Skip to main content

SECURE-GEGELATI Always-On Intrusion Detection through GEGELATI Lightweight Tangled Program Graphs


The fast improvement of Machine-Learning (ML) methods gives rise to new attacks in Information System (IS). Simultaneously, ML also creates new opportunities for network intrusion detection. Early network intrusion detection is a valuable asset for IS security, as it fosters early deployment of countermeasures and reduces the impact of attacks on system availability. This paper proposes and studies an anomaly-based Network Intrusion Detection System (NIDS) based on Tangled Program Graph (TPG) ML and called Secure-Gegelati. Secure-Gegelati learns how to detect intrusions from IS-produced traces and is optimised to fit the requirements of intrusion detection. The study evaluates the capacity of Secure-Gegelati to act as a continuously learning, real-time, and low energy NIDS when executed in an embedded network probe. We show that a TPG is capable of switching between training and inference phases, new training phases enriching the probe knowledge with limited degradation of previous intrusion detection capabilities. The Secure-Gegelati software reaches \(8 \times\) the energy efficiency of an optimised Random Forests (RF)-based Intrusion Detection System (IDS) on the same platform. It is capable of processing 13.2 k connections/seconds with a peak power of less than \(3.3 Watts\) on an embedded platform, and is processing in real-time the CIC-IDS 2017 dataset while detecting 84% of intrusions and raising less than 0.2% of false alarms.

This is a preview of subscription content, access via your institution.

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7


  1. If a team is visited several times, previously taken edges are ignored to avoid infinite loops.


  1. Intrusion Detection Evaluation Dataset (CIC-IDS2017). [Online; accessed 22-September-2021].

  2. Anton, S. D. D., Sinha, S., & Schotten, H. D. (2019). Anomaly-based Intrusion Detection in Industrial Data with SVM and Random Forests. arXiv:19087.10374 [cs]

  3. Atkins, D., Neshatian, K., & Zhang, M. (2011). A domain independent genetic programming approach to automatic feature extraction for image classification. In 2011 IEEE Congress of Evolutionary Computation (CEC), pages 238–245. IEEE.

  4. Bellemare, M. G., Naddaf, Y., Veness, J., & Bowling, M. (2013). The arcade learning environment: An evaluation platform for general agents. Journal of Artificial Intelligence Research, 47, 253–279.

  5. Cannady, J. (2000). Next Generation Intrusion Detection: Autonomous Reinforcement Learning of Network Attacks. p. 12.

  6. Debar, H., Dacier, M., & Wespi, A. (2000). A revised taxonomy for intrusion-detection systems. Annales Des Télécommunications, 55(7), 361–378.

    Article  Google Scholar 

  7. Denning, D. E. (1987) . An Intrusion-Detection Model. IEEE Transactions on Software Engineering, SE-13(2):222–232.

  8. Desnos, K., Sourbier, N., Raumer, P. -Y., Gesny, O., & Pelcat, M. (2021). Gegelati: Lightweight artificial intelligence through generic and evolvable tangled program graphs. In Workshop on Design and Architectures for Signal and Image Processing (14th edition) (pp. 35–43).

  9. Dong, G., Jin, Y., Wang, S., Li, W., Tao, Z., & Guo, S. (2019). DB-Kmeans:An Intrusion Detection Algorithm Based on DBSCAN and K-means. 2019 20th Asia-Pacific Network Operations and Management Symposium (APNOMS).

  10. Elhag, S., Fernández, A., Bawakid, A., Alshomrani, S., & Herrera, F. (2015). On the combination of genetic fuzzy systems and pairwise learning for improving detection rates on Intrusion Detection Systems. Expert Systems with Applications: An International Journal, 42(1), 193–202.

    Article  Google Scholar 

  11. Gandhi, M., & Srivasta, S. K. (2008). Detecting and preventing attacks using network intrusion detection systems.

  12. Gesny, O., Satre, P. -M., & Roussel, J. (2018). Cbwar: Classification de binaires windows via apprentissage par renforcement. In Computer & Electronics Security Applications Rendez-vous (C&ESAR).

  13. Gu, G., Fogla, P., Dagon, D., Lee, W., & Skoric, B. (2006). Measuring intrusion detection capability: an information-theoretic approach. (pp. 90–101).

  14. Hubballi, N., & Suryanarayanan, V. (2014). False alarm minimization techniques in signature-based intrusion detection systems: A survey. Computer Communications, 49, 1–17.

