Soft Computing (2023) 27:6297–6305

https://doi.org/10.1007/s00500-023-07906-6 (0123456789().,-volV)(0123456789().
,- volV)

DATA ANALYTICS AND MACHINE LEARNING

Toward support-vector machine-based ant colony optimization

algorithms for intrusion detection
Ahmed Abdullah Alqarni1

Received: 25 September 2021 / Revised: 17 January 2022 / Accepted: 27 April 2022 / Published online: 28 February 2023
Ó The Author(s), under exclusive licence to Springer-Verlag GmbH Germany, part of Springer Nature 2023

Abstract
One of the major challenges of network traffic analysis is intrusion detection. Intrusion detection systems (IDSs) are
designed to detect malicious activities that attempt to compromise the confidentiality, integrity, and assurance of computer
systems. Intrusion detection system has become the most widely employed security technology. The novelty of the
proposed research is to develop a system for IDSs. In this research, a support-vector machine (SVM) with ant colony
optimization (ACO) is proposed to detect an intrusion. Standard data sets, namely Knowledge Discovery and Data Mining
(KDD) Cup ’99 and Network Security Laboratory (NSL)-KDD, were utilized to test the results of the proposed system.
One of the greatest challenges in a network analysis dataset is dimensionality. To handle dimensionality reduction, the ant
colony optimization algorithm was applied. In the ACO method, significant subset features are selected from the entire
dataset. These subset features have proceeded the SVM machine learning algorithm for detection intrusion. The empirical
results point out that the SVM with ACO has obtained superior accuracy. It is concluded that the SVM-ACO model can
more efficiently protect a network system from intrusion.

Keywords Machine learning  Computation algorithms  Network traffic analysis  Cybersecurity

1 Introduction unapproved logins and accessing to records and malware

(e.g., infections, Trojan stallions, and worms), which can
The Internet has a fundamental part in relentless corre- change the condition of the network. Network intrusions
spondence; thus, its applicability can lessen the impacts are caused by the approaching packets in the network
attributed to intrusions. Intrusion is defined as a movement system, which perform behaviors such as a denial-of-ser-
that unfavorably influences the focus on the computer. The vice (DoS) attack or even an attempt to split the network
intrusion may harm reputability, integrity, privacy, and into systems (Joshi et al. 2015; Sitalakshm and Alazab
accessibility to assets during a tagged attack. The security 2018).
of a computer system will be at risk when an intrusion An IDS consists of software and/or hardware designed
happens (Alkahtani et al. 2020; Aldhyani and Joshi 2017; to detect malicious behaviors related to accessing, manip-
Aldhyani et al. 2020). ulating, and/or disabling a computer system, mainly
Intrusions can be aggregated into host-based intrusion through a network, such as the Internet. Monitoring the
and network intrusion, which are considered attempts to events occurring in a host or network, analyzing the net-
access, control, modify, or destroy data, and render a sys- work and system events, detecting malicious activities, and
tem inconsistent or unusable. These intrusions incorporate sounding an alarm if an attack is detected are the major
and control the system by controlling any alterations to a tasks of an IDS (Aldhyani et al. 2020; Bassey et al. 2019).
document system, such as increasing benefits, making An intrusion detection system is a tool that is used to
detect an intrusion on the network and host levels. Gen-
erally, the most popular and well-known data for an
& Ahmed Abdullah Alqarni
[email protected] intrusion detection system is audit data. Audit data record
all the activities and actions that occur in a system and
1
Department of Computer Sciences and Information saves them in sequential order. As long as the system can
Technology, Al Baha University, Al Baha, Saudi Arabia

