Applying Cartesian Genetic Programming to Evolve Rules for Intrusion Detection System

Abstract

With cyber-attacks becoming a regular feature of daily business and attackers continuously evolving their techniques, we are witnessing ever more sophisticated and targeted threats. Various artificial intelligence (AI) algorithms have been deployed to analyse such incidents. Extracting knowledge allows the discovery of new attack methods, intrusion scenarios, and attackers’ objectives and strategies, all of which can help distinguish subsequent attacks from legitimate behaviour. Amongst AI approaches, Evolutionary Computation (EC) techniques have seen significant application, particularly in the area of intrusion detection. In this paper, we show how one EC approach, namely Cartesian Genetic Programming (CGP), can construct rules (checks) for detecting malicious behaviour in a system. Experiments are conducted on up-to-date datasets and compared with state of the art approaches. We also introduce an ensemble learning paradigm, indicating how CGP can be used as stacking technique to improve learning performance.