Abstract
Threats against the internet and computer networks are becoming more sophisticated, with attackers using new attacks or modifying existing ones. Security teams have major difficulties in dealing with large numbers of continuously evolving threats. Various artificial intelligence algorithms have been deployed to analyse such threats. In this paper, we explore the use of Evolutionary Computation (EC) techniques to construct behavioural rules for characterising activities observed in a system. The EC framework evolves human readable solutions that provide an explanation of the logic behind its evolved decisions, offering a significant advantage over existing paradigms. We examine the potential application of these algorithms to detect known and unknown attacks. The experiments were conducted on modern datasets.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akamai: state of the internet report (2018). https://www.akamai.com/
Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B., Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)
Alyasiri, H., Clark, J., Kudenko, D.: Applying cartesian genetic programming to evolve rules for intrusion detection system. In: Proceedings of the 10th International Joint Conference on Computational Intelligence, IJCCI, vol. 1, pp. 176–183 (2018)
APWG: Phishing activity trends report (2018). https://www.antiphishing.org/
Blasco, J., Orfila, A., Ribagorda, A.: Improving network intrusion detection by means of domain-aware genetic programming. In: 2010 International Conference on Availability, Reliability, and Security, ARES 2010, pp. 327–332. IEEE (2010)
Cisco: 2018 annual cybersecurity report. https://www.cisco.com/
Hansen, J.V., Lowry, P.B., Meservy, R.D., McDonald, D.M.: Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection. Decis. Support Syst. 43(4), 1362–1374 (2007)
Khanchi, S., Vahdat, A., Heywood, M.I., Zincir-Heywood, A.N.: On botnet detection with genetic programming under streaming data label budgets and class imbalance. Swarm Evol. Comput. 39, 123–140 (2018)
Koza, J.R.: Genetic Programming: On the Programming of Computers by Means of Natural Selection, vol. 1. MIT Press, Cambridge (1992)
Lu, W., Traore, I.: Detecting new forms of network intrusion using genetic programming. Comput. Intell. 20(3), 475–494 (2004)
Luke, S.: ECJ evolutionary computation library (1998). http://cs.gmu.edu/~eclab/projects/ecj/
Miller, J.F.: Cartesian genetic programming. In: Miller, J. (ed.) Cartesian Genetic Programming. Natural Computing Series, pp. 17–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-17310-3_2
Miller, J.F., Thomson, P.: Cartesian genetic programming. In: Poli, R., Banzhaf, W., Langdon, W.B., Miller, J., Nordin, P., Fogarty, T.C. (eds.) EuroGP 2000. LNCS, vol. 1802, pp. 121–132. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-540-46239-2_9
Mohammad, R.M., McCluskey, L., Thabtah, F.: UCI machine learning repository: phishing websites data set (2015). https://archive.ics.uci.edu/ml/datasets/Phishing+Websites. Accessed 14 May 2016
Mohammad, R.M., Thabtah, F., McCluskey, L.: Intelligent rule-based phishing websites classification. IET Inf. Secur. 8(3), 153–160 (2014)
Montana, D.J.: Strongly typed genetic programming. Evol. Comput. 3(2), 199–230 (1995)
Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1–3), 18–31 (2016)
Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data (2017)
Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015)
Noorian, F., de Silva, A.M., Leong, P.H.: gramEvol: grammatical evolution in R. J. Stat. Softw. 71 (2015)
Orfila, A., Estevez-Tapiador, J.M., Ribagorda, A.: Evolving high-speed, easy-to-understand network intrusion detection rules with genetic programming. In: Giacobini, M., et al. (eds.) EvoWorkshops 2009. LNCS, vol. 5484, pp. 93–98. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01129-0_11
Ryan, C., Collins, J.J., Neill, M.O.: Grammatical evolution: evolving programs for an arbitrary language. In: Banzhaf, W., Poli, R., Schoenauer, M., Fogarty, T.C. (eds.) EuroGP 1998. LNCS, vol. 1391, pp. 83–96. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055930
Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). NIST special publication, vol. 800, no. 2007, p. 94 (2007)
Sen, S.: A survey of intrusion detection systems using evolutionary computation. In: Bio-inspired Computation in Telecommunications, pp. 73–94 (2015)
Sofi, I., Mahajan, A., Mansotra, V.: Machine learning techniques used for the detection and analysis of modern types of DDoS attacks. Learning 4(06), 1085–1092 (2017)
Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29–36. ACM (2011)
Symantec: Internet security threat report (2018). https://www.symantec.com/
Wilson, D., Kaur, D.: Using grammatical evolution for evolving intrusion detection rules. WSEAS Trans. Syst. 6(2), 346 (2007)
Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: A review. Appl. Soft Comput. 10(1), 1–35 (2010)
Acknowledgements
Hasanan Alyasiri would like to thank the Iraqi Ministry of Higher Education and Scientific Research and the University of Kufa for supporting his PhD study. John Clark is supported by the EPSRC DAASE Programme Grant EP/J017515/1.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Alyasiri, H., Clark, J.A., Kudenko, D. (2019). Evolutionary Computation Algorithms for Detecting Known and Unknown Attacks. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)