123
6298 A. A. Alqarni

record all activities, it can correspond to any system call in In Hu et al. (2003) applied a SVM algorithm to classify the
the system. Thus, it is possible to physically analyze the anomalies. Wagner et al. (2011) presented a one-class
auditing data and detect any abnormal activity in the sys- SVM classifier to detect anomaly detection by using dif-
tem. However, the immense size of the audit data that is ferent types of attacks in dataset. The SVM classifier was
available in the system often renders manual analysis proposed for detecting unknown computer attacks (Mos-
impractical. Consequently, an automated audit data anal- kovitch et al. 2007). Kotpalliwar et al. (2015), Saxena et al.
ysis tool is the only solution. In recent years, as the second (2014), Pervez et al. (2014), Shon et al. (2005), and Kokila
line of defense after a firewall, intrusion detection et al. (2014) presented a SVM algorithm to build a
approaches have rapidly developed (Al-Mughanam et al. cybersecurity system for detecting intrusion.
2020). Intrusion detection has an important role in attack
detection, security inspection and network checks. With the
rapidly growing connectivity of the Internet, network 2 Materials and methods
computer systems have increasingly vital roles in the
modern community. While the Internet has provided great Framework of proposed system shown in Fig. 1.
benefits to society, it has also rendered critical systems
vulnerable to malicious attacks, since a preventive 2.1 Data sets
approach, such as a firewall, is not adequate for providing
sufficient security for a computer system. An intrusion in As the experiments have been conducted, two standard IDS
an information system is an activity that contravenes the data sets are applied. A detailed description of these
security strategy of the system: It is a deliberate unofficial datasets is presented as follows:
endeavor to access information, manipulate information,
and render systems unreliable. Intrusion detection is a 2.1.1 KDD Cup’99 data set
process that is employed to identify a malicious intrusion
and that is based on the belief that the behavior of an The KDD Cup data set1 is employed in three international
intruder will significantly differ from that of a legitimate KDD tools to develop intrusion detection and robust data
user. mining algorithm discovery and distinguish between nor-
Bose et al. (2007) proposed Bayesian and Markov chain mal packets and attack packets. This contains three major
algorithms to discover specific rules for an IDS. The results intrusions, namely DOS, Probe, User to Root (U2R) and
of their proposed system were a detection rate of 94.33% Remote to Local (U2R). KDD Cup is represented by 41
and a false positive rate (FPR) of 0.8%. It is noted that the attributes. Table 1 shows the features of KDD Cup dataset.
proposed system achieved satisfactory results compared
with existing systems. Mitrokotsa et al. (2013) introduced 2.1.2 NSL-KDD data set
five classification algorithms, namely the naı̈ve Bayes
model, linear model, Gaussian mixture model, multilayer The NSL-KDD is an advanced version of KDD Cup data
perceptron, and support-vector machine (SVM), for for analyzing and detecting intrusion in a network. The
developing an IDS. It observed that the multilayer per- NSL-KDD data set has been proposed by McHugh. Fur-
ceptron classifier has given the best performance compared thermore, each record consists of 41 features, and these
with other classification algorithms. Azmoodeh and Choo features can be described as either normal or attacks. The
(2018) presented a deep leaning algorithm to detect mal- NSL-KDD dataset contains three major intrusions, namely
ware detection in ‘‘Internet of (Battlefield) Things Devi- (DOS), Probe, and (U2R) & (U2R). The attacks of the data
ces’’. Doshi et al. (2018) presented the K-nearest are illustrated in Table 2.
neighbors, decision tree, SVM, decision tree using Gini
impurity scores, random forest using Gini impurity scores 2.2 Pre-processing techniques
and neural network approaches to detect normal IoT
packets from denial service attacks packets. It is concluded Pre-processing has a vital role in analyzing patterns from
that the random forest tree has attained the best results. network data to achieve accurate results. Therefore, the
Li et al. (2012) used the SVM classification algorithm to pre-processing steps are an essential part of the intrusion
detect the denial of service attack (DoS), Probe or Scan, detection system to improve the SVM algorithm for
user to root (U2R), remote to local (R2L) attacks and detection intrusion. The ant colony optimization (ACO)
normal packets. The standard dataset Knowledge Discov- algorithm was proposed as a pre-processing stage to select
ery and Data Mining (KDD) Cup ’99 was employed to test
the proposed system. In Amiri et al. (2011) presented a 1
KDD Cup 1999 Data (http://kdd.ics.uci.edu/databases/kddcup99/
least-squared SVM algorithm for classification of big data. kddcup99.html).

