See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/338301659

Review on Intelligent Algorithms for Cyber Security

Chapter · January 2020

DOI: 10.4018/978-1-5225-9611-0.ch001

CITATIONS READS
2 3,038

4 authors, including:

Parthasarathy Subashini Mestree Krishnaveni

Avinashilingam University Rajiv Gandhi University of Knowledge Technologies
142 PUBLICATIONS 537 CITATIONS 56 PUBLICATIONS 158 CITATIONS

SEE PROFILE SEE PROFILE

Tt Dhivyaprabha
Avinashilingam University
30 PUBLICATIONS 105 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Center for Machine Learning and Intelligence View project

E-CO DAR, Solar Decathlon Africa (SDA) 2019 View project

All content following this page was uploaded by Tt Dhivyaprabha on 05 February 2020.

The user has requested enhancement of the downloaded file.

 1

Chapter 1
Review on Intelligent
Algorithms for Cyber Security
P. Subashini
https://orcid.org/0000-0002-8603-6826
Avinshilingam Institute for Home Science and Higher Education for Women, India

M. Krishnaveni
Avinashilingam Institute for Home Science and Higher Education for Women, India

T. T. Dhivyaprabha
Avinashilingam Institute for Home Science and Higher Education for Women, India

R. Shanmugavalli
Avinashilingam Institute for Home Science and Higher Education for Women, India

ABSTRACT
Cyber security comprises of technologies, architecture, infrastructure, and software applications that are
designed to protect computational resources against cyber-attacks. Cyber security concentrates on four
main areas such as application security, disaster security, information security, and network security.
Numerous cyber security algorithms and computational methods are introduced by researchers to protect
cyberspace from undesirable invaders and susceptibilities. But, the performance of traditional cyber
security algorithms suffers due to different types of offensive actions that target computer infrastructures,
architectures and computer networks. The implementation of intelligent algorithms in encountering the
wide range of cyber security problems is surveyed, namely, nature-inspired computing (NIC) paradigms,
machine learning algorithms, and deep learning algorithms, based on exploratory analyses to identify
the advantages of employing in enhancing cyber security techniques.

DOI: 10.4018/978-1-5225-9611-0.ch001

Copyright © 2020, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
 
Review on Intelligent Algorithms for Cyber Security

INTRODUCTION

In the recent scenarios, there is a significant growth in the usage of digital technologies, such as, Internet
of Things (IoT), smart devices, sensors, cloud computing, big data, internet, mobile, wireless technologies
and artificial intelligence covers that includes education, healthcare, communication, banking, govern-
ment sector, armed force and enterprise in the world wide. The usages of digital technologies cause big
challenges on the level of security, data protection and regulations followed by organizations to tackle
threats in the cyber space. Providing and ensuring security mechanism in cyber space is a highly complex
task. In order to meet these challenges, cyber security industry have developed several secured infra-
structure, security algorithms, architecture and software applications to protect computational resources
that involve software, hardware, electronic data and network from unauthorized access or vulnerability
attacks that intended for exploitation. The primary areas covered in cyber security are application secu-
rity, disaster security, information security and network security which are briefly stated below (Deepa,
2014). Application security focus on developing security measures to protect against threats detected in
the application design, application development, deployment and maintenance. Disaster security deals
with the development of cyber security processes that include developing risk assessment plans, setting
priorities and establishing recovery strategies if any disaster occurred. Network security concentrates on
ensuring protection, integrity, usability and reliability in the network connectivity. The components of
network security include anti-virus or spyware, firewalls, virtual private network and intrusion preven-
tion system to detect rapidly spreading threats in the computer networks. Finally, information security
focuses on providing security to the information from unauthorized access. The statistical report and facts
of cyber security in 2017-2018 posted (Dennis Anon on 11 September 2018) website states that Top 10
countries are affected by target attacks in which 303 known attacks present in Figure 1. It is understood
that currently India occupies the second place with 133 cyber-attacks.
Cyber Security R & D Center (CSRDC) established by U.S. Department of Homeland Security has
introduced several security technologies, infrastructures, operators and algorithms to protect vulnerable
threats retrieved from 5 February 2019). Information Security Research Association (ISRA) is a non-profit
organization which is focused on developing security technologies for web application security, wire-
less security, offensive security, malware protection and creates cyber security awareness in the society
(retrieved from 5 February 2019). An Annual cyber security report released by Cisco states that mo-
bile phone is the first device targeted by several attackers that are intended for exploitation. Overall, 34%
security professionals completely focuses on machine learning and artificial intelligence techniques for
developing cyber security algorithms to defend against intruders especially, IoT threats, ransomware, big
data, cloud environment, damaging General Data Protection Regulation (GDPR), smart devices, insider
attacks, sensors and crypto currency mining (retrieved from 5 February 2019) (retrieved from 5 February
2019). Specifically, NIC paradigms, machine learning algorithms and deep learning algorithms play a
vital role to improve the performance of cyber security algorithms and enhanced information technology
security protocols in the recent era. Intelligent algorithms are essential to develop strong cyber security
strategies that defend against malicious attacks.
Intelligent algorithms have capability to discover hidden patterns and detect threats in the computer
information systems. The development of hybrid cyber security methods and building computational
systems that integrates with intelligent algorithms is needful to analyze big data, mitigate threats and
protect against the new invaders. The implementation of optimization techniques is a continuous evo-
lution process in improving the performance of cyber security algorithms in order to yield promising

2

Review on Intelligent Algorithms for Cyber Security

Figure 1. Taxonomy of NIC algorithms

results. Optimization techniques are utilized in diverse perspectives, such as, parameter tuning, satisfy
constraints, maximize or minimize objective function, feature selection, weight values optimization, meet
multiple criteria, search strategy and finds trade-off solutions. The objective of this chapter is to review
the implementation of NIC paradigms, machine learning algorithms and deep learning algorithms that
covers a broad spectrum of cyber security problems. The overall aim of this chapter is to identify and
summarize the need of aforementioned algorithms in solving cyber security applications. The proposed
research work clearly states the need of intelligent algorithms in solving different kinds of cyber security
problems and also, it infers the conceptual ideas, significances and implications of these algorithms that
improve efficiency and effectiveness for obtaining quantitative and qualitative experimental outcomes.
The proposed chapter would be greatly beneficial to different peer groups of people, namely, research
scholars, academicians, scientists, industrial experts and post graduate students who are working in the
cyber security research area based on intelligent algorithms.
NIC paradigms are partitioned into two categories, namely, Swarm Intelligence (SI) and Evolutionary
Algorithm (EA) as shown in Figure 2. Swarm Intelligence includes Ant Colony Optimization (ACO),
Artificial Bee Colony (ABC), Particle Swarm Optimization (PSO), Firefly Algorithm (FA), Cuckoo
Search (CS) and Bacterial Foraging Optimization (BFO). Evolutionary algorithm includes Genetic

Figure 2. .A simplified view of computational intelligence

3
 
Review on Intelligent Algorithms for Cyber Security

Algorithm (GA), Evolutionary Programming (EP), Memetic algorithm, Genetic Programming (GP),
Evolutionary strategies, Differential Evolution (DE) and Cultural algorithms. Machine learning tech-
niques is also partitioned into three categories, such as supervised adaptation, reinforcement adaptation
and unsupervised adaptation which are described below. Linear regression, Logistic regression, Linear
discriminant analysis, classification and regression trees, Naïve bayes, K-Nearest Neighbour (K-NN), K-
means clustering Learning Vector Quantization (LVQ), Support Vector Machines (SVM), Random Forest,
Monte Carlo, Neural networks and Q-learning are traditional examples of machine learning algorithms.
The abstract view of computational intelligence concept is depicted in Figure 3. It comprises adapta-
tion and self-organization using processed data and embedded knowledge as input and produces predic-
tions, decisions, generalizations and reason as output. Computational intelligence techniques partitioned
adaptation characteristics into three categories, such as supervised adaptation, reinforcement adaptation
and unsupervised adaptation portrayed in Figure 4and Figure 5through Figure 6 which are described
below (Russel Eberhart, and Yuhui Shi, 2011).
Supervised Adaptation: The adaptation is carried out in the execution of system at every iteration.
The fine-tuned variables/parameters are subjected to generalize the behavior of a computational model
in the dynamic environment, and the performance of the system is consistently improved.
Reinforcement Adaptation: The number of variables/parameters involved in the system is interacted
to achieve best fitness solution through heuristic reinforcement approach. It deals with a time series of
input vector space, evaluate fitness of the system and produces possible outcomes for each input.
Unsupervised Adaptation: It follows trial and error method. The number of variables/parameters
involved in the system performs task. Based on the obtained fitness value, computational model is gen-
eralized to achieve better results in an iterative approach.

