الخلاصة

With cyber-attacks becoming a regular feature in daily business and attackers continuously evolving their techniques, we are witnessing ever more sophisticated and targeted threats. Various artificial intelligence algorithms have been deployed to analyse such incidents. Extracting knowledge allows the discovery of new attack methods, intrusion scenarios, and attackers’ objectives and strategies, all of which can help distinguish attacks from legitimate behaviour. Among those algorithms, Evolutionary Computation (EC) techniques have seen significant application. Research has shown it is possible to utilize EC methods to construct IDS detection rules. In this paper, we show how Cartesian Genetic Programming (CGP) can construct the behaviour rule upon which an intrusion detection will be able to make decisions regarding the nature of the activity observed in the system. The CGP framework evolves human readable solutions that provide an explanation of the logic behind its evolved decision s. Experiments are conducted on up-to-date cybersecurity datasets and compared with state of the art paradigms. We also introduce ensemble learning paradigm, indicating how CGP can be used as stacking technique to improve the learning performance.