123
Toward support-vector machine-based ant colony optimization algorithms for intrusion detection 6299

Fig. 1 Methodology of the proposed system

the irrelevant features from network traffic datasets. These The feasible feature set is j^k, where ant k can be added
features can help to develop a cybersecurity system. to its subset; the pheromone value and heuristic value are
g_i and T_i, respectively, which are connected with fea-
2.2.1 Ant colony optimization (ACO) tures i. a and b are parameters that are utilized to identify
the weight of the pheromone and heuristics value. The
The ACO algorithm is one of the most important proba- selection of the parameter values is very important for
bilities techniques for resolving a computation problem. balancing between exploitation and exploration. The
ACO is applied to determine the best approach for solving pheromone update is the main part of the ACO algorithm.
this problem based on the rules of real ants. The ACO After ants completed their task of identifying the best path
algorithm is developed by Marco Dorigo in 1992, as for solving a problem, the pheromone update is used to
mentioned in his Ph.D. thesis (Vishwakarma et al. 2017a). help the next ants follow the same path for completing their
The algorithm has focused on determining the best path in task. To distribute the pheromone in all nodes, Eqs. (2) and
the graph using the behaviors of ants for seeking the best (3) is considered.
path between their colony and a source of food. Ants pass
through the graph where fewer nodes are found, and the Ti ðtÞ ¼ ð1  pÞTi ðtÞ ð2Þ
graph nodes are fully connected to allow for features. The Ti ðt þ 1Þ ¼ Ti ðtÞ þ DTi ð3Þ
main object of the ACO algorithm is transition between the
X
m
pheromone rules and the modernized rules; thus, the DTi ðtÞ ¼ DTik ðtÞ ð4Þ
pheromone and heuristics values are connected instead of k¼1
each having a separate value. Primarily, the portrayal of the
where M is the number of ants at each repetition and
heuristic value is the engaging quality of a beacon; the
p [ (0, 1) denotes the decomposition factor of the pher-
essential element of any ACO algorithm is a helpful
omone trail. The essential objective of using the pher-
heuristic for developing probabilistic features (Kanaka
omone is to evaporate other ants along the same path. The
Vardhini and Sitamahalakshmi 2017). A constructive
ants can update the pheromone according to Eqs. 4 and 5.
heuristic process assembles arrangements as successions of  
highlights from the limited arrangement of highlights. A k
k  n
DTi ðtÞ ¼ w  c s ðtÞ þ ;  ifi 2 Sk ð5Þ
subset construction begins with an unfilled subset. Fur- jsk ðtÞj
thermore, each construction step of the subset is reached by
where s^k (t) is the features, subset obtained by ant k at
including the main feature from the set of features. An
iteration t and |s^k (t)|) is the length of the pheromone.
appropriate heuristic attractive quality of crossing between
w and [ are parameters that govern the performance of the
two features could be any subset assessment (Vishwakarma
classifier. We have applied the ACO algorithm to choose
et al. 2017b).
the significant features from the different datasets that have
½Ti ðtÞa :½gi b been utilized. Eight of the most significant features selected
PKi ðtÞ ¼ P a b
ifi 2 jk ð1Þ
from the KDD CUP dataset is illustrated in Table 3.
u2jk ½Tu ðtÞ :½gu 

123
6300 A. A. Alqarni

Table 1 Eight Most significant selected features from KDD Cup 99 Table 2 All types of attacks in KDD Cup and NSL-KDD
by using the ACO algorithm
Major attack Types of major attacks
Attacks Number of features Name of feature
Dos Back,
Probe 34 dst_host_same_srv_rate Land,
4 Flag Neptune,
14 num_file_creations Pod,
20 Count Smurf,
41 dst_host_srv_rerror_rate Teardrop,
19 num_access_files’ real Mailbomb,
9 logged_in Processtable,
21 is_host_login Udpstor m,
DOS 9 logged_in Apache2,
21 is_host_login Worm
31 dst_host_same_srv_rate Probe Satan,
12 su_attempted IPsweep,
40 Service Nmap,
18 is_host_login Portsweep,
3 dst_bytes Mscan,
14 num_file_creations Sa int
U2R and R2L 40 dst_host_rerror_rate R2L Guess
39 dst_host_srv_serror_rate _password,
10 Hot Ftp_write
34 dst_host_srv_diff_host_rate , Imap,
10 num_compromised Phf,Multihop,
40 Service Warezmaster,
14 num_file_creations Xlock,
20 Count Xsnoop,
Snmpgue,
ss,
Snmpgetattack,
Table 4 shows the subset features selected from the NSL-
Httptunnel,
KDD data set. Figure 2 displays the ACO algorithm pro-
Sendmail,
cess for selecting subset features from the original dataset.
Named
The ACO algorithm is applied to detect the space of sub-
sets from among all features. These significant features are U2R Buffer_ overflow,
fed into the classification algorithms to build a robust IDS Loadmodule Rootkit,
system. It is observed that the time processing for selecting Perl,
the features is more suitable. Sqlattack,
Xterm,
2.3 Support-vector machine (SVM) algorithm Ps