Figure 3. Supervised adaptation model

4

Review on Intelligent Algorithms for Cyber Security

Figure 4. Reinforcement adaptation model

Deep learning algorithms are a part of machine learning algorithms which involves multiple layers of
deep learning data architectures, representations and transformations. Convolutional Neural Network (CNN)
and Recurrent Neural Network (RNN) are typical examples of deep learning algorithms. Aforementioned
three categories of algorithms are utilized to solve a wide range of cyber security problems which are
discussed here. Machine learning algorithms are utilized to design and development of a learning based
security model. NIC algorithms are applied for fine-tuning parameters involved in the security model in
order to improve the efficiency and performance. Deep learning algorithms are generally implemented
for solving the complicated cyber security problems that involves huge volume of varied dataset.
The proposed chapter focuses on the implementation of NIC algorithms, machine learning algorithms
and deep learning algorithms in cyber security which spans across different applications, such as, net-
work security, information security, secure communication in wireless sensor networks, cryptographic
algorithm to reduce threats in data transmission over the network, intrusion detection, phishing detection,
machine monitoring, signature verification, virus detection, insider attack detection, profiling network
traffic, anomaly detection, malware detection, IoT security, security in web service, ad hoc security, cyber
warfare, security in electronic services, biometric security, honeypot security, vulnerability assessment,
social applications security, botnet detection, attack detection and sensor network security.

5
 
Review on Intelligent Algorithms for Cyber Security

Figure 5. Unsupervised adaptation model

Figure 6. Implementation of intelligent algorithms – cyber security problems

6

Review on Intelligent Algorithms for Cyber Security

The structure of the remaining chapter is organized as follows. Section 2 describes the implementation
of nature inspired computing algorithms in solving cyber security problems. The utilization of machine
learning algorithms for resolving cyber security problems are given in Section 3. Section 4 explains the
application of deep learning for solving cyber security problems. The research summaries / inferences
about the implementation of algorithms are provided in Section 5 and Section 6 draws conclusion and
future works.

STUDY ON NIC ALGORITHMS IN CYBER SECURITY

The characteristics of NIC algorithms are partitioned into two segments such as swarm intelligence and
evolutionary algorithm. The Swarm Intelligence-based Algorithms (SIA) are developed based on the idea
of collective behaviours of insects such as ants, bees, wasps and termites living in colonies. Researchers
are interested in the new way of achieving a form of collective intelligence called swarm intelligence.
SIAs are also advanced as a computational intelligence technique based around the study of collective
behaviour in decentralized and self-organized systems. The development of evolutionary computation
techniques is derived from three main observations. First, the selection of most appropriate individu-
als (parents) is determined by combination (reproduction). Second, randomness (mutation) expands
the search space of the diversity. Third, the fittest individuals have a higher probability of surviving to
the next generation. The combination of natural selection and self-organization is denoted in equation
1 as follows. The implementation of nature inspired computing algorithms for solving cyber security
problems are tabulated in Table 3.

Evolution = (natural selection ) + (selforganization ) (1)

STUDY ON MACHINE LEARNING IN CYBER SECURITY

Machine learning algorithm is defined as a methodology involving computing that provides a system
with an ability to learn and deal with new situations, such that the system is perceived to possess one or
more attributes of reason, such as, generalization, discovery, association and abstraction. The output of
a machine learning model often includes perceptions and/or decisions. It consists of practical adaptation
and self-organization concepts, paradigms, algorithms, and implementations that enable or facilitate
appropriate actions (intelligent behaviour) in complex and changing environments. Adaptation and
self-organization are the two most important characteristics exhibited by intelligent paradigms which
are widely applied to develop intelligent system and computational model that provide promising solu-
tion for solving the large scale of complicated optimization problems. The implementation of machine
learning algorithms for solving cyber security problems are presented in Table 2.

7
 
Review on Intelligent Algorithms for Cyber Security

Table 1. Role of NIC algorithms in solving cyber security problems

S.
Application Algorithm Methodology Dataset / Tools / Metrics Description
No.

Network intrusion Anomaly -Network Intrusion

ABC, SVM, Naïves Bayes,
detection (Changseok, Detection System (NIDS) based on
Classification tree, K-NN and NIDS-ABC method achieved
1. Wei-Chang, Mohd, ABC algorithm to choose optimal KDD Cup 1999 dataset
C4.5 used optimizing control 98.5% classification accuracy.
Yuk, & Tsung-Jung, features for the construction of rule
parameter.
2012) based system.

ABC, SVM, CART, multi-

objective genetic fuzzy IDS
(MOGF-IDS),
Network intrusion
K-NN, C4.5,
detection (Monther,
2. Classifier anomaly intrusion
Yaser, & Mohammad,
detection using genetic
2015)
algorithm (GALC) and
Bayesian Network and
Markov Blanket (BNMB)
Anomaly-based intrusion detection
ABC based intrusion detection
systems using ABC algorithm is
systems gives average accuracy
proposed. Classical CART and
KDD Cup 99 dataset of 97.5% for known attacks and
BNMB methods are implemented to
93.2% accuracy for overall known
choose optimal feature set to develop
and unknown attacks.
rule based system.

Survey on open issues and different

Security threats types of attack in MANET are
A novel method comprises of game
in Mobile Adhoc studied. Energy, scalability and
theory and SI is considered as
3. Network (MANET) ACO, PSO and SI Quality of Service (QoS) are three No dataset are available
effective mechanism for providing
(Pradeep, & Prasad, main issues that play a vital role in
security in MANET.
2015) the management of trust schemes in
MANET using SI.

Java Nessus ACO API is

utilized to detect moving
vulnerability in the network
Network security Detect vulnerabilities and improving host using the following six Java Nessus ACO API provides
4. (Parul, & Arun. Patel, ACO performance in the network security methods of TCP connect() better results than conventional
2013) management. scan, TCP SYN scans, stealth methods.
FIN scans, XMAS tree scans,
NULL scans, UDP scans, and
ping scans.

ACO based system effectively

Morwilog, a hybrid method of Simulated dataset created by
Threat detection in travels through path to identify
Manhill and ACO is proposed for Splunk Event Generator
5. the network (Julio, & ACO the sequence of actions (attacks)
finding multiple modular attacks in composed by a total of 1038
Pierre, 2016) in the tree (network) and improve
the network. different types of logs.
security in a better way.

M-M scheme integrated with VSS is

ACO, Session Initiation
Protocol (SIP), Verifiable
Data transmission over
Secret Sharing (VSS), Shamir
wireless network
6. Secret Sharing (SS) and
(Shankar, &
Multiplex-Multicast
Karthikeyan, 2017).
(M-M) scheme and used QoS
Parameters.
It is evaluated in the Network
proposed to enhance the quality and
simulator(NS-2) to measure The proposed VSS with M-M
reduce the cost of voice transmission
packet delay variations, method gives Round Trip Time
in the network. The fitness
round trip time and jitter. The (RTT) of 16.69% and 35.67%
evaluation of ACO is measured
mobile Wi-MAX better results than
using Mean Opinion Score (MOS)
IEEE 802.16e is used as VSS and Shamir SS methods
for attaining quality of Voice Over
standard protocol in the respectively.
Internet Protocol (VOIP) in Wireless
wireless network.
Local Area Network (WLAN).

