Modeling NIDS Evasion with Genetic Programming

Created by W.Langdon from gp-bibliography.bib Revision:1.4202

  author =       "Sergio Pastrana and Agustin Orfila and 
                 Arturo Ribagorda",
  title =        "Modeling {NIDS} Evasion with Genetic Programming",
  booktitle =    "Proceedings of the 2010 International Conference on
                 Security \& Management, {SAM} 2010, July 12-15, 2010,
                 Las Vegas Nevada, {USA}, 2 Volumes",
  publisher =    "CSREA Press",
  year =         "2010",
  editor =       "Hamid R. Arabnia and Kevin Daimi and 
                 Michael R. Grimaila and George Markowsky and Selim Aissi and 
                 Victor A. Clincy and Leonidas Deligiannidis and 
                 Donara Gabrielyan and Gevorg Margarov and Ashu M. G. Solo and 
                 Craig Valli and Patricia A. H. Williams",
  isbn13 =       "1-60132-163-5",
  pages =        "444--448",
  keywords =     "genetic algorithms, genetic programming, Intrusion
                 Detection, Evasion, Network security, C4.5",
  URL =          "",
  size =         "6 pages",
  abstract =     "Nowadays, Network Intrusion Detection Systems are
                 quickly updated in order to prevent systems against new
                 attacks. This situation has provoked that attackers
                 focus their efforts on new sophisticated evasive
                 techniques when trying to attack a system.
                 Unfortunately, most of these techniques are based on
                 network protocols ambiguities [1], so NIDS designers
                 must take them into account when updating their tools.
                 In this paper, we present a new approach to improve the
                 task of looking for new evasive techniques. The core of
                 our work is to model existing NIDS using the Genetic
                 Programming paradigm. Thus, we obtain models that
                 simulate the behaviour of NIDS with great precision,
                 but with a much simpler semantics than the one of the
                 NIDS. Looking for this easier semantics allows us to
                 easily construct evasions on the model, and therefore
                 on the NIDS, as their behavior is quite similar. Our
                 results show how precisely GP can model a NIDS
  bibdate =      "2010-12-10",
  bibsource =    "DBLP,

Genetic Programming entries for Sergio Pastrana Portillo Agustin Orfila Diaz-Pabon D Arturo Ribagorda Garnacho