Abstract
In this work, we investigate the ability of genetic programming techniques to evolve valid network patterns, while avoiding detectability by obfuscating the intent of the traffic. In order to validate our system’s capabilities, we choose to evolve a port scan attack while running the packets through an Intrusion Detection System (IDS). In turn, the evolutionary process uses feedback such that it minimizes the alarms raised while port scanning across a network range. Results build off of previous work allow us to further analyze and understand what the role of introns, code bloat, play in the systems ability to reduce the detectability of it malicious behaviour.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Heywood, M.I., Zincir-Heywood, A.N.: Dynamic page based crossover in linear genetic programming. IEEE Transactions on Systems, Man, and Cybernetics: Part B - Cybernetics 32(3), 380–388 (2002)
Nordin, P.: A compiling genetic programming system that directly manipulates the machine code. In: Kinnear Jr., K.E. (ed.) Advances in Genetic Programming, pp. 311–331. MIT Press, Cambridge (1994)
Kayacik, H.G., Heywood, M.I., Zincir-Heywood, A.N.: Evolving buffer overflow attacks with detector feedback. In: Giacobini, M. (ed.) EvoWorkshops 2007. LNCS, vol. 4448, pp. 11–20. Springer, Heidelberg (2007)
LaRoche, P., Zincir-Heywood, N., Heywood, M.: Evolving tcp/ip packets: A case study of port scans. In: Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (2009)
Snort. org: Snort ids (March 2009)
Ashfaq, A.B., Robert, M.J., Mumtaz, A., Ali, M.Q., Sajjad, A., Khayam, S.A.: A comparative evaluation of anomaly detectors under portscan attacks. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 351–371. Springer, Heidelberg (2008)
Symantec: Global Internet Security Threat Report trends for July-December 2007, vol. XIII, Symantec (2008)
Panjwani, S., Tan, S., Jarrin, K.M.: An experimental evaluation to determine if port scans are precursors to an attack. In: DSN 2005: Proceedings of the 2005 International Conference on Dependable Systems and Networks, pp. 602–611. IEEE Computer Society, Washington (2005)
Soule, T., Professor, M., Foster, J.A., Foster, J.A., Alves-foss, J., Frenzel, J.F., Frincke, D., Jacobsen, R.T., Shreeve, J.M.: Code growth in genetic programming (1998)
Koza, J.R.: Genetic programming as a means for programming computers by natural selection. Stat. Comput. 4, 191–198 (1994)
Nordin, P., Francone, F., Banzhaf, W.: Explicitly defined introns and destructive crossover in genetic programming (1995)
Kayacik, H.G., Heywood, M., Zincir-Heywood, N.: On evolving buffer overflow attacks using genetic programming. In: GECCO 2006: Proceedings of the 8th annual conference on Genetic and evolutionary computation, pp. 1667–1674. ACM, New York (2006)
Huelsbergen, L.: Toward simulated evolution of machine language iteration. In: Koza, J.R., Goldberg, D.E., Fogel, D.B., Riolo, R.L. (eds.) Genetic Programming 1996: Proceedings of the First Annual Conference, Stanford University, CA, USA, pp. 315–320. MIT Press, Cambridge (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
LaRoche, P., Zincir-Heywood, N., Heywood, M.I. (2010). Using Code Bloat to Obfuscate Evolved Network Traffic. In: Di Chio, C., et al. Applications of Evolutionary Computation. EvoApplications 2010. Lecture Notes in Computer Science, vol 6025. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12242-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-12242-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12241-5
Online ISBN: 978-3-642-12242-2
eBook Packages: Computer ScienceComputer Science (R0)