Intelligent Water Drops

(IWD), ACO, GA, Principal
Intrusion detection Component Analysis IWD+ACO method consumes
Combined version of IWD and ACO
7. system (Farha, & (PCA), Information Gain, KDD Cup 99 dataset lowest training time of 0.97
algorithms.
Shailendra, 2017) Information Gain Ratio SVM minutes to SVM.
and analyzed Number and
velocity of water drops.

ACO algorithm is implemented to ACO combined with naïve bayes

Intrusion detection
choose optimal feature space to give attains 4.81% and 5.32% detection
8. (Namita, & Vineet, SVM, Naïve Bayes and ACO KDD Cup 99 dataset
training for both SVM and naïve rate better than SVM and naïve
2012)
bayes. bayes respectively.

Multidomain elastic optical networks

Bat algorithm is able to choose
(MDEONs) are introduced to
Improvement of best routing path which is proved
enhance interoperability, network
security in physical Bat algorithm, Game Assisted to produce
scalability and service coverage.
9. layer network Routing and Spectrum Simulated dataset better spectrum assignment,
BAT algorithm is utilized to choose
(Kumarnath, & Batri, Assignment (GA-RSA) increase in the delivery ratio and
routing wavelength based on
2018) hop count reduction compared to
echolocation character with varying
GA-RSA.
rate of emission and loudness.

K-Means with firefly algorithm

based anomaly detection method
K-Means with FA and Bat
Anomaly detection FA, K-Means, CS, Bat is proposed. K-Means clustering is
algorithm achieves highest
10. (Arvinder, Saibal & algorithm and Canopy and applied to build training model and NSL-KDD dataset
classification accuracy than
Amrital, 2018) Farthest First metaheuristic algorithm is utilized to
conventional approaches.
validate classification performance
on the testing dataset.

continued on following page

8

Review on Intelligent Algorithms for Cyber Security

Table 1. Continued
S.
Application Algorithm Methodology Dataset / Tools / Metrics Description
No.

Enhancing security Proposed trust firefly algorithm

in wireless sensor improves the performance of
Trust based cluster head selection
network (Anbuchelian, Mica testbed consist of detecting malicious nodes and
11. FA mechanism using firefly algorithm
Lokesh, & 23nodes energy level compared to weighted
is proposed.
Madhusudhanan, clustering algorithm and trust with
2016) weighted clustering algorithm.

Improving security in PSO algorithm is implemented to PSO based approach reduces

MANET PSO and Dynamic Path choose optimal path for transferring Simulation environment of 42.68% execution time and
12.
(Mahalakshmi, Strategy packets from source node to Java EE and Java Net beans. improves 70.27% throughput than
Vadivel, (2018) destination node. dynamic path strategy method.

PSO algorithm is applied to choose

Network intrusion PSO and PSO-BPNN improves 2% accuracy
optimal feature space and it is
13. detection (Xiang, Back Propagation Neural KDD Cup 99 dataset to identify anomaly than
implemented for training BPNN
2018) Network (BPNN) GA-BPNN method.
using trial and error method.

PSO based optimal selection (PSO- The PSO-OPS achieves better

Security in trusted
OPS) approach is proposed. PSO results, in terms of, link
Peer to Peer system
14. PSO algorithm is employed to choose Simulated dataset stress, average query delay,
(Senthil & Revathi,
best peer for data transmission in the communication delay, finish time,
2016)
heterogeneous network. network cost and success rate.

Prediction of network PSO-BPNN method achieves high

PSO algorithm is utilized to optimize
security situation PSO, Radial Basis Function accuracy, minimize error values
weight value and threshold value
15. (Zongming, Guolong, (RBF), GA and Dataset from HoneyNet and exhibit good performance
incorporated in BPNN to forecast
Wenzhongc, & BPNN index than RBF, BPNN and
network security situation.
Yanhua, 2008) GA-BPNN.

Botnet detection
mechanism PSO with K-Means clustering Better performance in the detection
PSO and Real time environment of
16. (Shing-Han, Yu- algorithm is proposed to detect of some suspicious botnet
K-Means clustering algorithm educational campus network.
Cheng, Zong-Cyuan, botnet in the network. members than earlier approaches.
& David, 2015)

HS algorithm is utilized to select

Intrusion detection DE, Harmony Search optimal (relevant) feature space for Adequacy of 1.21% type I error
KDD Cup 99 intrusion
17. model (Hodashinsky, (HS) and Fuzzy rule based the design of rule based classifiers. and a 0.39% type II error compared
detection dataset
& Mech, 2018) classifier DE is applied to parameter tuning of to other methods.
Fuzzy rule based classifier.

The study shows that DE is

Study on Differential applied in solving issues such
Application of DE algorithms in
Evolution for Mobile as handling networks (up to 500
18. DE solving mobile ad-hoc networks is No dataset required
Ad-hoc networks nodes) with minimum overhead
surveyed.
(Prabha, Yadav, 2018) and strengthening of cryptographic
algorithms (up to 9 key size).

This research is focused on

identification of the following three Real time dataset taken Network security model is hosted
Development of
types of attack namely active attack, from internet and local area on web server. Examined results
security policy in
passive attack and brute force attack. network is used. Open source show that the proposed system is
19. network GA
Network security policy, framework software consists of Jpcap, able to detect attack and security
(Lobo, & Suhas.
and analysis are carried out using winpcap and Colasoft Capsa policy introduced by GA is more
Chavan, 2012)
genetic algorithm to choose best is used for implementation. effective.
security policy for mitigating attacks.

The key strength is measured

using GRC Interactive Brute
Information security Force key Search Space
Genetic algorithm is utilized for
(Muhammad, Ghula, Calculator and compared with Less execution time and better key
20. GA random generation of keys which is
Noor, Raheel, & Data Encryption Standard strength.
injected into data for encryption.
Muhammad, 2018) (DES) and Advanced
Encryption Standard (AES)
algorithms.

STUDY ON DEEP LEARNING IN CYBER SECURITY

Deep learning algorithm is precisely an extension of Artificial Neural Network (ANN) constructed
with several layers of hidden nodes between input node and output node. Initialization and adjustment
of weight factor in the intermediate hidden nodes is greatly improved the learning ability or efficiency
of neural network. Activation functions namely, sigmoid, tanh, ReLU, leaky-ReLU and ELU are most

9
 
Review on Intelligent Algorithms for Cyber Security

Table 2. Role of machine learning algorithms in solving cyber security problems

S.No Application Algorithm Methodology Dataset / Tools / Metrics Description

The proposed 2D sparse auto

encoder system effectively
An effective sparse encoder tool is indicates the anomalies. The
Anomaly detection introduced using neural network error threshold for anomaly
1. Neural network Large dimension healthcare data
(Jerry, 2016) to indicate anomalies in the health detection is evaluated and
system. trained error values are
incorporated in neural network
to produce better results.

Using machine learning and signature

Distributed Denial of
detection techniques. Decision tree It is tested in open source Open
Service (DDoS) attack
(C4.5) algorithm is adopted to extract Stackjuno software to build To detect and mitigate DDoS
detection in cloud
2. C4.5 algorithm features from signature archives to public, private and hybrid cloud threat that inflicts serious
environment (Marwane,
detect DDoS attack in the network in the simulation environment of damage to cloud performance.
Said, Noureddine, &
layer and transport layer of Open virtual machine and virtual LAN.
Youssef, 2017)
Systems Interconnection(OSI) model.

To effectively identify botnet

Random forest algorithm
Botnet detection (Xuan, K-NN, C4.5, Random measures, namely, honeynet-based Domain Name Service (DNA)
3. produces 90% overall
& Quynh, 2018) Forest and Naïve Bayes and Intrusion Detection Systems query data.
classification accuracy
(IDS)-based model is proposed.

