Genetic programming for prevention of cyberterrorism through dynamic and evolving intrusion detection

Because malicious intrusions into critical information infrastructures are essential to the success of cyberterrorists, effective intrusion detection is also essential for defending such infrastructures. Cyberterrorism thrives on the development of new technologies; and, in response, intrusion detection methods must be robust and adaptive, as well as efficient. We hypothesize that genetic programming algorithms can aid in this endeavor. To investigate this proposition, we conducted an experiment using a very large dataset from the 1999 Knowledge Discovery in Database (KDD) Cup data, supplied by the Defense Advanced Research Projects Agency (DARPA) and MIT's Lincoln Laboratories. Using machine-coded linear genomes and a homologous crossover operator in genetic programming, promising results were achieved in detecting malicious intrusions. The resulting programs execute in real time, and high levels of accuracy were realized in identifying both positive and negative instances.