An artificial immunity based intrusion detection system for unknown cyberattacks

Abstract

The evolving unknown cyberattacks have rapidly expanded the cyber threat landscape. Identifying unknown cyberattacks, therefore, remains a challenging issue, compounded by the widespread implementation of emerging technologies, such as 5G, digital twin, etc. However, most existing intrusion detection systems (IDSs) are effective in detecting only known cyberattacks. In this paper, inspired by artificial immunity (AIm), we propose a hierarchical differential evolution based IDS, coined HiDE-IDS, to identify unknown cyberattacks. Specifically, we first map the multidimensional normal and abnormal network samples to self antigens and nonself antigens, respectively, in a multidimensional geometrical space. Second, a hierarchical differential evolution algorithm for self antigens is designed, to create newly-evolved antigens possibly used for generating cyberattack detectors. Third, a novel filtering mechanism is developed to eliminate invalid new antigens falling into the coverage of either known self or nonself antigens. Last, the remaining new antigens are employed to generate new detectors and further identify known and unknown cyberattacks. Extensive experiments demonstrate that the training efficiency of the proposed HiDE-IDS is significantly improved than recent IDSs. More importantly, while showing a favorable false positive rate of normal data, the HiDE-IDS achieves outperformed effectiveness in recognizing unknown cyberattacks (as well as known cyberattacks) compared to the state-of-the-art studies.