Random Forest algorithm yields

classification accuracy of 90%
It is validated in the real time test True Positive Rate (TPR) with
bed environment consist of five Dorkbot, Zeus, Spy Eye and
HTTP based botnet Decision tree, K-NN, Classifier algorithm is implemented computers installed with windows Cutwail detection. Moreover,
4. detection (Rudy, Faizal, Naïve Bayes and Random to detect HTTP botnet threat in the 7 operating system. There are five k-NN is able to show good
Fahmi & Lee, 2018) Forest network traffic. types of HTTP botnets used in performance, in terms of,
this study, such as, Dorkbot, Zeus, average TPR of 95.47% botnet
Citadel, Spy Eye, and Cutwail. detection accuracy and reduce
false alarm rate than other
classifiers.

Genetic algorithm is implemented
to extract signatures from SQL
Cyber-attacks detection (Structured Query Language) log
5. (Rafał, & Michał, Bayesian network and GA files. Injection attack detection
2014) system is proposed using bayesian
network for identifying intruder
attack file.
It used to SQL attack injection
methodology and tested with
sql map tool and compared with
Apache SCALP, SNORT
and
ICD (Idealized Character
Distribution).
The hybrid method combines
signature based approach
and anomaly-based methods
produces promising results in
the attack file detection than
traditional signature based
method.

This review encompasses network

intrusion detection, phishing
Machine learning techniques
detection, spam detection
are successfully employed in
Logistic regression, in social network, testing
To investigate the characteristics many areas, for instance, spam
Role of machine Regression Trees (CART), security properties of protocols,
namely, adaptability, scalability detection, virus detection, and
learning in cyber Bayesian Additive authentication with keystroke
6. and potential of machine learning surveillance camera robbery
security (Vitaly, & Regression Trees (BART), dynamics, cryptography, human
algorithm to solve various of kinds of detection. In some situations,
Ambareen, 2014) SVM, Random Forest interaction proofs, smart meter
cyber security problems. classifier algorithms itself may
and NN energy consumption profiling and
cause malicious attacks in the
limitations of machine learning
network.
techniques in solving cyber
security problems are addressed.

Honeypot detection Data captured from SOAP Classifier algorithms are able to
A model is proposed to detect and
in web services SVM,SVM Regression and (Simple Object Access Protocol) identify and categorize normal
7. classify web services honeypot target
(Abdallah, Tarek, & Apriori algorithm messages on the web services and suspicious web services
attackers.
Adel, 2013) have been taken for this study. attacks on the honeyspot.

The proposed unsupervised

It is tested in honeypot traffic
Honeypot attacks Clustering ensemble and Unsupervised learning method is techniques perform better in
8. traces gathered at the University
(Philippe, 2014) sub-space clustering applied identifying risk analysis of
of Maryland.
honeypot traffic in the internet.

Honeypot Multi-Armed Bandit A set of honeypot selection strategies The algorithms are tested in the A new model is effective to
9. configurations (Marcus, (MAB) problem and Upper are framed to configure security scenario of uniform random, fixed improve exploit detection by
& Christopher, 2017) Confidence Bound (UCB) model. random and pure strategy. applying learning methods.

Malware detection It shows that performance

The smartphone honeypot system is
10. (Hanaa, Nidaa, & K-means algorithm 1260 malicious dataset counter is used as effective tool
designed and developed.
Assmaa, 2017) for malware detection.

Honeypot detection An improved security model is The proposed approach is

(Fatna, Nisrine, developed for identifying malicious 300 user profiles collected from greatly identifying malicious
11. Feature based strategy
Younes, & Habiba, users in social network websites like Twitter using WEKA tool. accounts in the online social
2017) Facebook, Twitter and LinkedIn. networks.

continued on following page

10

Review on Intelligent Algorithms for Cyber Security

Table 2. Continued
S.No Application Algorithm Methodology Dataset / Tools / Metrics Description

An IoT threat is classified into

Distributed Denial of Service
It signifies that the proposed
(DDoS), malware, data breaks
IoTthreat detection Intrusion Detection System
12. ANN and weakening perimeters. ANN No dataset required
(Tayyaba, 2017) (IDS) could be avoid DDoS
technique is suggestedto detect
attacks in IoT.
anomaly and intrusion in the
network.

Cross validation test is carried

One-sided perceptron, A versatile framework is constructed
Malware detection out with combinations of 7822 Optimized one-sided perceptron
Kernelized One-sided using machine learning methods to
13. (Dragos, Mihai, Dan, & malware unique files and 415 gives better results for malware
perceptron and Optimized distinguish between malware files
Liviu, 2009) clean unique detection than other algorithms.
One-sided perceptron and normal files.
files.

Phishing detection system using

Totally, there are 4000 dataset
machine learning techniques
consist of (3027 – legitimate
is proposed. Machine learning The examined results show
Phishing detection SVM, emails and 973 – phishing
algorithm is applied to extract feature that ANN gives classification
14. (Basnet, Srinivas, & K-Means, ANN and Self emails) have been taken for this
subset (HTTP-email, IP-based URL, accuracy of 97.99% than other
Andrew, 2008) Organizing Maps (SOMs) study. 2000 samples are used for
age of domain name, number of algorithms.
training and remaining used for
links, URL based image source,
testing purpose.
matching domains and keywords).

In the wrapper based feature selection

method, Machine learning technique
Investigational results show that
Phishing website BPNN, RBFN, KNN, is applied to extract features from
UCI machine learning repository BPNN, K-NN and RBF achieves
15. detection (Waleed, SVM, Naïve bayes, C4.5 address bar based URLS, abnormal
dataset better classification results
2017) algorithm and RF) based features, HTML and Javascript
compared to other algorithms.
based features and domain based
features.

Machine learning algorithms are

Machine learning
greatly implemented to identify
algorithm such as Naïve
Review on security security threats in the network.
bayes, Logistic regression,
threats and defensive A study on application of machine Application of defensive
Decision tree, SVM,
techniques using learning techniques for security threat techniques are viewed in two
16. Principal Component No dataset required
machine learning detection and defensive techniques perspectives, namely, security
Analysis (PCA), clustering
algorithm (Qiang et applications are done. assessment mechanisms in the
algorithm and deep
al., 2018) training phase and
learning algorithm are
data security and privacy in the
applied.
testing or inferring phase.

A generic learning model is

Features extracted using
developed to classify genuine and
Signature verification Person-independent It is validated with 1320 genuine Gradient, Structural and
forged signatures. Kolmogorov-
(Harish, Sargur. (General) learning and signatures and 1320 forgeries to Concavity (GSC) based hybrid
17. Smirnov (KS), Kullback-Leibler
Srihari, & Matthew, person-dependent (Special) measure error rate of signature (KL and KS) method deliver
(KL), Reverse KL, Symmetric KL
2006) learning authentication. promising results than other
and Jensen-Shannon KL measures
algorithms.
are applied.

The empirical study and

A framework is constructed to design The dataset from National
Vulnerability discovery feedback obtained from experts
and develop predictive model using Vulnerability Database
(Saahil, Ricardo, Random Forest and Naïve of secure software development
18. metaheuristic algorithm in order to (NVD) consist of Common
Alexander, & Pooja, Bayes are ultimately utilized to
discover vulnerability threats in the Vulnerabilities and Exposures
2018) improve effectiveness of
software’s. (CVEs)
predictive model.

Intrusion Detection System (IDS) is

developed using machine learning
algorithm to detect various attacks Random forest algorithm
Intrusion detection K-Means clustering and namely, DoS attacks, Probing attacks KDD 99 Cup intrusion detection produces better results to
19.
(Yi, & Myat. 2018) Random forest algorithm (information gathering attacks), user- benchmark dataset categorize normal and attack
to-root (U2R) attacks (unauthorized connections.
access to local super-user) and
remote local attacks.

String replace algorithm is applied

and, data normalization technique
Intrusion detection in is utilized to normalize the whole Machine learning approach
fog computing (Kai, Decision tree, BernoulliNB dataset. Then, Decision tree KDD 99 Cup intrusion detection is considered as effective
20.
Victor, Shangguang, and K-NN algorithm is employed to classify benchmark dataset mechanism to detect intrusion in
Chao, & Tao, 2018) normal attack, DoS attack, probing the fog environment.
attack, Remote to User (R2L) Attack
and User to Root (U2R) attack.

