Evolving Buffer Overflow Attacks with Detector Feedback

Created by W.Langdon from gp-bibliography.bib Revision:1.3973

@InProceedings{kayacik:evows07,
  author =       "H. Gunes Kayacik and Malcolm Iain Heywood and 
                 A. Nur Zincir-Heywood",
  title =        "Evolving Buffer Overflow Attacks with Detector
                 Feedback",
  booktitle =    "Applications of Evolutionary Computing,
                 EvoWorkshops2007: {EvoCOMNET}, {EvoFIN}, {EvoIASP},
                 {EvoInteraction}, {EvoMUSART}, {EvoSTOC},
                 {EvoTransLog}",
  year =         "2007",
  month =        "11-13 " # apr,
  editor =       "Mario Giacobini and Anthony Brabazon and 
                 Stefano Cagnoni and Gianni A. {Di Caro} and Rolf Drechsler and 
                 Muddassar Farooq and Andreas Fink and 
                 Evelyne Lutton and Penousal Machado and Stefan Minner and 
                 Michael O'Neill and Juan Romero and Franz Rothlauf and 
                 Giovanni Squillero and Hideyuki Takagi and A. Sima Uyar and 
                 Shengxiang Yang",
  series =       "LNCS",
  volume =       "4448",
  organization = "EvoStar",
  publisher =    "Springer Verlag",
  address =      "Valencia, Spain",
  pages =        "11--20",
  isbn13 =       "978-3-540-71804-8",
  DOI =          "doi:10.1007/978-3-540-71805-5_2",
  keywords =     "genetic algorithms, genetic programming",
  abstract =     "A mimicry attack is an exploit in which basic
                 behavioural objectives of a minimalist core attack are
                 used to design multiple attacks achieving the same
                 objective from the same application. Research in
                 mimicry attacks is valuable in determining and
                 eliminating detector weaknesses. In this work, we
                 provide a process for evolving all components of a
                 mimicry attack relative to the Stide (anomaly) detector
                 under a Traceroute exploit. To do so, feedback from the
                 detector is directly incorporated into the fitness
                 function, thus guiding evolution towards potential
                 blind spots in the detector. Results indicate that we
                 are able to evolve mimicry attacks that reduce the
                 detector anomaly rate from ~67percent of the original
                 core exploit, to less than 3percent, effectively making
                 the attack indistinguishable from normal behaviours.",
  notes =        "EvoWorkshops2007",
}

Genetic Programming entries for Hilmi Gunes Kayacik Malcolm Heywood Nur Zincir-Heywood

Citations