research-article
Authors: Hanyuan Huang, Tao Li, Beibei Li, Wenhao Wang, Yanan Sun
IEEE Transactions on Evolutionary Computation, Volume 29, Issue 2
Pages 459 - 473
Published: 13 February 2024 Publication History
Metrics
Total Citations0Total Downloads0Last 12 Months0
Last 6 weeks0
New Citation Alert added!
This alert has been successfully added and will be sent to:
You will be notified whenever a record that you have chosen has been cited.
To manage your alert preferences, click on the button below.
Manage my Alerts
New Citation Alert!
Please log in to your account
Abstract
The evolving unknown cyberattacks, compounded by the widespread emerging technologies (say 5G, Internet of Things, etc.), have rapidly expanded the cyber threat landscape. However, most existing intrusion detection systems (IDSs) are effective in detecting only known cyberattacks, because only known cyberattack samples are usually available for IDS training. Identifying unknown cyberattacks, therefore, remains a big challenging issue. To meet this gap, in this article, motivated by artificial immunity (AIm) and differential evolution (DE), we propose a bidirectional DE-based unknown cyberattack detection system, coined BDE-IDS. Specifically, we first design a bidirectional DE algorithm for known nonself antigens (abnormal data), where bidirectional evolutionary directions are considered for increasing or decreasing the differences between known nonself antigens and self antigens (normal data), to create new antigens possibly used for generating cyberattack detectors. Second, a novel tolerance training mechanism is developed to eliminate invalid newly evolved antigens falling into the coverage of either known self or nonself antigens. Third, the remaining antigens are employed to generate detectors for unknown cyberattacks. Extensive experiments demonstrate that the BDE-IDS achieves outperformance in detecting unknown cyberattacks (as well as known cyberattacks) compared to state-of-the-art studies, including those AIm-based, signature-based, and anomaly-based IDSs.
References
[1]
S. Kulkarni, S. Durg, and N. Iyer, “Internet of Things (IoT) security,” in Proc. 3rd Int. Conf. Comput. Sustain. Global Develop. (INDIACom), New Delhi, India, Mar. 2016, pp. 821–824.
[2]
J. Yang, X. Chen, S. Chen, X. Jiang, and X. Tan, “Conditional variational auto-encoder and extreme value theory aided two-stage learning approach for intelligent fine-grained known/unknown intrusion detection,” IEEE Trans. Inf. Forensic Security, vol. 16, pp. 3538–3553, 2021.
[3]
“Vulnerability and threat trends mid-year report 2021—Critical infrastructure risk emerges as top concern.” Skybox Security. Sep. 2021. Accessed: Feb. 7, 2024. [Online]. Available: https://www.skyboxsecurity.com/resources/report/vulnerability-threat-trends-midyear-report-2021/
[4]
“Cybercriminals attack users with 400,000 new malicious files daily—That is 5% more than in 2021.” Kaspersky Corporate News. Dec. 2022. Accessed: Feb. 7, 2024. [Online]. Available: https://www.kaspersky.com/about/press-releases/2022_cybercriminals-attackusers-with-400000-new-malicious-files-daily
[5]
L. Vu, V. L. Cao, Q. U. Nguyen, D. N. Nguyen, D. T. Hoang, and E. Dutkiewicz, “Learning latent representation for IoT anomaly detection,” IEEE Trans. Cybern., vol. 52, no. 5, pp. 3769–3782, May 2022.
[6]
G. Dilara, Y. Tulay, G. Angelo, and S. Fabio, “A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems,” IEEE Syst. J., vol. 15, no. 2, pp. 1717–1731, Jun. 2021.
[7]
W. J. Scheirer, A. de Rezende Rocha, A. Sapkota, and T. E. Boult, “Toward open set recognition,” IEEE Trans. Pattern Anal. Mach. Intell., vol. 35, no. 7, pp. 1757–1772, Jul. 2013.
Digital Library
[8]
E. M. Rudd, A. Rozsa, M. Günther, and T. E. Boult, “A survey of stealth malware: Attacks, mitigation measures, and steps toward autonomous open world solutions,” IEEE Commun. Surveys Tuts., vol. 19, no. 2, pp. 1145–1172, 2nd Quart., 2017.
Digital Library
[9]
M. Ahmed, A. N. Mahmood, and J. Hu, “A survey of network anomaly detection techniques,” J. Netw. Comput. Appl., vol. 60, pp. 19–31, Jan. 2016.
Digital Library
[10]
V. L. Cao, M. Nicolau, and J. McDermott, “Learning neural representations for network anomaly detection,” IEEE Trans. Cybern., vol. 49, no. 8, pp. 3074–3087, Aug. 2019.
[11]
I. Jenhani and Z. Elouedi, “Re-visiting the artificial immune recognition system: A survey and an improved version,” Artif. Intell. Rev., vol. 42, no. 4, pp. 821–833, Dec. 2014.