11
 
Review on Intelligent Algorithms for Cyber Security

widely used in the neural network. Convolutional Neural Network (CNN) and Recurrent Neural Network
(RNN) are classical examples of deep learning algorithm. Implementation of deep learning algorithm in
solving cyber security problems is still in the progressing stage and few contributions have been done
so far. The primary challenges involved in the utilization of deep learning algorithm is that, it requires
huge processing power, large volume of data, overfitting (model could not be easily generalize) and
vanishing gradients. Table 3.given below illustrates the application of deep learning algorithm for solv-
ing cyber security problems.

INFERENCES

To summarize it, the inferential analysis on the implementation of intelligent algorithms is portrayed
in Figure 7 It illustrates that nature inspired algorithms are frequently applied to further improve the
performance of classical cyber security algorithms. It is also utilized to choose fine-tuned parameters
and enhance learning rate in order to yield better results. From the figure, it is understood that, in solv-
ing intrusion detection problems, nature inspired algorithms are employed to choose optimal features
which are feed into learning model to categorize normal attack and abnormal attack. It leads to improve
classification accuracy, learning rate and reduce error rate. ACO algorithm is utilized to choose optimal
protocols to configure network model for data transmission. Machine learning algorithms are utilized to
train learning models for feature analysis and pattern recognition. It demonstrates that machine learning
techniques are significantly improves the classification accuracy in botnet detection, phishing detection
and intrusion detection. It shows that deep learning algorithms are ultimately enhanced the efficiency
of decision model to detect vulnerable threats in the cyber space.

Figure 7. Application of intelligent algorithms in cyber security problems

12

Review on Intelligent Algorithms for Cyber Security

Table 3. Role of deep learning algorithms in solving cyber security problems

S.No. Application Algorithm Methodology Dataset / Tools / Metrics Description

Restricted Bolzmann
Deep learning algorithms
Machine (RBM), deep In the classification, RBM, DNN, RNN,
Network anomaly deliver promising results
belief network (DBN), SVM, random forest and Adaboosting
detection with improved accuracy
1. Deep Neural Network techniques are utilized to categorize DoS NSL-KDD dataset
(Donghwoon et al., compared to conventional
(DNN), attack, User to Root attack, Remote to
2017) machine learning
and RNN, SVM, random local attack and probing attack.
techniques.
forest and Adaboosting.

Virtualized
Infrastructure (VI),
Virtualized Network
Functions (VNF),
Management and
Orchestration (MANO) and
Operations The proposed two-level
Network Anomaly Detection (NAD)
and Business Support deep learning model has
Anomaly detection in learning model is constructed to analyze
Systems (OSS/BSS), achieved high classification
5G network (Lorenzo, complex symbolic patterns by extracting
2. Anomaly Symptom CTU dataset accuracy and effective
Angel, Félix, Manuel, features from network traffic. Improved
Detection (ASD), Long resource utilization to
& Gregorio, 2018) learning model is efficiently trained to
Short-Term Memory attain highest performance
find intrusion in the 5G mobile network.
Recurrent in the 5G network.
Networks (LSTM), Deep
Learning Neural Network
(DLNN), Network
Anomaly Detection (NAD)
and Radio Access Network
(RAN).

DNN is proposed to develop multi-

biometric secure system. Bilinear
The classification
Multi-biometric architecture model of CNN is employed Face-CNN and Iris-CNN 2012-
performance of DNN based
secure system (Veeru, to extract features from archives of face 2013 subsets of the West Virginia
3. CNN and DNN two fusion architecture
Matthew, & Nasser, and iris data samples. Reed-Solomon University (WVU) multimodal
maintains good security
2017) code is implemented to provide error dataset
and robustness.
correcting capabilities of multi-biometric
secure system.

The examined results

show that Deep learning
K-means algorithm is implemented to Sanitized set of log files provided
algorithm is able to
Cyber threat detection group outliers present in the dataset and by The University of North Florida
K-Means clustering and exactly detect and classify
4. (Glenn Monroe preprocessed data is applied to deep Information Technology Security
DNN starvation attack, malware
Lambert II, 2017) learning model to detect intrusion found Department is used for this
attack, denial of service
in the network. experiment.
attack and reconnaissance
attack.

Machine learning
algorithm solve three
relevant cyber security
RNN, Deep Belief problems such as intrusion
Random forest algorithm is
Networks, Fully Forward detection, malware analysis
used for give training using
Neural Network (FNN), and spam detection have
features extracted from 20,000
Intrusion detection, Stacked Auto Encoders been performed. The
DGC domain contributed by
malware detection, (SAE), Domain Generation experimental results
real enterprise systems to do
spam and phishing Algorithms (DGA), Naïve Machine Learning (ML) algorithms for show that right selection
classification. FNN and Deep
5. detection (Giovanni, Bayes (NB), SVM), K-NN, solving various kinds of cyber security of ML algorithms
learning algorithms are trained
Michele, Luca, Random Forest (RF), applications is analyzed. and cyber security
using ReLU and sigmoid activation
Alessandro & Mirco, Logistic Regression (LR), problems determines its
function to detect malware and
2018) Shallow Neural Network effectiveness. But still,
benign network flows collected
(SNN), Deep Learning continuous training and
from large organization
(DL) algorithm and Hidden parameter tuning are
of nearly 10,000 hosts.
Markov Model (HMM) required to make ML and
DL algorithms to produce
promising required are also
need to be considered.

Deep learning and traditional machine

learning algorithms are implemented Deep learning model
to detect threats in social IoT/Fog is greatly identify
Deep learning based
ecosystem consist of various category normal/attack data and
IoT/Fog
of attacks namely, probe, Remote to it has shown excellent
network attack Deep Learning Model and KDDCUP99, ISCX and NSL-KDD
6. Local (R2L), User to Root (U2R) and performance than
detection system Shallow Learning Model dataset
Denial of Service (DoS). Tanh, Rectified traditional machine
(Abebe, & Naveen,
Linear and Maxout are used as activation learning algorithms, such
2017)
functions for give training to proposed as, SVM, decision trees
Deep learning based Intrusion Detection and other neural networks.
System (IDS).

continued on following page

13
 
Review on Intelligent Algorithms for Cyber Security

Table 3. Continued
S.No. Application Algorithm Methodology Dataset / Tools / Metrics Description

Compared with traditional

algorithms, namely,
Intrusion detection RNN algorithm is introduced to construct
J48, Naïve Bayesian and
(Chuanlong, Yuefei, intrusion detection learning model for
7. RNN NSL-KDD dataset Random forest, RNN-IDS
Jinlong, & Xinzheng, finding normal and anomaly attacks in
has achieved high accuracy
2017) the network.
rate and reduce detection
with false positive rate.

JSMA attack in the

construction of deep
Fast Gradient Sign Method State-of-the-art attack algorithms are
learning model causes less
(FGSM), Jacobian-Based utilized to construct Deep learning model
Intrusion detection vulnerability and deliver
8. Saliency Map attack for finding distinctive threats, namely, NSL-KDD dataset
(Zheng, 2018) better protection and
(JSMA), DeepFool and Denial of Service (DoS), probe, R2L
defense effort compared
CW attack and U2R.
to other conventional
algorithms.

DBN model is developed to find website DBN model is able to

Web phishing security threats in the Internet. The approximately achieve
Deep Belief Networks Real time Internet Service Provider
9. detection (Ping et al., learning model is trained by using two 90% true positive rate
(DBN) (ISP) data
2018) set of features: original feature and and minimize 0.6% false
interaction feature extracted from SVM. positive rate.

Deep learning model is constructed using

Stacked SAE for identifying malware threats. Results proved that
Intelligent malware
Auto Encoders (SAEs), Analysis on the Windows Application Real time data samples collected the proposed method
detection (William
10. SVM,Naïve Bayes, Programming Interface (API) is generated from Comodo outperforms than
Lingwei and Xin Li,
Decision Tree (DT) and from Portable Executable (PE) files to Cloud Security Center industry. conventional shallow
2016)
ANN extract features for giving training to the learning architectures.
learning model.

