluation on various data sets regarding
this domain. Third, we were faced with highly imbalanced dataset, which can cause the learner to be
biased towards one class: attack. This bias is the result of
class normal being heavily under represented compared
to the other class: attack. In the future research we will
use methods for dealing with class imbalance: introduce
weighting schemes that will give instances of the normal
class a higher weight during training, duplicating training
examples of the class normal, removing examples of the
attack class. We will use each of the approaches to deal
with the data imbalance to identify which one fits best for
the application at hand.
REFERENCES
[1] S. Khan, A. Gani, A. W. A. Wahab, M. Shiraz, and I. Ahmad,
“Network forensics: Review, taxonomy, and open challenges,” J.
Netw. Comput. Appl., vol. 66, pp. 214–235, May 2016, doi:
10.1016/j.jnca.2016.03.005.
[2] “Into the Battlefield: A Security Guide to IoT Botnets - Security
News - Trend Micro USA.” [Online]. Available:
https://www.trendmicro.com/vinfo/us/security/news/internet-of-
things/into-the-battlefield-a-security-guide-to-iot-botnets.
[Accessed: 15-Jan-2020].
[3] V. Corey, C. Peterman, S. Shearin, M. S. Greenberg, and J. Van
Bokkelen, “Network forensics analysis,” IEEE Internet Comput.,
vol. 6, no. 6, pp. 60–66, Nov. 2002, doi:
10.1109/MIC.2002.1067738.
[4] R. Hunt and S. Zeadally, “Network Forensics: An Analysis of
Techniques, Tools, and Trends,” Computer, vol. 45, no. 12, pp.
36–43, Dec. 2012, doi: 10.1109/MC.2012.252.
[5] N. Koroniotis, N. Moustafa, E. Sitnikova, and J. Slay, “Towards
Developing Network Forensic Mechanism for Botnet Activities in
the IoT Based on Machine Learning Techniques,” in Mobile
Networks and Management, Cham, 2018, pp. 30–44, doi:
10.1007/978-3-319-90775-8_3.
[6] Z.-K. Zhang, M. C. Y. Cho, C.-W. Wang, C.-W. Hsu, C.-K. Chen,
and S. Shieh, “IoT Security: Ongoing Challenges and Research
Opportunities,” in 2014 IEEE 7th International Conference on
Service-Oriented Computing and Applications, 2014, pp. 230–
234, doi: 10.1109/SOCA.2014.58.
[7] A. Dorri, S. S. Kanhere, R. Jurdak, and P. Gauravaram,
“Blockchain for IoT security and privacy: The case study of a
smart home,” in 2017 IEEE International Conference on
Pervasive Computing and Communications Workshops (PerCom
Workshops), 2017, pp. 618–623, doi:
10.1109/PERCOMW.2017.7917634.
[8] M. A. Khan and K. Salah, “IoT security: Review, blockchain
solutions, and open challenges,” Future Gener. Comput. Syst.,
vol. 82, pp. 395–411, May 2018, doi:
10.1016/j.future.2017.11.022.
[9] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “DDoS in
the IoT: Mirai and Other Botnets,” Computer, vol. 50, no. 7, pp.
80–84, 2017, doi: 10.1109/MC.2017.201.
[10] Y. Meidan et al., “N-BaIoT—Network-Based Detection of IoT
Botnet Attacks Using Deep Autoencoders,” IEEE Pervasive
Comput., vol. 17, no. 3, pp. 12–22, Jul. 2018, doi:
10.1109/MPRV.2018.03367731.
[11] D. Andročec and N. Vrček, “Machine Learning for the Internet of
Things Security: A Systematic Review,” in Proceedings of the
MIPRO 2020/ISS 1461
13th International Conference on Software Technologies, Porto,
Portugal, 2018, pp. 563–570, doi: 10.5220/0006841205630570.
[12] M. Hossain, R. Hasan, and S. Zawoad, “Probe-IoT: A public
digital ledger based forensic investigation framework for IoT,” in
IEEE INFOCOM 2018 - IEEE Conference on Computer
Communications Workshops (INFOCOM WKSHPS), 2018, pp. 1–
2, doi: 10.1109/INFCOMW.2018.8406875.
[13] L. Xiao, X. Wan, X. Lu, Y. Zhang, and D. Wu, “IoT Security
Techniques Based on Machine Learning: How Do IoT Devices
Use AI to Enhance Security?,” IEEE Signal Process. Mag., vol.
35, no. 5, pp. 41–49, Sep. 2018, doi: 10.1109/MSP.2018.2825478.
[14] F. Hussain, R. Hussain, S. A. Hassan, and E. Hossain, “Machine
Learning in IoT Security: Current Solutions and Future
Challenges,” ArXiv190405735 Cs Stat, Mar. 2019.