Digital Library
[12]
J. Brown and M. Anwar, “Blacksite: Human-in-the-loop artificial immune system for intrusion detection in Internet of Things,” Human-Intell. Syst. Integr., vol. 3, no. 1, pp. 55–67, Jan. 2021.
[13]
E. Farzadnia, H. Shirazi, and A. Nowroozi, “A novel sophisticated hybrid method for intrusion detection using the artificial immune system,” J. Inf. Secur. Appl., vol. 58, May 2021, Art. no.
[14]
Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai, “Kitsune: An ensemble of autoencoders for online network intrusion detection,” in Proc. 25th Annu. Netw. Distrib. Syst. Security Symp. (NDSS), Feb. 2018, pp. 1–15.
[15]
M. M. Hassan, A. Gumaei, A. Alsanad, M. Alrubaian, and G. Fortino, “A hybrid deep learning model for efficient intrusion detection in big data environment,” Inf. Sci., vol. 513, pp. 386–396, Mar. 2020.
Digital Library
[16]
S. Kaur and S. M. Singh, “Hybrid intrusion detection and signature generation using deep recurrent neural networks,” Neural Comput. Appl., vol. 32, no. 12, pp. 7859–7877, Jun. 2020.
Digital Library
[17]
S. M. Sohi, J.-P. Seifert, and F. Ganji, “RNNIDS: Enhancing network intrusion detection systems through deep learning,” Comput. Secur., vol. 102, Mar. 2021, Art. no.
Digital Library
[18]
M. S. M. Ghanta, M. D. Harsha, N. S. Bandi, S. N. Koganti, N. R. Sai, and P. Rao, “Intrusion detection system using deep reinforcement learning,” in Proc. Int. Conf. Augmented Intell. Sustain. Syst. (ICAISS), Trichy, India, Aug. 2023, pp. 1355–1361.
[19]
G. Bovenzi, G. Aceto, D. Ciuonzo, V. Persico, and A. Pescapé, “A hierarchical hybrid intrusion detection approach in IoT scenarios,” in Proc. IEEE Global Commun. Conf., Taipei, Taiwan, Dec. 2020, pp. 1–7.
[20]
R. Heartfield, G. Loukas, A. Bezemskij, and E. Panaousis, “Self-configurable cyber-physical intrusion detection for smart homes using reinforcement learning,” IEEE Trans. Inf. Forensics Security, vol. 16, pp. 1720–1735, 2021.
Digital Library
[21]
G. Bovenzi, G. Aceto, D. Ciuonzo, A. Montieri, V. Persico, and A. Pescape, “Network anomaly detection methods in IoT environments via deep learning: A fair comparison of performance and robustness,” Comput. Secur., vol. 128, May 2023, Art. no.
[22]
J. M. Vidal, A. L. S. Orozco, and L. J. G. Villalba, “Adaptive artificial immune networks for mitigating DoS flooding attacks,” Swarm Evol. Comput., vol. 38, pp. 94–108, Feb. 2018.
[23]
P. Parrend, “Immune-based defence and resiliency,” in Nature-Inspired Cyber Security and Resiliency: Fundamentals, Techniques and Applications. Stevenage, U.K.: IET, 2019, pp. 75–107.
[24]
N. B. Aiss, M. Guerroumi, and A. Derhab, “NSNAD: Negative selection-based network anomaly detection approach with relevant feature subset,” Neural Comput. Appl., vol. 32, no. 8, pp. 3475–3501, Apr. 2020.
[25]
L. Xi, R. Wang, Z. Yao, and F. Zhang, “Multisource neighborhood immune detector adaptive model for anomaly detection,” IEEE Trans. Evol. Comput., vol. 25, no. 3, pp. 582–594, Jun. 2021.
Digital Library
[26]
K. D. Gupta and D. Dasgupta, “Negative selection algorithm research and applications in the last decade: A review,” IEEE Trans. Artif. Intell., vol. 3, no. 2, pp. 110–128, Apr. 2022.
[27]
B. Li, Y. Chang, H. Huang, W. Li, T. Li, and W. Chen, “Artificial immunity based distributed and fast anomaly detection for industrial Internet of Things,” Futur. Gener. Comput. Syst., vol. 148, pp. 367–379, Nov. 2023.
Digital Library
[28]
H. Huang, T. Li, Y. Ding, B. Li, and A. Liu, “An artificial immunity based intrusion detection system for unknown cyberattacks,” Appl. Soft. Comput., vol. 148, Nov. 2023, Art. no.
[29]
Z. Wang, Y. Zhou, and J. Zhang, “Adaptive estimation distribution distributed differential evolution for multimodal optimization problems,” IEEE Trans. Cybern., vol. 52, no. 7, pp. 6059–6070, Jul. 2022.