There are two set of data samples

A novel approach is formulated to find
are used. The first dataset consist
injected malware in the binary files.
of exe/dll with size of 32 KB The proposed model is able
Malware detection Fast Gradient Sign Method (FGSM)
11. CNN benign binary files collected from to detect normal files and
(Felix et al., 2018) is proposed to collect features from
50 different vendors. Second attack files effectively.
adversarial examples which are utilized
dataset taken from Kaggle 2015
for give training to CNN model.
dataset.

Deep learning architecture is modelled

The validation of results
to detect fraudulent e-mails that try to
Phishing e-mail shows that learning
steal individual personal information like
detection (Reza, Deep Learning Network model achieves 96%
12. username, password, credit card number Benchmark dataset
Erdogan, Roya, Onur, algorithm classification accuracy than
and so on. E-mails represented in vector
& Nazli, 2018) standard machine learning
format is utilized to develop a neural
algorithms.
network model.

Invariants of signatures consist of 300

variants in each category and totally
Experimental results
1,800 samples are fed into DBN model Totally, 1,800 vectors size of over
Malware signature portray that DBN
for finding categories of malware 20,000 data samples converted into
generation and Deep Belief Network model obtained 98.6%
13. families such as Zeus, Carberp, Spy-Eye, 30-sized
classification (Eli, & (DBN) classification of signature
Cidox, Andromeda, and Dark Comet in Representations are conducted in
Nathan, 2015) detection than SVM
Internet logged from API calls and their this study.
classifier.
parameters, registry entries, websites and
ports accessed.

Convolutional neural network based

Secure Wireless Sensor Network
Middleware (SWSNM)is framed and
Results signify that
trained using features extracted from
the proposed SWSNM
Secured middleware generative adversarial network algorithm.
provides more stronger
in Wireless Sensor It consists of two networks: a generator
SVM, DT, Adaboost mechanism, consumes less
14. Network (WSN) (G) network and a discriminator (D) NSL-KDD benchmark dataset
and CNN energy, reduce delay time
(Remah, & Khaled, network. The G network combines
and attains high throughput
2018) fake data with real dataset generated
compared to counterpart
from sensors are feed into confuse the
algorithms.
attacker. The D network is trained to
find distinction between real data and
fake data.

The proposed model

Security of in- produces 98% average
Features extracted from DBN are fed into
vehicular network detection accuracy rate to
15. DBN and ANN model a deep neural network to detect Simulated data
(Min-Joo, & Je-Won, classify normal packets and
intrusion of in-vehicular network.
2016) hacking packets than ANN
architecture.

14

Review on Intelligent Algorithms for Cyber Security

Table 4. Role of algorithms for security in Mobile Ad-hoc Network (MANET) applications

Algorithm /
Dataset / Tools
S.No. Application Parameter Methodology Description
/ Metrics
Selection
Logistic Regression
(LR) and Support
LR outperforms
Vector Machine
LR and SVM are than SVM in
Detection of (SVM)
applied to classify Anderson’s Iris differentiating
1. malicious attacks Packet Delivery
normal packets and dataset between normal and
in real time basis Ratio (PDER) and
abnormal packets abnormal MANET
Packet Modification
packets.
and Misroute Rate
(PMMR)
ANN is applied to
attack detection, Weka Tool
Intrusion Achieved highest
ANN isolation and / Simulated
2. detection in classification
Setdest and Cbrgen reconfiguration in 16 nodes in
MANET accuracy.
varied network traffic network
condition.
Machine learning
C4.5, K-NN,
Anomaly techniques are applied Black hole MLP is better than
Multilayer
3. detection in to detect normal and and Gray hole other classification
Perceptron (MLP)
MANET attacked behaviour of attacks models.
and SVM
the system.

Figure 8. Rastrigin function

Moreover, most of the organizations are investing huge amount in building AI based cyber-security
model to protect computer system against vulnerable threats. The tool developed by Symantec called
Symantec’s Targeted attack analytics (TAA) tool which integrates machine learning and AI techniques
for building expert systems to discover targeted attacks. Intercept X tool is developed by Sophos which is
a British security hardware and software company. It applies deep learning network to develop learning
model which works in a same way like human brain to detect threats. US Defense Advanced Research
Projects Agency (DARPA) developed Cyber Genome program to discover malware threats in 2010.
Darktrace’s Enterprise Immune System introduced Darktrace Antigena software product based on ma-
chine learning techniques which is able to detect viruses, human intervention, malicious attacks, pattern

15
 
Review on Intelligent Algorithms for Cyber Security

identification and respond to the real world environment based on the severity of threats. IBM developed
IBM’s QRadar Advisor tool based on Artificial Intelligence that uses IBM Watson technology. It is
able to deliver brilliant reasoning by identifying malicious attacks based on cognitive analysis. Vectra’s
Cognito platform uses AI techniques to find real time attackers and threats in IoT devices (https://www.
vectra.ai/solutions/use-cases/attack-detection). Aforementioned potential cyber security research works
progressing in industries / organizations proved that intelligent algorithms are significantly encountered
in the large scale of cyber security problems / applications.

RESEARCH SUMMARY

An elaborative study on the implementation of intelligent algorithms, namely, nature inspired computing
paradigms, machine learning techniques and deep learning algorithms for solving the large scale of cyber
security problems, such as, network security, information security, secure communication in wireless sen-
sor networks, cryptographic algorithm to reduce threats in data transmission over the network, intrusion
detection, phishing detection, signature verification, anomaly detection, malware detection, IoT security,
security in web service, ad hoc security, biometric security, honeypot security, vulnerability assessment,
social applications security, botnet detection, attack detection and sensor network security are success-
fully analyzed. The potential study exemplify that the application of intelligent algorithms play a vital
role in improving the performance, in terms of, security, threat detection, throughput, end-to-to delay,
less energy consumption, packets delivery, vulnerability detection in IoT and social networking sites of
cyber security applications. Figure 8 portrays the skeleton of intelligent algorithms utilization areas in
solving cyber security problems. In this research work, intelligent algorithms are broadly categorized
into three types, such as, NIC algorithms, machine learning algorithms and deep learning algorithms.
This study illustrates that all these three intelligent classification algorithms are significantly utilized
to solve a wide variety of cyber security problems. The major difference that exists in the selection of
intelligent algorithms is discussed as follows. Machine learning technique involves supervised adaptation,
unsupervised adaptation and reinforcement adaptation which are primarily employed to categorize data-
set, such as normal attack and abnormal attack, grouping similar data patterns namely outlier detection,
dimensionality reduction and transformation namely feature subset extraction involved in the learning
model. Nature inspired computing paradigms are employed to enhance the performance of machine
learning techniques for solving the specific cyber security problems. That is, NIC algorithms are applied
to optimize weight values and parameters tuning involved in the learning model, extraction of optimal
feature subset and selection of optimal features that improves the efficiency and accuracy of learning
model. Deep learning algorithms exhibit better performance than standard shallow learning architectures.
Because, Deep learning model consist of large number of hidden layers encompasses distinct hidden
nodes that ultimately enhances the learning ability which leads to produce promising results, in terms
of, throughput, packets delivery, end to-end delay, less energy consumption and learning approach. The
construction of Deep learning model is a more appropriate method where it involves large volume of
dataset, GPU system acceleration and requires complex activation function to perform computation.

16

Review on Intelligent Algorithms for Cyber Security

An exploratory analysis of Rastrigin benchmark function for finding the global optimum is analysed
and portrayed in Figure 9 (Monther Aldwairi et al. (2012).
Rastrigin’s function (Continuous, Differentiable, Partially-Separable, Scalable, Multimodal)

f (x ) = 10.n ∑x i2 − 10.cos (2πx i ) (1)

i =0

CONCLUSION AND FUTURE WORKS

In this work, the implementation of intelligent algorithms, namely, nature inspired computing paradigms,
machine learning techniques and deep learning algorithms involved in cyber security problems to obtain
betterment results are summarized. The requirements of employing intelligent algorithms in develop-
ing cyber security models to detect various types of attacks and its significance make traditional cyber
security algorithms to exhibit better performance are investigated. The most prominent AI based cyber
security tools developed by several organizations are studied. It emphasizes the efficiency of intelli-
gent algorithms for constructing powerful cyber security models to detect threats or any vulnerability.
This study could be extended to focus on fitness function evaluation, selection of activation function
and performance metrics incorporated in the intelligent algorithms to produce highly quantitative and
qualitative results that improves the performance of cyber security problems/applications in the future.

