Evolutionary Computation Algorithms for Detecting Known and Unknown Attacks

  • Hasanen AlyasiriEmail author
  • John A. Clark
  • Daniel Kudenko
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)


Threats against the internet and computer networks are becoming more sophisticated, with attackers using new attacks or modifying existing ones. Security teams have major difficulties in dealing with large numbers of continuously evolving threats. Various artificial intelligence algorithms have been deployed to analyse such threats. In this paper, we explore the use of Evolutionary Computation (EC) techniques to construct behavioural rules for characterising activities observed in a system. The EC framework evolves human readable solutions that provide an explanation of the logic behind its evolved decisions, offering a significant advantage over existing paradigms. We examine the potential application of these algorithms to detect known and unknown attacks. The experiments were conducted on modern datasets.


Intrusion Detection System Unknown attacks Evolutionary computation 



Hasanan Alyasiri would like to thank the Iraqi Ministry of Higher Education and Scientific Research and the University of Kufa for supporting his PhD study. John Clark is supported by the EPSRC DAASE Programme Grant EP/J017515/1.


  1. 1.
    Akamai: state of the internet report (2018).
  2. 2.
    Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B., Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)Google Scholar
  3. 3.
    Alyasiri, H., Clark, J., Kudenko, D.: Applying cartesian genetic programming to evolve rules for intrusion detection system. In: Proceedings of the 10th International Joint Conference on Computational Intelligence, IJCCI, vol. 1, pp. 176–183 (2018)Google Scholar
  4. 4.
    APWG: Phishing activity trends report (2018).
  5. 5.
    Blasco, J., Orfila, A., Ribagorda, A.: Improving network intrusion detection by means of domain-aware genetic programming. In: 2010 International Conference on Availability, Reliability, and Security, ARES 2010, pp. 327–332. IEEE (2010)Google Scholar
  6. 6.
    Cisco: 2018 annual cybersecurity report.
  7. 7.
    Hansen, J.V., Lowry, P.B., Meservy, R.D., McDonald, D.M.: Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection. Decis. Support Syst. 43(4), 1362–1374 (2007)CrossRefGoogle Scholar
  8. 8.
    Khanchi, S., Vahdat, A., Heywood, M.I., Zincir-Heywood, A.N.: On botnet detection with genetic programming under streaming data label budgets and class imbalance. Swarm Evol. Comput. 39, 123–140 (2018)CrossRefGoogle Scholar
  9. 9.
    Koza, J.R.: Genetic Programming: On the Programming of Computers by Means of Natural Selection, vol. 1. MIT Press, Cambridge (1992)zbMATHGoogle Scholar
  10. 10.
    Lu, W., Traore, I.: Detecting new forms of network intrusion using genetic programming. Comput. Intell. 20(3), 475–494 (2004)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Luke, S.: ECJ evolutionary computation library (1998).
  12. 12.
    Miller, J.F.: Cartesian genetic programming. In: Miller, J. (ed.) Cartesian Genetic Programming. Natural Computing Series, pp. 17–34. Springer, Heidelberg (2011). Scholar
  13. 13.
    Miller, J.F., Thomson, P.: Cartesian genetic programming. In: Poli, R., Banzhaf, W., Langdon, W.B., Miller, J., Nordin, P., Fogarty, T.C. (eds.) EuroGP 2000. LNCS, vol. 1802, pp. 121–132. Springer, Heidelberg (2000). Scholar
  14. 14.
    Mohammad, R.M., McCluskey, L., Thabtah, F.: UCI machine learning repository: phishing websites data set (2015). Accessed 14 May 2016
  15. 15.
    Mohammad, R.M., Thabtah, F., McCluskey, L.: Intelligent rule-based phishing websites classification. IET Inf. Secur. 8(3), 153–160 (2014)CrossRefGoogle Scholar
  16. 16.
    Montana, D.J.: Strongly typed genetic programming. Evol. Comput. 3(2), 199–230 (1995)CrossRefGoogle Scholar
  17. 17.
    Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1–3), 18–31 (2016)CrossRefGoogle Scholar
  18. 18.
    Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data (2017)Google Scholar
  19. 19.
    Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015)Google Scholar
  20. 20.
    Noorian, F., de Silva, A.M., Leong, P.H.: gramEvol: grammatical evolution in R. J. Stat. Softw. 71 (2015)Google Scholar
  21. 21.
    Orfila, A., Estevez-Tapiador, J.M., Ribagorda, A.: Evolving high-speed, easy-to-understand network intrusion detection rules with genetic programming. In: Giacobini, M., et al. (eds.) EvoWorkshops 2009. LNCS, vol. 5484, pp. 93–98. Springer, Heidelberg (2009). Scholar
  22. 22.
    Ryan, C., Collins, J.J., Neill, M.O.: Grammatical evolution: evolving programs for an arbitrary language. In: Banzhaf, W., Poli, R., Schoenauer, M., Fogarty, T.C. (eds.) EuroGP 1998. LNCS, vol. 1391, pp. 83–96. Springer, Heidelberg (1998). Scholar
  23. 23.
    Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). NIST special publication, vol. 800, no. 2007, p. 94 (2007)Google Scholar
  24. 24.
    Sen, S.: A survey of intrusion detection systems using evolutionary computation. In: Bio-inspired Computation in Telecommunications, pp. 73–94 (2015)CrossRefGoogle Scholar
  25. 25.
    Sofi, I., Mahajan, A., Mansotra, V.: Machine learning techniques used for the detection and analysis of modern types of DDoS attacks. Learning 4(06), 1085–1092 (2017)Google Scholar
  26. 26.
    Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29–36. ACM (2011)Google Scholar
  27. 27.
    Symantec: Internet security threat report (2018).
  28. 28.
    Wilson, D., Kaur, D.: Using grammatical evolution for evolving intrusion detection rules. WSEAS Trans. Syst. 6(2), 346 (2007)Google Scholar
  29. 29.
    Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: A review. Appl. Soft Comput. 10(1), 1–35 (2010)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Hasanen Alyasiri
    • 1
    Email author
  • John A. Clark
    • 2
  • Daniel Kudenko
    • 1
  1. 1.Department of Computer ScienceUniversity of YorkYorkUK
  2. 2.Department of Computer ScienceUniversity of SheffieldSheffieldUK

Personalised recommendations