Automatically evading IDS using GP authored attacks

Proceedings of the 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications, CISDA 2007

Volumn , Issue , 2007, Pages 153-160

  Kayacik, H Güneş ^a   Zincir Heywood, A Nur ^a   Heywood, Malcolm I ^a  

^a DALHOUSIE UNIVERSITY   (Canada)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATION; DETECTORS; GENETIC PROGRAMMING; SECURITY SYSTEMS;

ALARM RATE; MIMICRY ATTACKS;

INTRUSION DETECTION;

EID: 34548774169     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CISDA.2007.368148     Document Type: Conference Paper

References (18)

1. C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna, Automating mimicry attacks using static binary analysis, Proceedings of the USENIX Security Symposium, pp. 161-176, 2003.
2. Stide, http://www.cs.unm.edu/~immsec/data-sets.htm, Last accessed May 2006.
3. Vigna, G., Robertson, W., Balzarotti D., Testing Network Based Intrusion Deteotion Signatures Using Mutant Exploits, ACM Conference on Computer Security, pp. 21-30, 2004.
4. T. H. Ptacek and T. N. Newsham, Insertion, Evasion and Denial of Service: Eluding Network Intrusion Detection. Technical Report, Secure Networks, January 1998.
5. H. G. Kayacik, A. N. Zincir-Heywood, M. I. Heywood, Evolving Successful Stack Overflow Attacks for Vulnerability Testing, 21st Annual Computer Security Applications Conference, pp. 225-234, 2005.
6. H. G. Kayacik, M. I. Heywood, A. N. Zincir-Heywood. On Evolving Buffer Overflow Attacks using Genetic Programming. Proceedings of the Genetic and Evolutionary Computation Conference, (GECCO'06). SIG EVO, ACM Press, pp. 1667-1673, 2006.
7. D. Wagner and P. Soto, Mimicry attacks on host based intrusion, detection systems, ACM Conference on Computer and Communications Security, pp. 255-264, 2002.
8. Tan, K. M. C., Killourhy, K. S., Maxion, R. A., Undermining an Anomaly-based Intrusion Detection System using Common Exploits, RAID'2002, LNCS 2516, pp 54-73, 2002.
9. K. M. C. Tan, J. McHugh, K. S. Killourhy, Hiding Intrusions: From the Abnormal to the Normal and Beyond, Symposium on Information Hiding, pp. 1-17, 2002.
10. D. Mutz, E. Valeur, G. Vigna, C. Kruegel, Anomalous: System Call Detection, ACM Transactions on Information system and Security, 9(1), pp. 61-93, Feb 2006.
11. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T.A. Longstaff A sense of self for unix processes. In Proceedings of the IEEE Symposium on Security and Privacy, pp. 120-128, 1996.
12. R. Sekar, M. Bendre, D. Dhurjati & P. Bollineni. A Fast Automation-based Method for Detecting Anomalous Program Behavior, IEEE Symposium on Security and Privacy pp. 144-155, 2001.
13. H. Feng, O. Kplesnikoy, P. Fogla, W. Lee, and W. Gong, Anomaly detection using call stack information, IEEE Symposium on Security and Privacy, pp. 62-75, 2003.
14. D. Wagner and D. Dean, Intrusion detection via static analysis. IEEE Symposium on Security and Privacy, pp. 156, 2001.
15. Wespi, A., Dacier, M., and Debar, H., Intrusion Detection Using Variable-Length Audit Trail Patterns, RAID'2000, LNCS 1907, pp. 110-129, 2000.
16. Banzhaf W., Nordin P., Keller R. E., Franoone F. D., Genetic Programming: An Introduction. Morgan Kaufmann, 1998.
17. Securiteam, Linux Traceroute Exploit Code Released, http://www. securiteam.com/exploits/6A00AIF5OM.htm, Last accessed May 2006.
18. M. I. Heywood, A. N. Zincir-Heywood, Dynamic Page Based Crossover in Linear Genetic Programming, IEEE Transactions on Systems, Man and Cybernetics - Part B, 32(3), pp 360-388, 2002.