Evolutionary computation as an artificial attacker: generating evasion attacks for detector vulnerability testing

Created by W.Langdon from gp-bibliography.bib Revision:1.4549

  author =       "Hilmi Gunes Kayacik and A. Nur Zincir-Heywood and 
                 Malcolm I. Heywood",
  title =        "Evolutionary computation as an artificial attacker:
                 generating evasion attacks for detector vulnerability
  journal =      "Evolutionary Intelligence",
  year =         "2011",
  volume =       "4",
  number =       "4",
  pages =        "243--266",
  month =        dec,
  keywords =     "genetic algorithms, genetic programming, Engineering,
                 Computer security, Intrusion detection, Anomaly
                 detection, Evasion attacks, Evolutionary computation,
                 Artificial arms race",
  ISSN =         "1864-5909",
  publisher =    "Springer",
  DOI =          "doi:10.1007/s12065-011-0065-0",
  size =         "24 pages",
  abstract =     "Intrusion detection systems protect our
                 infrastructures by monitoring for signs of intrusions.
                 However, intrusion detection systems are themselves
                 susceptible to vulnerabilities, which the attackers
                 take advantage of to evade detection. In particular, we
                 focus on evasion attacks in which the attacker aims to
                 generate a stealthy attack that eliminates or minimises
                 the likelihood of detection. Attackers achieve stealth
                 by mimicking normal behaviour while achieving the
                 attack goals, hence bypassing the detector. Previous
                 work focused on generating evasion attacks using the
                 internal knowledge of the detectors, hence adopting a
                 'white-box' access to the detector. On the other hand,
                 we adopt a 'black-box' approach and propose an
                 evolutionary attacker based on Genetic Programming. The
                 access of our 'black-box' approach is limited to the
                 feedback of the detector such as anomaly rates and
                 delays. We compare our black-box approach with various
                 white-box approaches to investigate its effectiveness.
                 In doing so, the impact of anomalies from the break-in
                 stage of the attacks and the delays based on locality
                 frame counts are also discussed. This is particularly
                 important if the performance comparison is to reflect
                 the real capabilities of detectors.",
  affiliation =  "School of Computer Science, Carleton University, 1125
                 Colonel By Drive, Ottawa, ON K1S 5B6, Canada",

Genetic Programming entries for Hilmi Gunes Kayacik Nur Zincir-Heywood Malcolm Heywood