[15] B. Chatterjee, D. Das, S. Maity, and S. Sen, “RF-PUF: Enhancing
IoT Security Through Authentication of Wireless Nodes Using In-
Situ Machine Learning,” IEEE Internet Things J., vol. 6, no. 1,
pp. 388–398, Feb. 2019, doi: 10.1109/JIOT.2018.2849324.
[16] M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A.-R. Sadeghi,
and S. Tarkoma, “IoT SENTINEL: Automated Device-Type
Identification for Security Enforcement in IoT,” in 2017 IEEE
37th International Conference on Distributed Computing Systems
(ICDCS), 2017, pp. 2177–2184, doi: 10.1109/ICDCS.2017.283.
[17] P. Mohamed Shakeel, S. Baskar, V. R. Sarma Dhulipala, S.
Mishra, and M. M. Jaber, “Maintaining Security and Privacy in
Health Care System Using Learning Based Deep-Q-Networks,” J.
Med. Syst., vol. 42, no. 10, p. 186, Aug. 2018, doi:
10.1007/s10916-018-1045-z.
[18] C. Sima and E. R. Dougherty, “The peaking phenomenon in the
presence of feature-selection,” Pattern Recognit. Lett., vol. 29, no.
11, pp. 1667–1674, Aug. 2008, doi: 10.1016/j.patrec.2008.04.010.
[19] T. Czekaj, W. Wu, and B. Walczak, “Classification of genomic
data: Some aspects of feature selection,” Talanta, vol. 76, no. 3,
pp. 564–574, Jul. 2008, doi: 10.1016/j.talanta.2008.03.045.
[20] N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull,
“Towards the development of realistic botnet dataset in the
Internet of Things for network forensic analytics: Bot-IoT
dataset,” Future Gener. Comput. Syst., vol. 100, pp. 779–796,
Nov. 2019, doi: 10.1016/j.future.2019.05.041.
[21] D. Oreski and D. Androcec, “Hybrid Data Mining Approaches for
Intrusion Detection in the Internet of Things,” in 2018
International Conference on Smart Systems and Technologies
(SST), Osijek, 2018, pp. 221–226, doi:
10.1109/SST.2018.8564573.
[22] D. Oreski and B. Klicek, “A novel feature selection techniques
based on contrast set mining,” in 14th International Conference
on Artificial Intelligence, Knowledge Engineering and Data Bases
(AIKED’15), Tenerife, Spain, 2015.
[23] J. Lawrence, Introduction to neural networks: design, theory, and
applications, 6. ed. Nevada City, Calif: California Scientific
Software, 1994.
[24] R. L. Wilson, “Business implementation issues for neural
networks,” J. Comput. Inf. Syst., vol. 32, pp. 15–19, 1992.
[25] A. M. Flitman, “Towards analysing student failures: neural
networks compared with regression analysis and multiple
discriminant analysis,” Comput. Oper. Res., vol. 24, no. 4, pp.
367–377, Apr. 1997, doi: 10.1016/S0305-0548(96)00060-3.
[26] S. Oreski and G. Oreski, “Genetic algorithm-based heuristic for
feature selection in credit risk assessment,” Expert Syst. Appl.,
vol. 41, no. 4, pp. 2052–2064, Mar. 2014, doi:
10.1016/j.eswa.2013.09.004.
[27] N. Sharma and T. Gedeon, “Hybrid Genetic Algorithms for Stress
Recognition in Reading,” in Evolutionary Computation, Machine
Learning and Data Mining in Bioinformatics, vol. 7833, L.
Vanneschi, W. S. Bush, and M. Giacobini, Eds. Berlin,
Heidelberg: Springer Berlin Heidelberg, 2013, pp. 117–128.
[28] Z. Beheshti, S. M. Hj. Shamsuddin, E. Beheshti, and S. S.
Yuhaniz, “Enhancement of artificial neural network learning
using centripetal accelerated particle swarm optimization for
medical diseases diagnosis,” Soft Comput., vol. 18, no. 11, pp.
2253–2270, Nov. 2014, doi: 10.1007/s00500-013-1198-0.
[29] H. Chiroma et al., “Neural Networks Optimization through
Genetic Algorithm Searches: A Review,” Appl. Math. Inf. Sci.,
vol. 11, no. 6, pp. 1543–1564, Nov. 2017, doi:
10.18576/amis/110602.
[30] C. Kaiser, A. Ahuvia, P. A. Rauschnabel, and M. Wimble, “Social
media monitoring: What can marketers learn from Facebook
brand photos?,” J. Bus. Res., p. S0148296319305429, Sep. 2019,
doi: 10.1016/j.jbusres.2019.09.017.
1462 MIPRO 2020/ISS