REFERENCES

Ahmed, H. M., Hassan, N. F., & Fahad, A. (2017). Designing a smartphone honeypot system using
performance counters. Karbala International Journal of Modern Science, 3(1), 46–52. doi:10.1016/j.
kijoms.2017.02.004
Aldwairi, M., Khamayseh, Y., & Al-Masri, M. (2015). Application of artificial bee colony for intrusion
detection systems. Security and Communication Networks, 8(16), 2730–2740. doi:10.1002ec.588
Ali, W. (2017). Phishing website detection based on supervised machine learning with wrapper fea-
tures selection. International Journal of Advanced Computer Science and Applications, 8(9), 72–78.
doi:10.14569/IJACSA.2017.080910
Alshinina, A. R., & Elleithy, M. K. (2018). A highly accurate deep learning based approach for devel-
oping wireless sensor network middleware. IEEE Access: Practical Innovations, Open Solutions, 6,
29885–29898. doi:10.1109/ACCESS.2018.2844255
Anbuchelian, S., & Lokesh, S., & Baskaran, M. (2016). Improving security in wireless sensor network
using trust and metaheuristic algorithms. International Conference on Computer and Information Sci-
ences, 233-241. 10.1109/ICCOINS.2016.7783220

17
 
Review on Intelligent Algorithms for Cyber Security

Apruzzese, G., Colajanni, M., Ferretti, L., Guido, A., & Marchetti, M. (2018). On the effectiveness of
machine and deep learning for cyber security. In T. Minárik, R. Jakschis, & L. Lindstrom (Eds.), In-
ternational Conference on Cyber Conflict (pp. 371-390), Tallinn, Estonia: Academic Press. 10.23919/
CYCON.2018.8405026
Aung, Y. Y., & Min, M. M. (2018). An analysis of k-means algorithm based network intrusion detection
system. Advances in Science. Technology and Engineering Systems Journal, 3(1), 496–501. doi:10.25046/
aj030160
Bae, C., Yeh, W.-C., Mohd, A. M. S., Chung, Y. Y., & Hsieh, T.-J. (2012). A novel anomaly-network
intrusion detection system using ABC algorithms. International Journal of Innovative Computing, In-
formation, & Control, 8(12), 8231–8248.
Basnet, R., Mukkamala, S., & Sung, A. H. (2008). Detection of phishing attacks: A machine learning
approach. In B. Prasad (Ed.), Soft Computing Applications in Industry (pp. 373-383). Berlin, Germany:
Springer-Verlag.
Chhikara, PPatel, K. A. (2013). Enhancing network security using Ant Colony Optimization. Global
Journal of Computer Science and Technology Network. Web & Security, 13(4), 1–5.
David, O. E., & Netanyahu, S. N. (2015). Deepsign: Deep learning for automatic malware signature
generation and classification. In International Joint Conference on Neural Networks (pp. 1-8). Killarney,
Ireland: Academic Press.
Deepa, T. P. (2014). Survey on need for cyber security in India. doi:10.13140/2.1.4555.7768
Diro, A. A., & Chilamkurti, N. (2017). Distributed attack detection scheme using deep learning approach
for Internet of Things. Future Generation Computer Systems, 82, 761–768. doi:10.1016/j.future.2017.08.043
Dollah, R. F. M., Faizal, M. A., Arif, F., Mas’ud, M. Z., & Xin, L. K. (2018). Machine learning for http
botnet detection using classifier algorithms. Journal of Telecommunication, Electronic and Computer
Engineering, 10(1-7), 27-30.
Eberhart, R., & Shi, Y. (2011). Computational Intelligence: Concepts to Implementations. Elsevier
Morgan Kaufmann Publications.
Elmendili, F., Maqran, N., Idrissi, Y. E. B. E., & Chaoui, H. (2017). A security approach based on hon-
eypots: Protecting online social network from malicious profiles. Advances in Science. Technology and
Engineering Systems Journal, 2(3), 198–204. doi:10.25046/aj020326
Ford, V., & Siraj, A. (2014). Applications of machine learning in cyber security. In International Confer-
ence on Computer Applications in Industry and Engineering (pp. 1-7). Academic Press.
Gavrilut, D., Cimpoesu, M., Anton, D., & Ciortuz, L. (2009). Malware detection using machine learning.
In Proceedings of the International Multiconference on Computer Science and Information Technology
(pp. 735–741). Mragowo, Poland: Academic Press.
Ghourabi, A., Abbes, T., & Bouhoula, A. (2013). Automatic analysis of web service honeypot data using
machine learning techniques. In International Joint Conference CISIS’12-ICEUTE´12-SOCO´12 Special
Sessions (pp. 1-11). Berlin, Germany: Springer-Verlag. 10.1007/978-3-642-33018-6_1

18

Review on Intelligent Algorithms for Cyber Security

Glenn, M., & Lambert, I. I. (2017). Security Analytics: Using deep learning to detect cyber attacks.
University of North Florida.
Gutierrez, M., & Kiekintveld, C. (2017). Adapting with honeypot Configurations to detect evolving
exploits. In Conference on Autonomous Agents and MultiAgent Systems (pp. 1565-1567). Sao Paulo,
Brazil: Academic Press.
Haneef, F., & Singh, S. (2017). Selection technique for intrusion detection system based on IWD and
ACO. International Journal of Advanced Research in Computer Science, 8(9), 270–275. doi:10.26483/
ijarcs.v8i9.4857
Hardy, W., Chen, L., Hou, S., Ye, Y., & Li, X. (2016). DL 4 MD: A deep learning framework for intel-
ligent malware detection. In Int’l Conf. Data Mining (pp. 61-67). CSREA Press.
Hassanpour, R., Dogdu, E., Choupani, R., Goker, O., & Nazli, N. (2018). Phishing E-mail Detection
By Using Deep Learning Algorithms. ACMSE Conference, New York. NY. 10.1145/3190645.3190719
Hoang, X. D., & Nguyen, Q. C. (2018). Botnet detection based on machine learning techniques using
DNS query data. Future Internet, 10(43), 1–11.
Hodashinsky, I. A., & Mech, M. A. (2018). Constructing a fuzzy network intrusion classifier based on
differential evolution and harmonic search. International Journal of Computer Networks & Communica-
tions, 10(2), 85–91. doi:10.5121/ijcnc.2018.10208
Kang, M. J., & Kang, J.-W. (2016). Intrusion detection system using deep neural network for in-vehicle
network security. PLoS ONE, 11(6).
Kaur, A., Pal, S., & Singh, A. P. (2018). Hybridization of k-means and firefly algorithm for intrusion
detection system. International Journal of System Assurance Engineering and Management, 9(4),
901–910. doi:10.100713198-017-0683-8
Khalil, T. (2017). IoT security against DDoS attacks using machine learning algorithms. International
Journal of Scientific and Research Publications, 7(6), 739–741.
Kozik, R., & Choraś, M. (2014). Machine learning techniques for cyber attacks detection. In R. S. Choraś
(Ed.), Image Processing and Communications Challenges 5 (pp. 391–398). Springer International Pub-
lishing. doi:10.1007/978-3-319-01622-1_44
Kreuk, F., Barak, A., Aviv, S., Baruch, M., Pinkas, B., & Keshet, J. (2018). Deceiving End-to-End
Deep Learning Malware Detectors using Adversarial Examples. In Conference on Neural Information
Processing Systems (pp. 1-6), Montreal, Canada: Academic Press.
Kumar, K. P., & Prasad, B, B. R. (2015). Investigating open issues in swarm intelligence for mitigating
security threats in MANET. Iranian Journal of Electrical and Computer Engineering, 5(5), 1194–1201.
Kumarnath, J., & Batri, K. (2018). A BAT algorithm based enhancement of physical layer security in a
multi domain-elastic optical network. International Journal of Pure and Applied Mathematics, 119(15),
2519–2525.
Kwon, D., Kim, H., Kim, J., Suh, S. C., Kim, I., & Kim, K. J. (2017). A survey of deep learning-based
network anomaly detection. In Cluster Computing (pp 1-13). Springer Science+Business Media.

