Network protocol discovery and analysis via live interaction

Authors:
Patrick LaRoche;A. Nur Zincir-Heywood;Malcolm I. Heywood
Affiliations:
Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada;Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada;Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada
Venue:
EvoApplications'12 Proceedings of the 2012t European conference on Applications of Evolutionary Computation
Year:
2012

Citing 12
Cited 0

A compiling genetic programming system that directly manipulates the machine code

Advances in genetic programming
Integrated TCP/IP Protocol Software Testing for Vulnerability Detection

ICCNMC '03 Proceedings of the 2003 International Conference on Computer Networks and Mobile Computing
SCL: a language for security testing of network applications

CASCON '05 Proceedings of the 2005 conference of the Centre for Advanced Studies on Collaborative research
Evolving Successful Stack Overflow Attacks for Vulnerability Testing

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Communication Protocol Evolution by Natural Selection

CIMCA '06 Proceedings of the International Conference on Computational Inteligence for Modelling Control and Automation and International Conference on Intelligent Agents Web Technologies and International Commerce
Polyglot: automatic extraction of protocol message format using dynamic binary analysis

Proceedings of the 14th ACM conference on Computer and communications security
Evolving Buffer Overflow Attacks with Detector Feedback

Proceedings of the 2007 EvoWorkshops 2007 on EvoCoMnet, EvoFIN, EvoIASP,EvoINTERACTION, EvoMUSART, EvoSTOC and EvoTransLog: Applications of Evolutionary Computing
Toward simulated evolution of machine-language iteration

GECCO '96 Proceedings of the 1st annual conference on Genetic and evolutionary computation
Evolving TCP/IP packets: a case study of port scans

CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Novelty-Based fitness: an evaluation under the santa fe trail

EuroGP'10 Proceedings of the 13th European conference on Genetic Programming
Using code bloat to obfuscate evolved network traffic

EvoCOMNET'10 Proceedings of the 2010 international conference on Applications of Evolutionary Computation - Volume Part II
Dynamic page based crossover in linear genetic programming

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this work, we explore the use of evolutionary computing toward protocol analysis. The ability to discover, analyse, and experiment with unknown protocols is paramount within the realm of network security; our approach to this crucial analysis is to interact with a network service, discovering sequences of commands that do not result in error messages. In so doing, our work investigates the real-life responses of a service, allowing for exploration and analysis of the protocol in question. Our system initiates sequences of commands randomly, interacts with and learns from the responses, and modifies its next set of sequences accordingly. Such an exploration results in a set of command sequences that reflect correct uses of the service in testing. These discovered sequences can then be used to identify the service, unforeseen uses of the service, and, most importantly, potential weaknesses.