Tired of reactionary cybersecurity measures? This paper introduces a proactive, "self-healing" hybrid intrusion detection system using an ensemble machine learning approach. By combining signature-based and anomaly-based intrusion detection, the system aims to improve the detection rates for both known and unknown cyber-attacks. The proposed model seeks to continually learn from new attack signatures without human intervention. A signature-based intrusion detection system is built using C5 classifiers, while an anomaly-based system is built using the LSTM (Long-Short Term Memory) algorithm. Anomalies detected by the LSTM model are fed into a signature generator to extract attributes, which are then used to update the C5 training set. The model was evaluated on the UNSW-NB15 and ADFA-LD datasets. The experimental results demonstrated better detection rates for both known and unknown attacks compared to conventional models. As the proposed model learns, its performance improves and eliminates human intervention when updating training data. The results indicate the proposed self-healing intrusion detection system offers a promising approach for enhancing cybersecurity defenses.
Appearing in Discover Artificial Intelligence, this research aligns with the journal’s focus on innovative AI applications and their impact on various fields. The development of a self-healing intrusion detection system contributes to the journal’s exploration of AI’s potential in cybersecurity and its ability to address complex real-world challenges. This should be relevant to other research in artificial intelligence.