    Article  Google Scholar 

  15. Kaelbling, L. P., Littman, M. L., & Moore, A. W. (1996). Reinforcement Learning: A Survey. arXiv:cs/9605103.

  16. Kelly, S. (2018). Scaling Genetic Programming to Challenging Reinforcement Tasks through Emergent Modularity. Accepted: 2018-06-21T16:04:28Z.

  17. Kelly, S., & Banzhaf, W. (2020). Temporal Memory Sharing in Visual Reinforcement Learning, pp. 101–119. Springer International Publishing, Cham.

  18. Kelly, S., & Heywood, M. I. (2017). Multi-task learning in Atari video games with emergent tangled program graphs – Proceedings of the Genetic and Evolutionary Computation Conference.

  19. Kelly, S., Smith, R. J., & Heywood, M. I. (2019). Emergent Policy Discovery for Visual Reinforcement Learning Through Tangled Program Graphs: A Tutorial. Genetic and Evolutionary Computation. In W. Banzhaf, L. Spector, & L. Sheneman (Eds.), Genetic Programming Theory and Practice XVI (pp. 37–57). Cham: Springer International Publishing.

    Chapter  Google Scholar 

  20. Kemmerer, R. A., & Vigna, G. (2002). Intrusion detection: a brief history and overview. Computer, 35(4), supl27–supl30.

  21. Khraisat, A., Gondal, I., Vamplew, P., & Kamruzzaman, J. (2019). Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity, 2(1), 20.

    Article  Google Scholar 

  22. Kim, K., & Aminanto, M. E. (2017). Deep learning in intrusion detection perspective: Overview and further challenges. In 2017 International Workshop on Big Data and Information Security (IWBIS) (pp. 5–10). IEEE.

  23. Krishnachalitha, K. C., & Priya, C. (2020). Wireless Sensor Network-Based Hybrid Intrusion Detection System on Feature Extraction Deep Learning and Reinforcement Learning Techniques. In Sheng-Lung Peng, Le Hoang Son, G. Suseendran, and D. Balaganesh, editors, Intelligent Computing and Innovation on Data Science, Lecture Notes in Networks and Systems, pp. 335–341, Singapore. Springer.

  24. Krizhevsky, A., Sutskever, I., & Hinton, G. E. (2012). Imagenet classification with deep convolutional neural networks. In F. Pereira, C. J. C. Burges, L. Bottou, and K. Q. Weinberger, editors, Advances in Neural Information Processing Systems 25, pp. 1097–1105. Curran Associates, Inc.

  25. Kruegel, C., & Toth, T. (2003). Using Decision Trees to Improve Signature-Based Intrusion Detection. In Giovanni Vigna, Christopher Kruegel, and Erland Jonsson, editors, Recent Advances in Intrusion Detection, Lecture Notes in Computer Science, pp. 173–191, Berlin, Heidelberg. Springer.

  26. Li, W. (2004). Using genetic algorithm for network intrusion detection.

  27. Liao, H. -J., Lin, C. -H. R., Lin, Y. -C., & Tung, K. -T. (2013). Intrusion detection system: A comprehensive review. Journal of Network and Computer Applications, 36(1), 16–24.

  28. Lopez-Martin, M., Carro, B., & Sanchez-Esguevillas, A. (2020). Application of deep reinforcement learning to intrusion detection for supervised problems. Expert Systems with Applications, 141, 112963.

    Article  Google Scholar 

  29. Maciá-Pérez, F., Mora-Gimeno, F. J., Marcos-Jorquera, D., Gil-Martínez-Abarca, J. A., Ramos-Morillo, H., & Lorenzo-Fonseca, I. (2011). Network Intrusion Detection System Embedded on a Smart Sensor. IEEE Transactions on Industrial Electronics, 58(3), 722–732.

  30. Mehta, D., Mady, A. E. -D., Boubekeur, M., & Shila, D. M. (2020). Anomaly-Based Intrusion Detection System for Embedded Devices on Internet. p. 5.

  31. Morel, B. (2011). Artificial intelligence and the future of cybersecurity. Proceedings of the ACM Conference on Computer and Communications Security.

  32. Moustafa, N., Jiankun, H., & Slay, J. (2019). A holistic review of Network Anomaly Detection Systems: A comprehensive survey. Journal of Network and Computer Applications, 128, 33–55.

    Article  Google Scholar 

  33. Panigrahi, R., & Borah, S. (2018). A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems – Panigrahi – International Journal of Engineering & Technology.

