Testing Detector Parameterization Using Evolutionary Exploit Generation

Kayacık, Hilmi G.; Zincir-Heywood, A. Nur; Heywood, Malcolm I.; Burschka, Stefan

doi:10.1007/978-3-642-01129-0_13

Hilmi G. Kayacık²⁵,
A. Nur Zincir-Heywood²⁵,
Malcolm I. Heywood²⁵ &
…
Stefan Burschka²⁶

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 5484))

Included in the following conference series:

Workshops on Applications of Evolutionary Computation

2057 Accesses

Abstract

The testing of anomaly detectors is considered from the perspective of a Multi-objective Evolutionary Exploit Generator (EEG). Such a framework provides users of anomaly detection systems two capabilities. Firstly, no knowledge of protected data structures need be assumed. Secondly, the evolved exploits are then able to demonstrate weaknesses in the ensuing detector parameterization. In this work we focus on the parameterization of the second generation anomaly detector ‘pH’ and demonstrate how use of an EEG may identify weak parameterization of the detector.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Kayacik, H.G., Heywood, M., Zincir-Heywood, N.: On evolving buffer overflow attacks using genetic programming. In: Proceedings of the Conference on Genetic and Evolutionary Computation (GECCO), SIGEVO, pp. 1667–1674. ACM, New York (2006)
Google Scholar
Forrest, S., Hofmeyr, S.A., Somayaji, A.B., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 120–128 (1996)
Google Scholar
Kayacik, H.G., Heywood, M., Zincir-Heywood, N.: Evolving buffer overflow attacks with detector feedback. In: Giacobini, M. (ed.) EvoWorkshops 2007. LNCS, vol. 4448, pp. 11–20. Springer, Heidelberg (2007)
Google Scholar
Somayaji, A.B.: Operating system stability and security through process homeostasis. PhD thesis, The University of New Mexico (2002)
Google Scholar
Goldberg, D.E.: Genetic Algorithms in Search Optimization and Machine Learning. Addison-Wesley, Reading (1989)
MATH Google Scholar
Deb, K.: Multi-Objective Optimization using Evolutionary Algorithms. John Wiley and Sons, Chichester (2001)
MATH Google Scholar
Kumar, R., Rockett, P.: Improved sampling of the pareto-front in multiobjective genetic optimizations by steady-state evolution. Evolutionary Computation 10(3), 283–314 (2002)
Article Google Scholar
Tan, K., Killourhy, K., Maxion, R.: Undermining an anomaly-based Intrusion Detection System using common exploits. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 54–73. Springer, Heidelberg (2002)
Chapter Google Scholar
SecurityFocus: Lbnl traceroute heap corruption vulnerability (last accessed June 2008), http://www.securityfocus.com/bid/1739

Download references

Author information

Authors and Affiliations

Faculty of Computer Science, Dalhousie University, 6050 University Avenue, Halifax NS, B3H 1W5, Canada
Hilmi G. Kayacık, A. Nur Zincir-Heywood & Malcolm I. Heywood
Software & Security Technologies, Swisscom Innovations, Switzerland
Stefan Burschka

Authors

Hilmi G. Kayacık
View author publications
You can also search for this author in PubMed Google Scholar
A. Nur Zincir-Heywood
View author publications
You can also search for this author in PubMed Google Scholar
Malcolm I. Heywood
View author publications
You can also search for this author in PubMed Google Scholar
Stefan Burschka
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Animal Production Epidemiology and Ecology, University of Torino, Via Leonardo da Vinci 44, 10095, Grugliasco, Italy
Mario Giacobini
Quinn School of Business, Belfield, University College Dublin, Dublin 4, Ireland
Anthony Brabazon
Department of Computer Engineering, University of Parma, Viale Usberti 181/a, 43100, Parma, Italy
Stefano Cagnoni
Dalla Molle Institute for Artificial Intelligence (IDSIA), Gallelria 2, 6928, Manno-Lugano, Switzerland
Gianni A. Di Caro
School of Engineering and Applied Science,Aston Triangle, Aston University, B4 7ET, Birmingham, UK
Anikó Ekárt
Complex Adaptive Systems Group, Instituto Tecnológico de Informática, Ciudad PolitŽcnica de la Innovacin, Edif. 8G Acceso B, 46022, Valencia, Spain
Anna Isabel Esparcia-Alcázar
Next Generation Itelligent Networks Research Center (nexGIN RC), National University of Computer and Emerging Sciences (NUCES), Islamabad, Pakistan
Muddassar Farooq
Faculty of Economics and Social Sciences, Helmut-Schmidt-University, Holstenhofweg 85, 22043, Hamburg, Germany
Andreas Fink
Department of Informatics Engineering, Polo II - Pinhal de Marrocos, University of Coimbra, 3030 - 290, Coimbra, Portugal
Penousal Machado

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kayacık, H.G., Zincir-Heywood, A.N., Heywood, M.I., Burschka, S. (2009). Testing Detector Parameterization Using Evolutionary Exploit Generation. In: Giacobini, M., et al. Applications of Evolutionary Computing. EvoWorkshops 2009. Lecture Notes in Computer Science, vol 5484. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01129-0_13

Download citation

DOI: https://doi.org/10.1007/978-3-642-01129-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01128-3
Online ISBN: 978-3-642-01129-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics