Skip to main content
SpringerLink
Log in
Book cover

European Conference on the Applications of Evolutionary Computation

EvoApplications 2010: Applications of Evolutionary Computation pp 101–110Cite as

Using Code Bloat to Obfuscate Evolved Network Traffic

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 6025))

Abstract

In this work, we investigate the ability of genetic programming techniques to evolve valid network patterns, while avoiding detectability by obfuscating the intent of the traffic. In order to validate our system’s capabilities, we choose to evolve a port scan attack while running the packets through an Intrusion Detection System (IDS). In turn, the evolutionary process uses feedback such that it minimizes the alarms raised while port scanning across a network range. Results build off of previous work allow us to further analyze and understand what the role of introns, code bloat, play in the systems ability to reduce the detectability of it malicious behaviour.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Heywood, M.I., Zincir-Heywood, A.N.: Dynamic page based crossover in linear genetic programming. IEEE Transactions on Systems, Man, and Cybernetics: Part B - Cybernetics 32(3), 380–388 (2002)

    Article  Google Scholar 

  2. Nordin, P.: A compiling genetic programming system that directly manipulates the machine code. In: Kinnear Jr., K.E. (ed.) Advances in Genetic Programming, pp. 311–331. MIT Press, Cambridge (1994)

    Google Scholar 

  3. Kayacik, H.G., Heywood, M.I., Zincir-Heywood, A.N.: Evolving buffer overflow attacks with detector feedback. In: Giacobini, M. (ed.) EvoWorkshops 2007. LNCS, vol. 4448, pp. 11–20. Springer, Heidelberg (2007)

    Google Scholar 

  4. LaRoche, P., Zincir-Heywood, N., Heywood, M.: Evolving tcp/ip packets: A case study of port scans. In: Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (2009)

    Google Scholar 

  5. Snort. org: Snort ids (March 2009)

    Google Scholar 

  6. Ashfaq, A.B., Robert, M.J., Mumtaz, A., Ali, M.Q., Sajjad, A., Khayam, S.A.: A comparative evaluation of anomaly detectors under portscan attacks. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 351–371. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Symantec: Global Internet Security Threat Report trends for July-December 2007, vol. XIII, Symantec (2008)

    Google Scholar 

  8. Panjwani, S., Tan, S., Jarrin, K.M.: An experimental evaluation to determine if port scans are precursors to an attack. In: DSN 2005: Proceedings of the 2005 International Conference on Dependable Systems and Networks, pp. 602–611. IEEE Computer Society, Washington (2005)

    Chapter  Google Scholar 

  9. Soule, T., Professor, M., Foster, J.A., Foster, J.A., Alves-foss, J., Frenzel, J.F., Frincke, D., Jacobsen, R.T., Shreeve, J.M.: Code growth in genetic programming (1998)

    Google Scholar 

  10. Koza, J.R.: Genetic programming as a means for programming computers by natural selection. Stat. Comput. 4, 191–198 (1994)

    Article  Google Scholar 

  11. Nordin, P., Francone, F., Banzhaf, W.: Explicitly defined introns and destructive crossover in genetic programming (1995)

    Google Scholar 

  12. Kayacik, H.G., Heywood, M., Zincir-Heywood, N.: On evolving buffer overflow attacks using genetic programming. In: GECCO 2006: Proceedings of the 8th annual conference on Genetic and evolutionary computation, pp. 1667–1674. ACM, New York (2006)

    Chapter  Google Scholar 

  13. Huelsbergen, L.: Toward simulated evolution of machine language iteration. In: Koza, J.R., Goldberg, D.E., Fogel, D.B., Riolo, R.L. (eds.) Genetic Programming 1996: Proceedings of the First Annual Conference, Stanford University, CA, USA, pp. 315–320. MIT Press, Cambridge (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada

    Patrick LaRoche, Nur Zincir-Heywood & Malcolm I. Heywood

Authors
  1. Patrick LaRoche
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nur Zincir-Heywood
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Malcolm I. Heywood
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Statistics, University of Strathclyde, 16 Richmond Street, G1 1XQ, Glasgow, UK

    Cecilia Di Chio

  2. School of Business, University College Dublin, Belfield, Dublin 4, UK

    Anthony Brabazon

  3. ’Dalla Molle’ Institute for Artificial Intelligence (IDSIA), Galleria 2, 6928, Manno-Lugano, Switzerland

    Gianni A. Di Caro

  4. Wilhelm Schickard-Institut für Informatik, Universität Tübingen, Sand 1, 72076, Tübingen, Germany

    Marc Ebner

  5. National University of Computer and Emerging Sciences (NUCES), A.K. Brohi Road, H-11/4, Islamabad, Pakistan

    Muddassar Farooq

  6. Fakultät für WiSo, HelmutSchmidt-Universität, Holstenhofweg 85, 22043, Hamburg, Germany

    Andreas Fink

  7. Department of Information Systems, Johannes Gutenberg-Universität, 55099, Mainz, Germany

    Jörn Grahl

  8. Mathematics and Computer Science Depatment, University of Richmond, 23173, Richmond, VA, USA

    Gary Greenfield

  9. Department of Informatics Engineering, Polo II - Pinhal de Marrocos, University of Coimbra, 3030 - 290, Coimbra, Portugal

    Penousal Machado

  10. School of Computer Science and Informatics, University College Dublin, Belfield, Dublin 4, UK

    Michael O’Neill

  11. Istituto di Calcolo e Reti ad Alte Prestazioni (ICAR), Consiglio Nazionale delle Ricerche (CNR), Via P. Castellino 111, 80131, Naples, Italy

    Ernesto Tarantino

  12. School of Computing, Edinburgh Napier University, 10 Clinton Road, EH10 5DT, Edinburgh, UK

    Neil Urquhart

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

LaRoche, P., Zincir-Heywood, N., Heywood, M.I. (2010). Using Code Bloat to Obfuscate Evolved Network Traffic. In: Di Chio, C., et al. Applications of Evolutionary Computation. EvoApplications 2010. Lecture Notes in Computer Science, vol 6025. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12242-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12242-2_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12241-5

  • Online ISBN: 978-3-642-12242-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation