A Cyberattacks Detection Technique Based on Evolutionary Algorithms

An article presents an approach for cyberattack detection based on genetic algorithms is presented. The method allows detecting both known and unknown cyberattacks. The method has the heuristic nature and is based on the collected data about the cyberattacks. It makes it possible to give an answer about the cyberattacks' existence in the computer networks and its hosts. Developed attack detection approach consists of training and detection stages. The mechanism of attack detection system is based on the cyberattacks' features gathering from network or hosts, extracting the subset of acquired set and generation the attacks' detection rules. Genetic algorithms are used for the minimization of the feature set, which allows effective using of the system resources for attacks detection. In order to detect the attacks, the proposed technique involves the rule generation. The attacks' features are described by the set of sub-rules. It is suggested to use the feature with the smallest domain for generating the minimal set for rules. It is possible to select the optimal feature after all selected features which were discovered while applying the genetic algorithm. The sub-rule set is used with the aim to reduce false positive rate.