Optimizing anomaly detector deployment under evolutionary black-box vulnerability testing

Authors:
Hilmi Günes Kayacik;Nur Zincir-Heywood;Malcolm Heywood;Stefan Burschka
Affiliations:
Faculty of Computer Science, Dalhousie University, Canada;Faculty of Computer Science, Dalhousie University, Canada;Faculty of Computer Science, Dalhousie University, Canada;Swisscom Innovations Inc., Switzerland
Venue:
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Year:
2009

Citing 13
Cited 0

Genetic programming: an introduction: on the automatic evolution of computer programs and its applications

Genetic programming: an introduction: on the automatic evolution of computer programs and its applications
Genetic Algorithms in Search, Optimization and Machine Learning

Genetic Algorithms in Search, Optimization and Machine Learning
Multi-Objective Optimization Using Evolutionary Algorithms

Multi-Objective Optimization Using Evolutionary Algorithms
Mimicry attacks on host-based intrusion detection systems

Proceedings of the 9th ACM conference on Computer and communications security
Improved sampling of the Pareto-front in multiobjective genetic optimizations by steady-state evolution: a Pareto converging genetic algorithm

Evolutionary Computation
Hiding Intrusions: From the Abnormal to the Normal and Beyond

IH '02 Revised Papers from the 5th International Workshop on Information Hiding
A Sense of Self for Unix Processes

SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Operating system stability and security through process homeostasis

Operating system stability and security through process homeostasis
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
On evolving buffer overflow attacks using genetic programming

Proceedings of the 8th annual conference on Genetic and evolutionary computation
Automating mimicry attacks using static binary analysis

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Mimicry Attacks Demystified: What Can Attackers Do to Evade Detection?

PST '08 Proceedings of the 2008 Sixth Annual Conference on Privacy, Security and Trust
Undermining an anomaly-based intrusion detection system using common exploits

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

This work focuses on testing anomaly detectors from the perspective of a Multi-objective Evolutionary Exploit Generator (EEG). Such a framework provides users of anomaly detection systems two capabilities. Firstly, no knowledge of protected data structures need to be assumed (i.e. the detector is a black-box), where the time, knowledge and availability of tools to perform such an analysis might not be generally available. Secondly, the evolved exploits are then able to demonstrate weaknesses in the ensuing detector parameterization. Therefore, the system administrator can identify the suitable parameters for the effective operation of the detector. EEG is employed against two second generation anomaly detectors, namely pH and pH with schema mask, on four UNIX applications in order to perform a vulnerability assessment and make a comparison between the two detectors.