Evolutionary Computation Techniques for Intrusion Detection in Mobile Ad Hoc Networks

Mobile ad hoc networks (MANETs) are one of the fastest growing areas of research. By providing communications in the absence of a fixed infrastructure MANETs are an attractive technology for many applications. However, this flexibility introduces new security threats. Furthermore the traditional way of protecting networks is not directy applicable to MANETs. Many conventional security solutions are ineffective and inefficient for the highly dynamic and resource-constrained environments where MANET use might be expected. Since prevention techniques are never enough, intrusion detection systems (IDSs), which monitor system activities and detect intrusions, are generally used to complement other security mechanisms. %due to the dynamic nature %of MANETs, the lack of central points, and their highly constrained nodes. How to detect intrusions effectively and efficiently on this highly dynamic, distributed and resource-constrained environment is a challenging research problem. In the presence of these complicating factors humans are not particularly adept at making good design choices. That is the reason we propose to use techniques from artificial intelligence to help with this task. We investigate the use of evolutionary computation techniques for synthesising intrusion detection programs on MANETs. We evolve programs to detect the following attacks against MANETs: ad hoc flooding, route disruption, and dropping attacks. The performance of evolved programs is evaluated on simulated networks. The results are also compared with hand-coded programs. A good IDS on MANETs should also consider the resource constraints of the MANET environments. Power is one of the critical resources. Therefore we apply multi-objective optimization techniques (MOO) to discover trade-offs between intrusion detection ability and energy consumption of programs, and optimise these objectives simultaneously. We also investigate a suitable IDS architecture for MANETs in this thesis. Different programs are evolved for two architectures: local and cooperative detection in neighbourhood. Optimal trade-offs between intrusion detection ability and resource usage (energy, bandwidth) of evolved programs are also discovered using MOO techniques

Android Malware Detection System using Genetic Programming

Nowadays, smartphones and other mobile devices are playing a significant role in the way people engage in entertainment, communicate, network, work, and bank and shop online. As the number of mobile phones sold has increased dramatically worldwide, so have the security risks faced by the users, to a degree most do not realise. One of the risks is the threat from mobile malware. In this research, we investigate how supervised learning with evolutionary computation can be used to synthesise a system to detect Android mobile phone attacks. The attacks include malware, ransomware and mobile botnets. The datasets used in this research are publicly downloadable, available for use with appropriate acknowledgement. The primary source is Drebin. We also used ransomware and mobile botnet datasets from other Android mobile phone researchers. The research in this thesis uses Genetic Programming (GP) to evolve programs to distinguish malicious and non-malicious applications in Android mobile datasets. It also demonstrates the use of GP and Multi-Objective Evolutionary Algorithms (MOEAs) together to explore functional (detection rate) and non-functional (execution time and power consumption) trade-offs. Our results show that malicious and non-malicious applications can be distinguished effectively using only the permissions held by applications recorded in the application's Android Package (APK). Such a minimalist source of features can serve as the basis for highly efficient Android malware detection. Non-functional tradeoffs are also highlight

Development of efiicient algorithms for identifying users in computer access

Tesis inédita de la Universidad Complutense de Madrid, Facultad de Informática, Departamento de Arquitectura de Computadores y Automática, leída el 26/05/2017. Tesis formato europeo (compendio de artículos)Actualmente los ciberataques son un problema serio y cada vez más frecuente en organizaciones, empresas e instituciones de todo el mundo. Se pueden definir como el acceso, transferencia o manipulación no autorizada de información de un ordenador o centro de datos. Los datos confidenciales en empresas y organizaciones incluyen propiedad intelectual, información financiera, información médica, datos personales de tarjetas de crédito y otros tipos de información dependiendo del negocio y la industria involucrada. En esta tesis se realizan varias contribuciones dentro del campo de Detección de Anomalías (AD), Sistema de Detección de Intrusos (IDS) y Detección de Fugas de Información (DLD). Una de las principales aportaciones común a los tres campos mencionados es el desarrollo de una estructura dinámica de datos para representar el comportamiento real y único de los usuarios, lo que permite que cada uno tenga una huella digital que lo identifica. Otras aportaciones están en la línea de la aplicación de técnicas de inteligencia artificial (IA), tanto en el procesamiento de los datos como en el desarrollo de meta clasificadores (combinación de varias técnicas de IA), por ejemplo: árboles de decisión C4.5 y UCS, máquinas de vectores soporte (SVM), redes neuronales, y técnicas como vecinos cercanos (K-NN), entre otras. Se han aplicado con buenos resultados a la detección de intrusos y han sido validadas con bases de datos públicas como Unix, KDD99, y con una base de datos gubernamental de la república del Ecuador. Dentro del campo de detección de anomalías, se han usado algoritmos bio-inspirados para la identificación de comportamientos anómalos de los usuarios, como los sistemas inmunes artificiales y la selección negativa, además de otros algoritmos de alineamiento de secuencias, como el de Knuth Morris Pratt, para identificar subsecuencias posiblemente fraudulentas. Finalmente, en el ámbito de detección de fugas de información, se han desarrollado algoritmos aplicando técnicas estadísticas como las cadenas de Markov a la secuencia de ejecución de tareas de un usuario en un sistema informático, obteniendo buenos resultados que han sido comprobados con bases de datos secuenciales públicas y privadas.Cyber-attacks are currently a serious problem and are becoming increasingly frequent in organizations, companies and institutions worldwide. It can be defined as the unauthorized access, transfer or manipulation of a computer or data center. Confidential data in companies and organizations include intellectual property, financial information, medical information, personal credit card information and other information depending on the business and industry involved. In this thesis, various contributions are made within the field of Anomaly Detection (AD), Intruder Detection Systems (IDS) and Data Leak Detection (DLD). One of the main contributions common to the three aforementioned fields is the development of a dynamic data structure to represent the real and unique user behaviour, which allows each user to have a digital fingerprint that identifies them. Other contributions are related to the application of artificial intelligence (AI) techniques, both in data processing and in the development of meta-classifiers (combination of various AI techniques), for example C4.5, UCS, SVM, neural networks and K-NN, among others. They have been successfully applied to the detection of intruders and have been validated against public data bases such as UNIX, KDD99 and against a government database of the Republic of Ecuador. In the field of anomaly detection, bioinspired algorithms have been used in the detection of anomalous behaviours, such as artificial immune systems and negative selection, in addition to other sequence alignment algorithms, such as the Knuth-Morris-Pratt (KMP) string matching algorithm, to identify potentially fraudulent subsequences. Lastly, in the field of data leak detection, algorithms have been developed applying statistical techniques such as Markov chains to a user's job execution sequence in an information system, obtaining good results which have been verified against sequential databases.Depto. de Arquitectura de Computadores y AutomáticaFac. de InformáticaTRUEunpu