Mimicry attacks on host-based intrusion detection systems
Proceedings of the 9th ACM conference on Computer and communications security
Testing network-based intrusion detection signatures using mutant exploits
Proceedings of the 11th ACM conference on Computer and communications security
Evolving computer intrusion scripts for vulnerability assessment and log analysis
GECCO '05 Proceedings of the 7th annual conference on Genetic and evolutionary computation
Evolving Successful Stack Overflow Attacks for Vulnerability Testing
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Undermining an anomaly-based intrusion detection system using common exploits
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
A linear genetic programming approach to intrusion detection
GECCO'03 Proceedings of the 2003 international conference on Genetic and evolutionary computation: PartII
Training genetic programming on half a million patterns: an example from anomaly detection
IEEE Transactions on Evolutionary Computation
Dynamic page based crossover in linear genetic programming
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Biologically-inspired Complex Adaptive Systems approaches to Network Intrusion Detection
Information Security Tech. Report
Computer defense using artificial intelligence
SpringSim '07 Proceedings of the 2007 spring simulation multiconference - Volume 3
A systematic review of search-based testing for non-functional system properties
Information and Software Technology
Testing Detector Parameterization Using Evolutionary Exploit Generation
EvoWorkshops '09 Proceedings of the EvoWorkshops 2009 on Applications of Evolutionary Computing: EvoCOMNET, EvoENVIRONMENT, EvoFIN, EvoGAMES, EvoHOT, EvoIASP, EvoINTERACTION, EvoMUSART, EvoNUM, EvoSTOC, EvoTRANSLOG
Multiobjective classification with moGEP: an application in the network traffic domain
Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Evolving Buffer Overflow Attacks with Detector Feedback
Proceedings of the 2007 EvoWorkshops 2007 on EvoCoMnet, EvoFIN, EvoIASP,EvoINTERACTION, EvoMUSART, EvoSTOC and EvoTransLog: Applications of Evolutionary Computing
Optimizing anomaly detector deployment under evolutionary black-box vulnerability testing
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
Evolving TCP/IP packets: a case study of port scans
CISDA'09 Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications
A general model and guidelines for attack manifestation generation
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Using code bloat to obfuscate evolved network traffic
EvoCOMNET'10 Proceedings of the 2010 international conference on Applications of Evolutionary Computation - Volume Part II
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
| Hi-index | 0.01 |
In this work, we employed genetic programming to evolve a "white hat" attacker; that is to say, we evolve variants of an attack with the objective of providing better detectors. Assuming a generic buffer overflow exploit, we evolve variants of the generic attack, with the objective of evading detection by signature-based methods. To do so, we pay particular attention to the formulation of an appropriate fitness function and partnering instruction set. Moreover, by making use of the intron behavior inherent in the genetic programming paradigm, we are able to explicitly obfuscate the true intent of the code. All the resulting attacks defeat the widely used 'Snort' Intrusion Detection System.