Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Practical automated detection of stealthy portscans
Journal of Computer Security
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
On evolving buffer overflow attacks using genetic programming
Proceedings of the 8th annual conference on Genetic and evolutionary computation
Very fast containment of scanning worms
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Using code bloat to obfuscate evolved network traffic
EvoCOMNET'10 Proceedings of the 2010 international conference on Applications of Evolutionary Computation - Volume Part II
Network protocol discovery and analysis via live interaction
EvoApplications'12 Proceedings of the 2012t European conference on Applications of Evolutionary Computation
Hi-index | 0.00 |
In this work, we investigate the ability of genetic programming techniques to evolve valid network packets, including all relevant header values, towards a specific goal. We see this as a first step in building a fuzzing system that can learn to adapt for vulnerability analysis. By developing a system that learns the packets that are required to be transmitted towards targets, using feedback from an external network source, we make a step towards having a system that can intelligently explore the capabilities of a given security system. In order to validate our system's capabilities we evolve a variety of port scan patterns while running the packets through an IDS, with the goal to minimizes the alarms raised during the scanning process. Results show that the system not only successfully evolves valid TCP packets, but also remains stealthy in its activity.