The SVM was proposed by Vapnik (Cortes 1995) in 1963. these two hyperplanes. Hence, the hyperplane has the lar-
It is a significant supervised machine learning algorithm gest distance, which is considered a reasonable separation.
that is employed for large databases and provides more The SVM has obtained a lower error when the margin is
accurate results. The SVM is designed for the dichotomist large.
classification problem, such as binary classification with
two classes or with multiclasses. The SVM works to
determine the optimal dichotomist hyperplane that can 3 Experimental results
maximize the margin, which can achieve the largest sep-
aration of two or more classes. To classify two classes, two In this section, the results of the proposed methodology for
parallel hyperplanes are constructed. The SVM tries to the IDS are presented.
separate the hyperplane and increase the distance between

123
Toward support-vector machine-based ant colony optimization algorithms for intrusion detection 6301

Table 3 Eight most significant selected features from NSL-KDD by The equation performance measures are presented as
using ACO algorithm follows:
Attacks Number of features Name of feature TP þ TN
Accuracy ¼ ð6Þ
DOS 4 Flag FP þ FN þ TP þ TN
37 dst_host_rerror_rate TN
Specificity ¼  100% ð7Þ
34 dst_host_srv_diff_host_rate TN þ FP
21 is_host_login TP
Sensitivity ¼  100% ð8Þ
12 su_attempted TP þ FN
41 Flag TP
40 dst_host_rerror_rate Recall ¼  100% ð9Þ
TP þ FN
39 dst_host_srv_serror_rate
precision  Recall
Probe 39 protocol_type F1 score ¼ 2   100% ð10Þ
9 logged_in
precision  Recall
8 num_failed_logins where TP is True Positive, FP is False Positive, TN is True
31 dst_host_same_srv_rate Negative, and FN is False Negative.
8 num_failed_logins
40 Service 3.3 Results and discussion
10 num_compromised
4 Land The proposed methodology was designed by using real
U2R and R2L 31 dst_host_same_srv_rate network data, which contains normal and attacks labels.
41 Flag The ACO method was employed to handle dimensionality
8 num_failed_logins reduction, and the ACO method was utilized to select the
32 dst_host_diff_srv_rate significant features from the big network data. We have
14 num_file_creations selected eight significant features, which were the more
33 dst_host_same_src_port_rate important features from the entire the dataset. These eight
4 Land features were processed by using the SVM machine
40 Service learning algorithm. The dataset was divided into 70% for
training and 30% for testing. Tables 5 and 6 show the
division of the data for KDD Cup’99 and NSL-KDD,
respectively. Figures 3 and 4 display the size of the total
Table 4 Experiment environment setup KDD Cup ’99 and NSL-KDD datasets.
Hardware Environment Table 7 indicates that the results obtained by using the
SVM classifier and the ACO method for the KDD Cup ’99
Operation system Windows 7 dataset. The KDD Cup ’99 dataset has 41 features, and
CPU I3 eight important features were selected for the ACO
Memory 4 method. The hybrid model was applied for each major
Development environment Jupyter Python 3.6 attack in KDD Cup’99 with a normal class. The empirical
results reveal that the hybrid mode has obtained suit-
able performance with DOS and U2R & R2L attack and
normal, 100% with respect to accuracy metric.Table 8
3.1 Experiment environment setup summarizes the results of the hybrid model by using the
NSL-KDD dataset. It is observed that the hybrid model has
This research has been conducted by employing different obtained the best accuracy with DOS and Probe attacks and
environments, such as hardware and software. Table 4 the normal class. The accuracy for a DOS attack is 99.90%,
displays the requirements employed to develop the pro- and the accuracy for a Probe attack is 99.62%. It is
posed system. observed that the proposed methodology has achieved the
highest accuracy, due to the proposed obtained these results
3.2 Evaluation metrics with minimal time. The performance of the hybrid model,
which utilizes the KDD Cup’99 dataset and NSL-KDD
The performance measures were proposed to evaluate the dataset, is shown in Figs. 5 and 6.
proposed methodology for the IDS. The Accuracy, False
Positive, Precision, True Positive and Time were presented.