[30]
G. F. Tzortzis and A. C. Likas, “The global kernel k-means algorithm for clustering in feature space,” IEEE Trans. Neural Netw., vol. 20, no. 7, pp. 1181–1194, Jul. 2009.
Digital Library
[31]
N. Xu, Y. Ding, L. Ren, and K. Hao, “Degeneration recognizing clonal selection algorithm for multimodal optimization,” IEEE Trans. Cybern., vol. 48, no. 3, pp. 848–861, Mar. 2018.
[32]
T. Yang, W. Chen, and T. Li, “An antigen space density based real-value negative selection algorithm,” Appl. Soft. Comput., vol. 61, pp. 860–874, Dec. 2017.
[33]
Z. Li, T. Li, J. He, Y. Zhu, and Y. Wang, “A hybrid real-valued negative selection algorithm with variable-sized detectors and the k-nearest neighbors algorithm,” Knowl.-Based Syst., vol. 232, Nov. 2021, Art. no.
[34]
N. Shone, T. N. Ngoc, V. D. Phai, and Q. Shi, “A deep learning approach to network intrusion detection,” IEEE Trans. Emerg. Topics Comput. Intell., vol. 2, no. 1, pp. 41–50, Feb. 2018.
[35]
B. Liu, D. Wang, K. Lin, P. N. Tan, and J. Zhou, “RCA: A deep collaborative autoencoder approach for anomaly detection,” in Proc. 30th Int. Joint Conf. Artif. Intell. (IJCAI), Aug. 2021, pp. 1505–1511.
[36]
Y. Wang, C. Qin, R. Wei, Y. Xu, Y. Bai, and Y. Fu, “Self-supervision meets adversarial perturbation: A novel framework for anomaly detection,” in Proc. 31st ACM Int. Conf. Inf. Knowl. Manag. (CIKM), Oct. 2022, pp. 4555–4559.
[37]
M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the KDD CUP 99 data set,” in Proc. IEEE Symp. Comput. Intell. Security Defense Appl. (CISDA), Ottawa, ON, Canada, Jul. 2009, pp. 1–6.
[38]
T. M. Booij, I. Chiscop, E. Meeuwissen, N. Moustafa, and F. T. H. den Hartog, “ToN_IoT: The role of heterogeneity and the need for standardization of features and attack types in IoT network intrusion data sets,” IEEE Internet Things J., vol. 9, no. 1, pp. 485–496, Jan. 2022.
Index Terms
A Bidirectional Differential Evolution-Based Unknown Cyberattack Detection System
Security and privacy
Human and societal aspects of security and privacy
Usability in security and privacy
Intrusion/anomaly detection and malware mitigation
Intrusion detection systems
Malware and its mitigation
Social engineering attacks
Network security
Mobile and wireless security
Systems security
Social and professional topics
Computing / technology policy
Computer crime
Index terms have been assigned to the content through auto-classification.
Recommendations
- An artificial immunity based intrusion detection system for unknown cyberattacks
Abstract
The evolving unknown cyberattacks have rapidly expanded the cyber threat landscape. Identifying unknown cyberattacks, therefore, remains a challenging issue, compounded by the widespread implementation of emerging technologies, such as 5G, ...
Highlights
- The artificial immunity based intrusion detection effectively detects unknown attacks.
- Possible unknown attacks are created by evolution algorithm for generating detectors.
- The filtering mechanism designed for evolved antigens ...
Read More
- Unknown Attacks Detection Using Feature Extraction from Anomaly-Based IDS Alerts
SAINT '12: Proceedings of the 2012 IEEE/IPSJ 12th International Symposium on Applications and the Internet
Intrusion Detection Systems (IDSs) play an important role detecting various kinds of attacks and defend our computer systems from them. There are basically two main types of detection techniques: signature-based and anomaly-based. A signature-based IDS ...
Read More
- Toward Unknown/Known Cyberattack Detection with a Causal Transformer
Advanced Intelligent Computing Technology and Applications
Abstract
The existing detection methods can either only classify known types of cyberattacks or only distinguish network anomalies to identify whether unknown cyberattacks are present, they are unable to distinguish both known and unknown cyberattack ...
Read More
Comments
Information & Contributors
Information
Published In
IEEE Transactions on Evolutionary Computation Volume 29, Issue 2
April 2025
283 pages
Issue’s Table of Contents
1089-778X © 2024 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See https://www.ieee.org/publications/rights/index.html for more information.
Publisher
IEEE Press
Publication History
Published: 13 February 2024
Qualifiers
- Research-article
Contributors
Other Metrics
View Article Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
Total Citations
Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 09 May 2025
Other Metrics
View Author Metrics
Citations
View Options
View options
Figures
Tables
Media