19
 
Review on Intelligent Algorithms for Cyber Security

Li, S.-H., Kao, Y.-C., Zhang, Z.-C., Chuang, Y.-P., & Yen, D. C. (2015). A network behavior-based
botnet detection mechanism using PSO and k-means. ACM Transactions on Management Information
Systems, 6(1), 1–30. doi:10.1145/2676869
Lin, Z., Chen, G., Guo, W., & Liu, Y. (2008). PSO-BPNN-based prediction of network security situa-
tion. In International Conference on Innovative Computing Information and Control (pp. 1-5). Dalian,
Liaoning, China. IEEE.
Liu, Q., Li, P., Zhao, W., Cai, W., Yu, S., & Leung, C. M. V. (2018). A survey on security threats and
defensive techniques of machine learning: A data driven view. IEEE. IEEE Access: Practical Innova-
tions, Open Solutions, 6, 12103–12117. doi:10.1109/ACCESS.2018.2805680
Lobo, L. M. R. J., & Chavan, S. B. (2012). Use of genetic algorithm in network security. International
Journal of Computers and Applications, 53(8), 1–7. doi:10.5120/8438-2221 doi:10.5120/8438-2221
Mahalakshmi, S., & Vadivel, R. (2018). Particle Swarm Optimization algorithm (PSO) used for secu-
rity enhancement in MANET. International Journal of Advanced Research in Computer Science, 9(2),
233–241. doi:10.26483/ijarcs.v9i2.5643
Maimo, L. F., Angel, L. P. G., Clemente, F. G. J., Pérez, M. G., & Pérez, G. M. (2018). A self-adaptive
deep learning-based system for anomaly detection in 5G networks. In Special on Cyber-Physical-Social
Computing and Networking (pp. 7700 – 7712). Academic Press.
Murphree, J. (2016). Machine learning anomaly detection in large systems. Anaheim, CA: IEEE Au-
totestcon. doi:10.1109/AUTEST.2016.7589589
Nallakannu, S. M., & Thiagarajan, R. (2016). PSO-based optimal peer selection approach for highly
secure and trusted P2P system. Security and Communication Networks, 9(13), 2186–2199.
Navarro-Lara, J., Deruyver, A., & Parrend, P. (2016). Morwilog: An ACO-based System for Outlining
Multi-Step Attacks. In IEEE Symposium Series on Computational Intelligence (pp. 1-9). Athens, Greece:
IEEE. 10.1109/SSCI.2016.7849902
Nazeer, M. I., Mallah, G. A., Bhatra, N. R., & Memon, R. A. (2018). Implication of genetic algorithm
in cryptography to enhance security. International Journal of Advanced Computer Science and Applica-
tions, 9(6), 375–379. doi:10.14569/IJACSA.2018.090651
Ognawala, S., Amato, R. N., Pretschner, A., & Kulkarni, P. (2018). Automatically assessing vulnerabilities
discovered by compositional analysis. In International Workshop on Machine Learning and Software
Engineering in Symbiosis (pp. 16-25). New York, NY: Academic Press. 10.1145/3243127.3243130
Owezarski, P. (2014). Unsupervised classification and characterization of honeypot attacks. In Interna-
tional Conference on Network and Service Management (pp. 1-10). Rio de Janeiro, Brazil: Academic
Press. 10.1109/CNSM.2014.7014136
Pavani, K., & Damodaram, A. (2014). Anomaly detection system for routing attacks in mobile ad hoc
networks. International Journal of Network Security, 6, 13–24.

20

Review on Intelligent Algorithms for Cyber Security

Peng, K., & Leung, V., Zheng, LWang, S., Huang, C., & Lin, T. (2018). Intrusion Detection System
Based on Decision Tree over Big Data in Fog Environment. Wireless Communications and Mobile
Computing, 1–10.
Prabha, S., & Yadav, R. (2018). Differential evolution for mobile ad-hoc networks: A review. Interna-
tional Journal on Computer Science and Engineering, 6(6), 1459–1467.
Ramasamy, S., & Eswaramoorthy, K. (2017). Ant colony optimization based handoff scheme and verifi-
able secret sharing security with M-M scheme for VoIP. International Journal of Intelligent Engineering
and Systems, 10(5), 267–277. doi:10.22266/ijies2017.1031.29
Sebopelo, R., Isong, B., & Gasela, N. (2019). Identification of compromised nodes in MANETs using
machine learning technique. International Journal of Computer Network and Information Security, 1(1),
1–10. doi:10.5815/ijcnis.2019.01.01
Shrivastava, N., & Richariya, V. (2012). Ant colony optimization with classification algorithms used for
intrusion detection. International Journal of Computational Engineering & Management, 15(1), 54–63.
Sowah, A. R., Ofori-Amanfo, K. B., Mills, G. A., & Koumadi, M. K. (2019). Detection and prevention
of man-in-the-middle spoofing attacks in MANETs using predictive techniques in Artificial Neural
Networks (ANN). Journal of Computer Networks and Communications, 1-14.
Srinivasan, H., Srihari, S. N., & Beal, J. M. (2006). Machine learning for signature verification. In
P. Kalra, & S. Peleg (Eds.), Computer Vision, Graphics and Image Processing (pp. 761-775). Berlin,
Germany: Springer-Verlag.
Talreja, V., Valenti, M. C., & Nasrabadi, M. N. (2017). Multibiometric secure system based on deep
learning. In IEEE Global Conference on Signal and Information Processing (pp. 298-302). West Virginia
University. 10.1109/GlobalSIP.2017.8308652
Wang, Z. (2018). Deep learning-based intrusion detection with adversaries. IEEE Access. Challenges
and Opportunities of Big Data Against Cyber Crime, 6, 38367–38384.
Xiang, C. (2018). Network intrusion detection by using particle swarm optimization and neural network.
Journal of Networking Technology, 9(1), 22–30.
Yi, P., Guan, Y., Zou, F., Yao, Y., Wang, W., & Zhu, T. (2018). Web phishing Detection Using a Deep Learn-
ing Framework. Wireless Communications and Mobile Computing, 2018, 1–9. doi:10.1155/2018/4678746
Yin, C., Zhu, Y., Fei, J., & He, X. (2017). A deep learning approach for intrusion detection using recurrent
neural networks. IEEE Access: Practical Innovations, Open Solutions, 5, 21954–21961. doi:10.1109/
ACCESS.2017.2762418
Zekri, M., El Kafhali, S., Aboutabit, N., & Saadi, Y. (2017). DDoS attack detection using machine learning
techniques in cloud computing environments. In International Conference of Cloud Computing Technolo-
gies and Applications (pp. 1-8). Rabat, Morocco: Academic Press. 10.1109/CloudTech.2017.8284731

21
 
Review on Intelligent Algorithms for Cyber Security

KEY TERMS AND DEFINITIONS

Cyber Security: A set of information and computer technologies (ICT) are employed to protect
computational resources from unauthorized access.
Deep Learning Algorithm: It is a kind of machine learning algorithm which involves multiple layers
of neural network architecture, large set of dataset and highly powerful computer system for execution.
Machine Learning Algorithm: A set of mathematical approaches are utilized to give training, make
computer system to learn and perform set of actions or tasks autonomously.
Nature-Inspired Computing (NIC) Paradigms: Global optimization algorithm is developed by
inspiring natural phenomena such as foraging behavior, evolution, cell and molecular phenomena, re-
production, cognition and neuro systems, alignment phenomena in microscopes, non-biological systems
and geo-science based techniques as source of metaphor for problem solving.

22

View publication stats