Automatically Evading IDS Using GP Authored Attacks

Author

H. Gunes Kayacik;A. Nur Zincir-Heywood;Malcolm I. Heywood

Author_Institution

Dalhousie University, Faculty of Computer Science, 6050 University Avenue, Halifax, Nova Scotia. B3H 1W5

fYear

2007

fDate

4/1/2007 12:00:00 AM

Firstpage

153

Lastpage

160

Abstract

A mimicry attack is a type of attack where the basic steps of a minimalist ´core´ attack are used to design multiple attacks achieving the same objective from the same application. Research in mimicry attacks is valuable in determining and eliminating weaknesses of detectors. In this work, we provide a genetic programming based automated process for designing all components of a mimicry attack relative to the Stide detector under a vulnerable Traceroute application. Results indicate that the automatic process is able to generate mimicry attacks that reduce the alarm rate from ~65% of the original attack, to ~2.7%, effectively making the attack indistinguishable from normal behaviors

Keywords

"Intrusion detection","Detectors","Genetic programming","System testing","Application software","Process design","Computational intelligence","Computer security","Computer science","Cryptographic protocols"

Publisher

ieee

Conference_Titel

Computational Intelligence in Security and Defense Applications, 2007. CISDA 2007. IEEE Symposium on

ISSN

2329-6267

Print_ISBN

1-4244-0700-1

Electronic_ISBN

2329-6275

Type

conf

DOI

10.1109/CISDA.2007.368148

Filename

4219095

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3625053