Journal of Cyber Security and Risk Auditing

ISSN: 3079-5354 (Online)

Publishing model:

: Open access
open accessOpen Access

Article

Leveraging ACO, GA, and GWO for Enhancing Port Scan Attack Detection Using Machine Learning

by 

Mohammed Amin Almaiah ;

Rajan Kadel

PDF logoPDF

Published: 2025

Abstract

Port scan attacks are commonly employed by malicious actors or automated tools to probe a system’s network ports in search of open ports and potential vulnerabilities. These ports function as communication endpoints that allow services and applications to exchange data. While port scanning is often associated with malicious intent—such as mapping network structures, identifying running services, or preparing for subsequent attacks—it is not always harmful. In fact, cybersecurity professionals and system administrators regularly use port scanning as a diagnostic tool to identify and address system weaknesses. To protect against port scan attacks, organizations typically deploy a combination of firewalls, intrusion detection systems (IDS), and network monitoring tools to detect and block unauthorized scanning activities. Detecting port scans is a vital part of cybersecurity defense, enabling organizations to identify points of vulnerability, respond swiftly to incidents, and implement appropriate security measures. This proactive approach significantly reduces the risk of successful cyber intrusions. In our research, we propose a machine learning-based approach for detecting port scan attacks. The process begins with data collection, where network traffic data containing behavioral indicators of scanning activity is gathered. From this data, relevant features are extracted to train the model. Feature selection is then performed using metaheuristic algorithms such as Ant Colony Optimization (ACO), Genetic Algorithm (GA), and Gray Wolf Optimization (GWO), which help reduce computational complexity by selecting the most informative features. These selected features are then used to train machine learning models, including classifiers like Support Vector Machine (SVM) and K-Nearest Neighbors (KNN), to differentiate between benign and malicious activity. Finally, the performance of the trained models is assessed using evaluation metrics such as precision, recall, F1-score, and accuracy. The results of our experiments indicate that the proposed models are highly effective, achieving accuracy rates exceeding 99% across all tested configurations. In summary, port scan detection is essential for strengthening network defenses. By leveraging machine learning techniques and optimization-based feature selection, it is possible to detect and respond to port scanning behaviors with greater accuracy and efficiency.

Keywords

Internet of Things (IoT)AuthenticationBlockchainSecurity of IoT networksHomomorphic Encryption Privacy

Doi Link

https://doi.org/10.63180/jcsra.thestap.2025.4.9

How to Cite the Article

Almaiah, M. A., & Kadel, R. (2025). Leveraging ACO, GA, and GWO for Enhancing Port Scan Attack Detection Using Machine Learning. Journal of Cyber Security and Risk Auditing, 2025(4), 306–326.https://doi.org/10.63180/jcsra.thestap.2025.4.9

Leveraging ACO, GA, and GWO for Enhancing Port Scan Attack Detection Using Machine Learning is licensed under CC BY 4.0CCBY

References

  1. Sun, Z., An, G., Yang, Y., & Liu, Y. (2024). Optimized machine learning enabled intrusion detection 2 system for internet of medical things. Franklin Open, 6, 100056.
  2. Hassan, S. M., Mohamad, M. M., & Muchtar, F. B. (2024). Advanced intrusion detection in MANETs: A survey of machine learning and optimization techniques for mitigating black/gray hole attacks. IEEE Access.
  3. Shanbhag, A., Vincent, S., Gowda, S. B., Kumar, O. P., & Francis, S. A. J. (2024). Leveraging metaheuristics for feature selection with machine learning classification for malicious packet detection in computer networks. IEEE Access, 12, 21745-21764.
  4. Mirjalili, S., Mirjalili, S. M., & Lewis, A. (2014). Grey wolf optimizer. Advances in engineering software, 69, 46-61.
  5. Dorigo, M., Birattari, M., & Stutzle, T. (2007). Ant colony optimization. IEEE computational intelligence magazine, 1(4), 28-39.
  6. Holland, J. H. (1992). Genetic algorithms. Scientific american, 267(1), 66-73.
  7. AL-Husseini, H., Hosseini, M. M., Yousofi, A., & Alazzawi, M. A. (2024). Whale Optimization Algorithm-Enhanced Long Short-Term Memory Classifier with Novel Wrapped Feature Selection for Intrusion Detection. Journal of Sensor and Actuator Networks, 13(6), 73.
  8. Komatnani Govindan, S., Vijayaraghavan, H., Kishore Anthuvan Sahayaraj, K., & Mary Joy Kinol, A. (2024). Optimizing Internet-Wide Port Scanning for IoT Security and Network Resilience: A Reinforcement Learning-Based Approach in WLANs with IEEE 802.11 ah. Fiber and Integrated Optics, 43(1), 14-42.
  9. Altidor, J. B., & Talhi, C. (2024, October). Enhancing Port Scan and DDoS attack detection using genetic and machine learning algorithms. In 2024 7th Conference on Cloud and Internet of Things (CIoT) (pp. 1-7). IEEE.
  10. Sun, Z., An, G., Yang, Y., & Liu, Y. (2024). Optimized machine learning enabled intrusion detection 2 system for internet of medical things. Franklin Open, 6, 100056.
  11. Saadouni, R., Gherbi, C., Aliouat, Z., Harbi, Y., & Khacha, A. (2024). Intrusion detection systems for IoT based on bio-inspired and machine learning techniques: a systematic review of the literature. Cluster Computing, 27(7), 8655-8681.
  12. Reddy, D. K. K., Nayak, J., Behera, H. S., Shanmuganathan, V., Viriyasitavat, W., & Dhiman, G. (2024). A systematic literature review on swarm intelligence based intrusion detection system: past, present and future. Archives of Computational Methods in Engineering, 31(5), 2717-2784.
  13. Saadouni, R., Gherbi, C., Aliouat, Z., Harbi, Y., Khacha, A., & Mabed, H. (2025). Securing smart agriculture networks using bio-inspired feature selection and transfer learning for effective image-based intrusion detection. Internet of Things, 29, 101422.
  14. Kumar, S. V. N. (2025). An enhanced whale optimizer based feature selection technique with effective ensemble classifier for network intrusion detection system. Peer-to-Peer Networking and Applications, 18(2), 1-28.
  15. Jamshidi, S., Nikanjam, A., Wazed, N. K., & Khomh, F. (2025). Leveraging Machine Learning Techniques in Intrusion Detection Systems for Internet of Things. arXiv preprint arXiv:2504.07220.
  16. Gupta, C., Kumar, A., & Jain, N. K. (2024). An enhanced hybrid intrusion detection based on crow search analysis optimizations and artificial neural network. Wireless Personal Communications, 134(1), 43-68.
  17. Dong, H., & Kotenko, I. (2025). Cybersecurity in the AI era: analyzing the impact of machine learning on intrusion detection. Knowledge and Information Systems, 1-52.
  18. Mohale, V. Z., & Obagbuwa, I. C. (2025). Evaluating machine learning-based intrusion detection systems with explainable AI: enhancing transparency and interpretability. Frontiers in Computer Science, 7, 1520741.
  19. Aksoy, A., Valle, L., & Kar, G. (2024). Automated network incident identification through genetic algorithm-driven feature selection. Electronics, 13(2), 293.