TY - GEN
T1 - Accelerating cyber-breach investigations through novel use of artificial immune system algorithms
AU - Donnachie, Benjamin
AU - Verrall, Jason
AU - Hopgood, Adrian
AU - Wong, Patrick
AU - Kennedy, Ian
N1 - Publisher Copyright:
© 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
PY - 2022/12/5
Y1 - 2022/12/5
N2 - The use of artificial immune systems for investigation of cyber-security breaches is presented. Manual reviews of disk images are impractical because of the size of the dataset. Machine-learning algorithms for detection of misuse require labelled training data, which are generally unavailable. They are also necessarily retrospective, so they are unlikely to detect new forms of intrusion. For those reasons, this article proposes the use of artificial immune systems for unsupervised anomaly detection. Specifically, a deterministic dendritic cell algorithm (dDCA) has been implemented that has successfully detected automated SQL injection attacks from sample disk images. For comparison, it outperformed an unsupervised k-means clustering algorithm. However, many significant anomalies were not detected, so further work is required to refine the algorithm using more extensive datasets, and to encode complementary expert knowledge.
AB - The use of artificial immune systems for investigation of cyber-security breaches is presented. Manual reviews of disk images are impractical because of the size of the dataset. Machine-learning algorithms for detection of misuse require labelled training data, which are generally unavailable. They are also necessarily retrospective, so they are unlikely to detect new forms of intrusion. For those reasons, this article proposes the use of artificial immune systems for unsupervised anomaly detection. Specifically, a deterministic dendritic cell algorithm (dDCA) has been implemented that has successfully detected automated SQL injection attacks from sample disk images. For comparison, it outperformed an unsupervised k-means clustering algorithm. However, many significant anomalies were not detected, so further work is required to refine the algorithm using more extensive datasets, and to encode complementary expert knowledge.
KW - Anomaly detection
KW - Artificial Immune Systems
KW - Cybersecurity
KW - Dendritic cell algorithm
KW - Unsupervised learning
UR - http://www.scopus.com/inward/record.url?scp=85144828175&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-21441-7_21
DO - 10.1007/978-3-031-21441-7_21
M3 - Conference contribution
AN - SCOPUS:85144828175
SN - 9783031214400
T3 - Lecture Notes in Computer Science
SP - 297
EP - 302
BT - Artificial Intelligence XXXIX - 42nd SGAI International Conference on Artificial Intelligence, AI 2022, Proceedings
A2 - Bramer, Max
A2 - Stahl, Frederic
PB - Springer Science and Business Media Deutschland GmbH
T2 - 42nd SGAI International Conference on Innovative Techniques and Applications of Artificial Intelligence
Y2 - 13 December 2022 through 15 December 2022
ER -