Accelerating cyber-breach investigations through novel use of artificial immune system algorithms

Benjamin Donnachie*, Jason Verrall, Adrian Hopgood, Patrick Wong, Ian Kennedy

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Downloads (Pure)

Abstract

The use of artificial immune systems for investigation of cyber-security breaches is presented. Manual reviews of disk images are impractical because of the size of the dataset. Machine-learning algorithms for detection of misuse require labelled training data, which are generally unavailable. They are also necessarily retrospective, so they are unlikely to detect new forms of intrusion. For those reasons, this article proposes the use of artificial immune systems for unsupervised anomaly detection. Specifically, a deterministic dendritic cell algorithm (dDCA) has been implemented that has successfully detected automated SQL injection attacks from sample disk images. For comparison, it outperformed an unsupervised k-means clustering algorithm. However, many significant anomalies were not detected, so further work is required to refine the algorithm using more extensive datasets, and to encode complementary expert knowledge.

Original languageEnglish
Title of host publicationArtificial Intelligence XXXIX - 42nd SGAI International Conference on Artificial Intelligence, AI 2022, Proceedings
EditorsMax Bramer, Frederic Stahl
PublisherSpringer Science and Business Media Deutschland GmbH
Pages297-302
Number of pages6
ISBN (Electronic)9783031214417
ISBN (Print)9783031214400
DOIs
Publication statusPublished - 5 Dec 2022
Event42nd SGAI International Conference on Innovative Techniques and Applications of Artificial Intelligence - Cambridge, United Kingdom
Duration: 13 Dec 202215 Dec 2022

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Nature
Volume13652
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference42nd SGAI International Conference on Innovative Techniques and Applications of Artificial Intelligence
Abbreviated titleAI 2022
Country/TerritoryUnited Kingdom
CityCambridge
Period13/12/2215/12/22

Keywords

  • Anomaly detection
  • Artificial Immune Systems
  • Cybersecurity
  • Dendritic cell algorithm
  • Unsupervised learning

Cite this