Skip to main content
SpringerLink
Log in

Evolutionary Computation Algorithms for Detecting Known and Unknown Attacks

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SECITC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11359))

Abstract

Threats against the internet and computer networks are becoming more sophisticated, with attackers using new attacks or modifying existing ones. Security teams have major difficulties in dealing with large numbers of continuously evolving threats. Various artificial intelligence algorithms have been deployed to analyse such threats. In this paper, we explore the use of Evolutionary Computation (EC) techniques to construct behavioural rules for characterising activities observed in a system. The EC framework evolves human readable solutions that provide an explanation of the logic behind its evolved decisions, offering a significant advantage over existing paradigms. We examine the potential application of these algorithms to detect known and unknown attacks. The experiments were conducted on modern datasets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Akamai: state of the internet report (2018). https://www.akamai.com/

  2. Alkasassbeh, M., Al-Naymat, G., Hassanat, A.B., Almseidin, M.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)

    Google Scholar 

  3. Alyasiri, H., Clark, J., Kudenko, D.: Applying cartesian genetic programming to evolve rules for intrusion detection system. In: Proceedings of the 10th International Joint Conference on Computational Intelligence, IJCCI, vol. 1, pp. 176–183 (2018)

    Google Scholar 

  4. APWG: Phishing activity trends report (2018). https://www.antiphishing.org/

  5. Blasco, J., Orfila, A., Ribagorda, A.: Improving network intrusion detection by means of domain-aware genetic programming. In: 2010 International Conference on Availability, Reliability, and Security, ARES 2010, pp. 327–332. IEEE (2010)

    Google Scholar 

  6. Cisco: 2018 annual cybersecurity report. https://www.cisco.com/

  7. Hansen, J.V., Lowry, P.B., Meservy, R.D., McDonald, D.M.: Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection. Decis. Support Syst. 43(4), 1362–1374 (2007)

    Article  Google Scholar 

  8. Khanchi, S., Vahdat, A., Heywood, M.I., Zincir-Heywood, A.N.: On botnet detection with genetic programming under streaming data label budgets and class imbalance. Swarm Evol. Comput. 39, 123–140 (2018)

    Article  Google Scholar 

  9. Koza, J.R.: Genetic Programming: On the Programming of Computers by Means of Natural Selection, vol. 1. MIT Press, Cambridge (1992)

    MATH  Google Scholar 

  10. Lu, W., Traore, I.: Detecting new forms of network intrusion using genetic programming. Comput. Intell. 20(3), 475–494 (2004)

    Article  MathSciNet  Google Scholar 

  11. Luke, S.: ECJ evolutionary computation library (1998). http://cs.gmu.edu/~eclab/projects/ecj/

  12. Miller, J.F.: Cartesian genetic programming. In: Miller, J. (ed.) Cartesian Genetic Programming. Natural Computing Series, pp. 17–34. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-17310-3_2

    Chapter  MATH  Google Scholar 

  13. Miller, J.F., Thomson, P.: Cartesian genetic programming. In: Poli, R., Banzhaf, W., Langdon, W.B., Miller, J., Nordin, P., Fogarty, T.C. (eds.) EuroGP 2000. LNCS, vol. 1802, pp. 121–132. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-540-46239-2_9

    Chapter  Google Scholar 

  14. Mohammad, R.M., McCluskey, L., Thabtah, F.: UCI machine learning repository: phishing websites data set (2015). https://archive.ics.uci.edu/ml/datasets/Phishing+Websites. Accessed 14 May 2016

  15. Mohammad, R.M., Thabtah, F., McCluskey, L.: Intelligent rule-based phishing websites classification. IET Inf. Secur. 8(3), 153–160 (2014)

    Article  Google Scholar 

  16. Montana, D.J.: Strongly typed genetic programming. Evol. Comput. 3(2), 199–230 (1995)

    Article  Google Scholar 

  17. Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J. Global Perspect. 25(1–3), 18–31 (2016)

    Article  Google Scholar 

  18. Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data (2017)

    Google Scholar 

  19. Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE (2015)

    Google Scholar 

  20. Noorian, F., de Silva, A.M., Leong, P.H.: gramEvol: grammatical evolution in R. J. Stat. Softw. 71 (2015)

    Google Scholar 

  21. Orfila, A., Estevez-Tapiador, J.M., Ribagorda, A.: Evolving high-speed, easy-to-understand network intrusion detection rules with genetic programming. In: Giacobini, M., et al. (eds.) EvoWorkshops 2009. LNCS, vol. 5484, pp. 93–98. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01129-0_11

    Chapter  Google Scholar 

  22. Ryan, C., Collins, J.J., Neill, M.O.: Grammatical evolution: evolving programs for an arbitrary language. In: Banzhaf, W., Poli, R., Schoenauer, M., Fogarty, T.C. (eds.) EuroGP 1998. LNCS, vol. 1391, pp. 83–96. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055930

    Chapter  Google Scholar 

  23. Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems (IDPS). NIST special publication, vol. 800, no. 2007, p. 94 (2007)

    Google Scholar 

  24. Sen, S.: A survey of intrusion detection systems using evolutionary computation. In: Bio-inspired Computation in Telecommunications, pp. 73–94 (2015)

    Chapter  Google Scholar 

  25. Sofi, I., Mahajan, A., Mansotra, V.: Machine learning techniques used for the detection and analysis of modern types of DDoS attacks. Learning 4(06), 1085–1092 (2017)

    Google Scholar 

  26. Song, J., Takakura, H., Okabe, Y., Eto, M., Inoue, D., Nakao, K.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, pp. 29–36. ACM (2011)

    Google Scholar 

  27. Symantec: Internet security threat report (2018). https://www.symantec.com/

  28. Wilson, D., Kaur, D.: Using grammatical evolution for evolving intrusion detection rules. WSEAS Trans. Syst. 6(2), 346 (2007)

    Google Scholar 

  29. Wu, S.X., Banzhaf, W.: The use of computational intelligence in intrusion detection systems: A review. Appl. Soft Comput. 10(1), 1–35 (2010)

    Article  Google Scholar 

Download references

Acknowledgements

Hasanan Alyasiri would like to thank the Iraqi Ministry of Higher Education and Scientific Research and the University of Kufa for supporting his PhD study. John Clark is supported by the EPSRC DAASE Programme Grant EP/J017515/1.

Author information

Authors and Affiliations

  1. Department of Computer Science, University of York, York, UK

    Hasanen Alyasiri & Daniel Kudenko

  2. Department of Computer Science, University of Sheffield, Sheffield, UK

    John A. Clark

Authors
  1. Hasanen Alyasiri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John A. Clark
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Daniel Kudenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hasanen Alyasiri .

Editor information

Editors and Affiliations

  1. Inria-RBA, Rennes, France

    Jean-Louis Lanet

  2. Bucharest University of Economic Studies, Bucharest, Romania

    Cristian Toma

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alyasiri, H., Clark, J.A., Kudenko, D. (2019). Evolutionary Computation Algorithms for Detecting Known and Unknown Attacks. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12942-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12941-5

  • Online ISBN: 978-3-030-12942-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation