Title :
Optimizing anomaly detector deployment under evolutionary black-box vulnerability testing
Author :
Kayack, H.G. ; Zincir-Heywood, N. ; Heywood, Nur Zincir ; Burschka, Stefan
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada
Abstract :
This work focuses on testing anomaly detectors from the perspective of a Multi-objective Evolutionary Exploit Generator (EEG). Such a framework provides users of anomaly detection systems two capabilities. Firstly, no knowledge of protected data structures need to be assumed (i.e. the detector is a black-box), where the time, knowledge and availability of tools to perform such an analysis might not be generally available. Secondly, the evolved exploits are then able to demonstrate weaknesses in the ensuing detector parameterization. Therefore, the system administrator can identify the suitable parameters for the effective operation of the detector. EEG is employed against two second generation anomaly detectors, namely pH and pH with schema mask, on four UNIX applications in order to perform a vulnerability assessment and make a comparison between the two detectors.
Keywords :
Unix; evolutionary computation; program testing; security of data; UNIX application; anomaly detector deployment; detector parameterization; evolutionary black box vulnerability testing; multiobjective evolutionary exploit generator; schema mask; suitable parameter identification; system administrator; vulnerability assessment; Abstracts; Buffer overflow; Computational intelligence; Counting circuits; Data structures; Delay; Detectors; Electroencephalography; Security; Testing;
Conference_Titel :
Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on
Conference_Location :
Ottawa, ON
Print_ISBN :
978-1-4244-3763-4
Electronic_ISBN :
978-1-4244-3764-1
DOI :
10.1109/CISDA.2009.5356546
