Extending the Computer Defense Immune System: Network Intrusion Detection with a Multiobjective Evolutionary Programming Approach


Abstract

Attacks against computer networks are becoming more sophisticated, with adversaries using new attacks or modifying existing attacks. The research uses two types of multiobjective approaches, lexicographic and Pareto-based, in an evolutionary programming algorithm to develop a new method for detecting such attacks. This development extends the Computer Defense Immune System, an artificial immune system for virus and computer intrusion detection. The approach "vaccinates" the system by evolving antibodies as finite state transducers to detect attacks; this technique may allow the system to detect attacks with features similar to known attacks. Initial testing indicates that the algorithm performs satisfactorily in generating finite state transducers capable of detecting attacks.