  34. Parry, G., & Kumar, S. (2014). Genetic algorithms in intrusion detection systems: A survey. International Journal of Innovation and Applied Studies, 5, 233–240.

  35. Raiu, C. (2012). Cyber-threat evolution: the past year. Computer Fraud & Security, 2012(3), 5–8.

    Article  Google Scholar 

  36. Real, E., Liang, C., So, D. R., & Le, Q. V. (2020). Automl-zero: Evolving machine learning algorithms from scratch. In Proceedings of the 37th International Conference on Intelligent User Interfaces.

  37. Ring, M., Wunderlich, S., Scheuring, D., Landes, D., & Hotho, A. (2019). A Survey of Network-based Intrusion Detection Data Sets. Computers & Security, 86, 147–167. arXiv:1903.02460.

  38. Sandosh, S., Govindasamy, V., & Akila, G. (2020). Enhanced intrusion detection system via agent clustering and classification based on outlier detection. Peer-to-Peer Networking and Applications, 13(3), 1038–1045.

    Article  Google Scholar 

  39. Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS). Technical Report NIST Special Publication (SP) 800-94, National Institute of Standards and Technology.

  40. Servin, A., & Kudenko, D. (2008). Multi-agent Reinforcement Learning for Intrusion Detection. In Karl Tuyls, Ann Nowe, Zahia Guessoum, and Daniel Kudenko, editors, Adaptive Agents and Multi-Agent Systems III. Adaptation and Multi-Agent Learning, Lecture Notes in Computer Science (pp. 211–223), Berlin, Heidelberg. Springer.

  41. Sethi, K., Kumar, R., Prajapati, N., & Bera, P. (2020). Deep Reinforcement Learning based Intrusion Detection System for Cloud Infrastructure. In 2020 International Conference on COMmunication Systems NETworkS (COMSNETS), pp. 1–6. ISSN: 2155-2509.

  42. Sharafaldin, I., Lashkari, A. R., & Ghorbani, A. A. (2018). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. In ICISSP.

  43. Srinivasa, K. G. (2012). Application of Genetic Algorithms for Detecting Anomaly in Network Intrusion Detection Systems. Networks and Communications, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. In N. Meghanathan, N. Chaki, & D. Nagamalai (Eds.), Advances in Computer Science and Information Technology (pp. 582–591). Berlin, Heidelberg: Springer.

    Google Scholar 

  44. Suresh, B., & Ventachalam, M. (2019). IJSRET Volume 5 Issue 6. Library Catalog:

  45. Symantec. (2017). ISTR Volume 22– Symantec.

  46. Ustebay, S., Turgut, Z., & Aydin, M. L. (2019). Intrusion Detection System with Recursive Feature Elimination by Using Random Forest and Deep Learning Classifier - IEEE Conference Publication.

  47. Oorschot, P. C. V. (2020). Computer Security and the Internet: tools and jewels. Springer Nature, S.l. OCLC: 1120697311.

  48. Viegas, E., Santin, A., Bessani, A., & Neves, N. (2019). BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Generation Computer Systems, 93, 473–485.

    Article  Google Scholar 

  49. Viegas, E., Santin, A. O., França, A., Jasinski, R., Pedroni, V. A., Oliveira, L. S. (2017). Towards an Energy-Efficient Anomaly-Based Intrusion Detection Engine for Embedded Systems. IEEE Transactions on Computers, 66(1), 163–177.

  50. Wolf, M. (2014). High-Performance Embedded Computing. Elsevier.

  51. Wright, M. N., & Ziegler, A. (2017). Ranger: A Fast Implementation of Random Forests for High Dimensional Data in C++ and R. Journal of Statistical Software, 77(1), 1–17.

  52. Yulanto, A., Sukarno, P., & Suwastika, A. (2019). Improving AdaBoost-based Intrusion Detection System (IDS) Performance on CIC IDS 2017 Dataset - IOPscience.

  53. Zamboni, D. (2001). Using Internal Sensors For Computer Intrusion Detection.

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Nicolas Sourbier.

Additional information

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Sourbier, N., Desnos, K., Guyet, T. et al. SECURE-GEGELATI Always-On Intrusion Detection through GEGELATI Lightweight Tangled Program Graphs. J Sign Process Syst 94, 753–770 (2022).

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


  • Tangled program graphs intelligence
  • Network intrusion detection
  • Cyber security
  • Network security
  • Real-time processing