123
6302 A. A. Alqarni

Fig. 2 Algorithm steps of ACO

for feature selection from
network datasets

Table 5 Splitting KDD Cup’99 dataset 4 Conclusion

Attacks Total data Training data Testing dataset
Taking into account the notion that digital marketing and
DOS 13,500 9450 4051 online business have access to highly private information
Probe 10,252 7176 3076 that is communicated with the Internet, it is very important
U2R & R2L 18,252 12,776 5476 to develop a security system to protect this information
from threats. In this methodology, a hybrid system, ACO
with a SVM, is proposed to detect intrusions. The system
was tested by using a real standard dataset. The ACO
Table 6 Splitting NSL-KDD dataset method was applied to select subset features from an entire
Attacks Total data Training data Testing dataset dataset to enhance the proposed system. The subset fea-
tures were considered significant features for developing
DOS 308,966 216,276 92,690
the system, and the SVM system was employed as a
Probe 22,635 15,844 6791
classification process for detecting attacks. The proposed
U2R & R2L 32,568 22,797 9771
system has the capability of improving cyber-security
system for detection attacks. The overall results show that
the proposed system can efficiently detect various intru-
sions. In the future, we will use our real dataset and the
deep learning method to improve the cybersecurity system.

Size
18252

13500
10252

DOS Probe U2R & R2L

Size

Fig. 3 Size of simple for KDD Cup’99 dataset

123
Toward support-vector machine-based ant colony optimization algorithms for intrusion detection 6303

Size

308966

22635 32568

DOS Probe U2R & R2L

Size

Fig. 4 Size of simple NSL-KDD dataset

Table 7 Performance of hybrid

Attack Accuracy (%) Sensitivity (%) Specificity (%) Precision (%) Time (seconds)
model of KDD Cup ’99 dataset
DOS 100 99.23 99.69 100 0.92
Probe 99.95 98.26 97.85 99.33 0.035
U2R & R2L 100 99.50 98.70 99.93 0.025

Table 8 Performance of hybrid

Attack Accuracy (%) Sensitivity (%) Specificity (%) Precision (%) Time (seconds)
model of NSL-KDD dataset
DOS 99.90 99.60 98.89 99.63 0.85
Probe 99.62 99.02 98.25 99.65 0.72
U2R & R2L 99.23 99.11 99.22 99.62 0.95

