Accelerating cyber-breach investigations through novel use of artificial immune system algorithms

Benjamin Donnachie*, Jason Verrall, Adrian Hopgood, Patrick Wong, Ian Kennedy

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Downloads (Pure)


The use of artificial immune systems for investigation of cyber-security breaches is presented. Manual reviews of disk images are impractical because of the size of the dataset. Machine-learning algorithms for detection of misuse require labelled training data, which are generally unavailable. They are also necessarily retrospective, so they are unlikely to detect new forms of intrusion. For those reasons, this article proposes the use of artificial immune systems for unsupervised anomaly detection. Specifically, a deterministic dendritic cell algorithm (dDCA) has been implemented that has successfully detected automated SQL injection attacks from sample disk images. For comparison, it outperformed an unsupervised k-means clustering algorithm. However, many significant anomalies were not detected, so further work is required to refine the algorithm using more extensive datasets, and to encode complementary expert knowledge.

Original languageEnglish
Title of host publicationArtificial Intelligence XXXIX - 42nd SGAI International Conference on Artificial Intelligence, AI 2022, Proceedings
EditorsMax Bramer, Frederic Stahl
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages6
ISBN (Electronic)9783031214417
ISBN (Print)9783031214400
Publication statusPublished - 5 Dec 2022
Event42nd SGAI International Conference on Innovative Techniques and Applications of Artificial Intelligence - Cambridge, United Kingdom
Duration: 13 Dec 202215 Dec 2022

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Nature
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference42nd SGAI International Conference on Innovative Techniques and Applications of Artificial Intelligence
Abbreviated titleAI 2022
Country/TerritoryUnited Kingdom


  • Anomaly detection
  • Artificial Immune Systems
  • Cybersecurity
  • Dendritic cell algorithm
  • Unsupervised learning

Cite this