Accelerating Cyber-Breach Investigations through Novel use of Artificial Immune System Algorithms

Donnachie, Benjamin; Verrall, Jason; Hopgood, Adrian; Wong, Patrick and Kennedy, Ian (2022). Accelerating Cyber-Breach Investigations through Novel use of Artificial Immune System Algorithms. In: Artificial Intelligence XXXIX. SGAI-AI 2022. Lecture Notes in Computer Science. Vol 13652. (Bramer, Max and Stahl, Frederic eds.), pp. 297–302.

DOI: https://doi.org/10.1007/978-3-031-21441-7_21

Abstract

The use of artificial immune systems for investigation of cyber-security breaches is presented. Manual reviews of disk images are impractical because of the size of the dataset. Machine-learning algorithms for detection of misuse require labelled training data, which are generally unavailable. They are also necessarily retrospective, so they are unlikely to detect new forms of intrusion. For those reasons, this article proposes the use of artificial immune systems for unsupervised anomaly detection. Specifically, a deterministic dendritic cell algorithm (dDCA) has been implemented that has successfully detected automated SQL injection attacks from sample disk images. For comparison, it outperformed an unsupervised k-means clustering algorithm. However, many significant anomalies were not detected, so further work is required to refine the algorithm using more extensive datasets, and to encode complementary expert knowledge.

Viewing alternatives

Download history

Metrics

Public Attention

Altmetrics from Altmetric

Number of Citations

Citations from Dimensions

Item Actions

Export

About