• DocumentCode
    2593103
  • Title

    A Functional Framework to Evade Network IDS

  • Author

    Pastrana, Sergio ; Orfila, Agustin ; Ribagorda, Arturo

  • Author_Institution
    Carlos III Univ. of Madrid, Madrid, Spain
  • fYear
    2011
  • fDate
    4-7 Jan. 2011
  • Firstpage
    1
  • Lastpage
    10
  • Abstract
    Signature based Network Intrusion Detection Systems (NIDS) apply a set of rules to identify hostile traffic in network segments. Currently they are so effective detecting known attacks that hackers seek new techniques to go unnoticed. Some of these techniques consist of exploiting network protocols ambiguities. Nowadays NIDS are prepared against most of these evasive techniques, as they are recognized and sorted out. The emergence of new evasive forms may cause NIDS to fail. In this paper we present an innovative functional framework to evade NIDS. Primary, NIDS are modeled accurately by means of Genetic Programming (GP). Then, we show that looking for evasions on models is simpler than directly trying to understand the behavior of NIDS. We present a proof of concept showing how to evade a self-built NIDS regarding two publicly available datasets. Our framework can be used to audit NIDS.
  • Keywords
    cryptographic protocols; digital signatures; genetic algorithms; security of data; genetic programming; network IDS; network intrusion detection systems; network protocols; network segments; signature based NIDS; Analytical models; Genetic programming; Intrusion detection; Protocols; Testing; Training;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences (HICSS), 2011 44th Hawaii International Conference on
  • Conference_Location
    Kauai, HI
  • ISSN
    1530-1605
  • Print_ISBN
    978-1-4244-9618-1
  • Type

    conf

  • DOI
    10.1109/HICSS.2011.12
  • Filename
    5718700
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2593103