Evolving TCP/IP packets: a case study of port scans

Authors:
Patrick LaRoche;Nur Zincir-Heywood;Malcolm I. Heywood
Affiliations:
Faculty of Computer Science, Dalhousie University of Halifax, Nova Scotia, Canada;Faculty of Computer Science, Dalhousie University of Halifax, Nova Scotia, Canada;Faculty of Computer Science, Dalhousie University of Halifax, Nova Scotia, Canada
Venue:
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Year:
2009

Citing 7
Cited 3

Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
Mimicry attacks on host-based intrusion detection systems

Proceedings of the 9th ACM conference on Computer and communications security
Practical automated detection of stealthy portscans

Journal of Computer Security
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
An Experimental Evaluation to Determine if Port Scans are Precursors to an Attack

DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
On evolving buffer overflow attacks using genetic programming

Proceedings of the 8th annual conference on Genetic and evolutionary computation
Very fast containment of scanning worms

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Can a good offense be a good defense? Vulnerability testing of anomaly detectors through an artificial arms race

Applied Soft Computing
Using code bloat to obfuscate evolved network traffic

EvoCOMNET'10 Proceedings of the 2010 international conference on Applications of Evolutionary Computation - Volume Part II
Network protocol discovery and analysis via live interaction

EvoApplications'12 Proceedings of the 2012t European conference on Applications of Evolutionary Computation

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this work, we investigate the ability of genetic programming techniques to evolve valid network packets, including all relevant header values, towards a specific goal. We see this as a first step in building a fuzzing system that can learn to adapt for vulnerability analysis. By developing a system that learns the packets that are required to be transmitted towards targets, using feedback from an external network source, we make a step towards having a system that can intelligently explore the capabilities of a given security system. In order to validate our system's capabilities we evolve a variety of port scan patterns while running the packets through an IDS, with the goal to minimizes the alarms raised during the scanning process. Results show that the system not only successfully evolves valid TCP packets, but also remains stealthy in its activity.