- author = "Hasanen Alyasiri",
- title = "Developing Efficient and Effective Intrusion Detection System using Evolutionary Computation",
- school = "Computer Science, University of York",
- year = "2018",
- address = "UK",
- month = nov,
- keywords = "genetic algorithms, genetic programming, Cartesian Genetic Programming",
-
URL = "
http://etheses.whiterose.ac.uk/id/eprint/23699",
-
URL = "
http://etheses.whiterose.ac.uk/23699/1/Hasanen_Thesis_2018.pdf",
- size = "157 pages",
-
abstract = "The internet and computer networks have become an
essential tool in distributed computing organisations
especially because they enable the collaboration
between components of heterogeneous systems. The
efficiency and flexibility of online services have
attracted many applications, but as they have grown in
popularity so have the numbers of attacks on them.
Thus, security teams must deal with numerous threats
where the threat landscape is continuously evolving.
The traditional security solutions are by no means
enough to create a secure environment, intrusion
detection systems (IDSs), which observe system works
and detect intrusions, are usually used to complement
other defense techniques. However, threats are becoming
more sophisticated, with attackers using new attack
methods or modifying existing ones. Furthermore,
building an effective and efficient IDS is a
challenging research problem due to the environment
resource restrictions and its constant evolution. To
mitigate these problems, we propose to use machine
learning techniques to assist with the IDS building
effort.
In this thesis, Evolutionary Computation (EC) algorithms are empirically investigated for synthesising intrusion detection programs. EC can construct programs for raising intrusion alerts automatically. One novel proposed approach, i.e. Cartesian Genetic Programming, has proved particularly effective. We also used an ensemble-learning paradigm, in which EC algorithms were used as a meta-learning method to produce detectors. The latter is more fully worked out than the former and has proved a significant success. An efficient IDS should always take into account the resource restrictions of the deployed systems. Memory usage and processing speed are critical requirements. We apply a multi-objective approach to find trade-offs among intrusion detection capability and resource consumption of programs and optimise these objectives simultaneously. High complexity and the large size of detectors are identified as general issues with the current approaches. The multi-objective approach is used to evolve Pareto fronts for detectors that aim to maintain the simplicity of the generated patterns. We also investigate the potential application of these algorithms to detect unknown attacks.",
-
notes = "supervisor: John A. Clark
Identification Number/EthosID: uk.bl.ethos.772979",