Fig. 5 Performance of proposed Performance of Hybrid model with KDD

model in KDD Cup ’99 dataset cup'99

100
98
Accuracy(%)
96
%

94 Sensivity (%)
92 Specificity (%)
90 Precision (%)
DOS Probe U2R & R2L
aacks

123
6304 A. A. Alqarni

Fig. 6 Performance of proposed Performance of Hybrid model with NSL-KDD

model in NSL-KDD dataset

100
98
Accuracy(%)
96

%
Sensivity (%)
94
Specificity (%)
92
Precision (%)
90
DOS Probe U2R & R2L

aacks

Funding The authors have not disclosed any funding. Doshi R, Apthorpe N, Feamster N (2018) Machine learning DDoS
detection for consumer internet of things devices. In: Proceed-
Data availability Enquiries about data availability should be directed ings of the IEEE security and privacy workshops (SPW), San
to the authors. Francisco, CA, USA, pp 29–35
Hu W, Liao Y, Vemuri VR (2003) Robust support vector machines
for anomaly detection in computer security. In Proceedings of
Declarations the international conference on machine learning and applica-
tions—ICMLA 2003, Los Angeles, CA, USA, pp 168–174
Conflict of interest The authors declare that they have no conflict of Joshi M, Hadi TH (2015) A review of network traffic analysis and
interest. prediction techniques, pp 23
Kanaka Vardhini K, Sitamahalakshmi T (2017) Enhanced Intrusion
detection system using data reduction: an ant colony optimiza-
tion approach. Int J Appl Eng Res 12(9):1844–1847
References Kokila R, Selvi ST, Govindarajan K (2014) DDoS detection and
analysis in SDN-based environment using support vector
Aldhyani THH, Joshi M (2017) Intelligent time series model to machine classifier. In: Proceedings of the 2014 sixth interna-
predict bandwidth utilization. Int J Comput Sci Appl 14:130–141 tional conference on advanced computing (ICoAC), Chennai,
Aldhyani THH, Alrasheedi M, Alqarni AA, Alzahrani MY, Bamhdi India, pp 205–210
AM (2020) Intelligent hybrid model to enhance time series Kotpalliwar MV, Wajgi R (2015) Classification of attacks using
models for predicting network traffic. IEEE Access support vector machine (SVM) on KDDCUP’99 IDS database.
8:130431–130451. https://doi.org/10.1109/ACCESS.2020. In: Proceedings of the 2015 fifth international conference on
3009169 communication systems and network technologies, Gwalior,
Aldhyani THH, Al-Yaari M, Alkahtani H, Maashi M (2020) Water India, pp 987–990
quality prediction using artificial intelligence algorithms. Appl Li Y, Xia J, Zhang S, Yan J, Ai X, Dai K (2012) An efficient intrusion
Bionics Biomech 2020(6659314) detection system based on support vector machines and gradu-
Alkahtani H, Aldhyani THH, Al-Yaari M (2020) Adaptive anomaly ally feature removal method. Expert Syst Appl 39:424–430
detection framework model objects in cyberspace. Appl Bionics Mitrokotsa A, Dimitrakakis C (2013) Intrusion detection in manet
Biomech 6660489:14 using classification algorithms: the effects of cost and model
Al-Mughanam T, Aldhyani THH, Alsubari B, Al-Yaari M (2020) selection. Ad Hoc Netw 11:226–237
Modeling of compressive strength of sustainable self-compact- Moskovitch R, Nissim N, Stopel D, Feher C, Englert R, Elovici Y
ing concrete incorporating treated palm oil fuel ash using (2007) Improving the detection of unknown computer worms
artificial neural network. Sustainability 12:9322 activity using active learning. Proc Annu Conf Artif Intell
Amiri F, Yousefi MR, Lucas C, Shakery A, Yazdani N (2011) Mutual 10–13:489–493
information-based feature selection for intrusion detection Pervez MS, Farid DM (2014) Feature selection and intrusion
systems. J Netw Comput Appl 34:1184–1199 classification in NSL-KDD cup 99 dataset employing SVMs.
Azmoodeh A, Dehghantanha A, Choo KKR (2018) Robust malware In: Proceedings of the 8th international conference on software,
detection for internet of (Battlefield) things devices using deep knowledge, information management and applications (SKIMA
eigenspace learning. IEEE Trans Sustain Comput 4:88–95 2014), Dhaka, Bangladesh, pp 1–6
Bassey J, Adesina D, Li X, Qian L, Aved A, Kroecker T (2019) Saxena H, Richariya V (2014) Intrusion detection in KDD99 dataset
Intrusion detection for IoT devices based on RF fingerprinting using SVM-PSO and feature reduction with information gain. Int
using deep learning. In: Proceedings of the 2019 fourth J Comput Appl 98:25–29
international conference on fog and mobile edge computing Shon T, Kim Y, Lee C, Moon J (2005) A machine learning
(FMEC), Rome, Italy, pp 98–104 framework for network anomaly detection using SVM and GA.
Bose S, Bharathimurugan S, Kannan A (2007) Multi-layer integrated In: Proceedings of the sixth annual IEEE SMC information
anomaly intrusion detection system for mobile Adhoc networks. assurance workshop, West Point, NY, USA, pp 176–183
Proc IEEE Int Conf Signal Process Commun Netw Sitalakshmi V, Alazab M (2018) Use of data visualisation for zero-
22–24:360–365 day malware detection. Secur Commun Netw 1728303:13.
Cortes C (1995) Vapnik VN support vector networks. Mach Learn https://doi.org/10.1155/2018/1728303
20:273–297

123
Toward support-vector machine-based ant colony optimization algorithms for intrusion detection 6305

Vishwakarma S, Sharma V, Tiwari A (2017a) An intrusion detection Publisher’s Note Springer Nature remains neutral with regard to
system using KNN-ACO algorithm. Int J Comput Appl jurisdictional claims in published maps and institutional affiliations.
171:18–23
Vishwakarma S, Sharma V, Tiwari A (2017b) An intrusion detection Springer Nature or its licensor (e.g. a society or other partner) holds
system using KNN-ACO algorithm. Int J Comput Appl exclusive rights to this article under a publishing agreement with the
171(10):18–23. https://doi.org/10.5120/ijca2017914079 author(s) or other rightsholder(s); author self-archiving of the
Wagner C, François J, Engel T (2011) Machine learning approach for accepted manuscript version of this article is solely governed by the
ip-flow record anomaly detection. Proc Int Conf Res Netw terms of such publishing agreement and applicable law.
9–13:28–39

123