Abstract
The testing of anomaly detectors is considered from the perspective of a Multi-objective Evolutionary Exploit Generator (EEG). Such a framework provides users of anomaly detection systems two capabilities. Firstly, no knowledge of protected data structures need be assumed. Secondly, the evolved exploits are then able to demonstrate weaknesses in the ensuing detector parameterization. In this work we focus on the parameterization of the second generation anomaly detector ‘pH’ and demonstrate how use of an EEG may identify weak parameterization of the detector.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kayacik, H.G., Heywood, M., Zincir-Heywood, N.: On evolving buffer overflow attacks using genetic programming. In: Proceedings of the Conference on Genetic and Evolutionary Computation (GECCO), SIGEVO, pp. 1667–1674. ACM, New York (2006)
Forrest, S., Hofmeyr, S.A., Somayaji, A.B., Longstaff, T.A.: A sense of self for unix processes. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 120–128 (1996)
Kayacik, H.G., Heywood, M., Zincir-Heywood, N.: Evolving buffer overflow attacks with detector feedback. In: Giacobini, M. (ed.) EvoWorkshops 2007. LNCS, vol. 4448, pp. 11–20. Springer, Heidelberg (2007)
Somayaji, A.B.: Operating system stability and security through process homeostasis. PhD thesis, The University of New Mexico (2002)
Goldberg, D.E.: Genetic Algorithms in Search Optimization and Machine Learning. Addison-Wesley, Reading (1989)
Deb, K.: Multi-Objective Optimization using Evolutionary Algorithms. John Wiley and Sons, Chichester (2001)
Kumar, R., Rockett, P.: Improved sampling of the pareto-front in multiobjective genetic optimizations by steady-state evolution. Evolutionary Computation 10(3), 283–314 (2002)
Tan, K., Killourhy, K., Maxion, R.: Undermining an anomaly-based Intrusion Detection System using common exploits. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, pp. 54–73. Springer, Heidelberg (2002)
SecurityFocus: Lbnl traceroute heap corruption vulnerability (last accessed June 2008), http://www.securityfocus.com/bid/1739
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kayacık, H.G., Zincir-Heywood, A.N., Heywood, M.I., Burschka, S. (2009). Testing Detector Parameterization Using Evolutionary Exploit Generation. In: Giacobini, M., et al. Applications of Evolutionary Computing. EvoWorkshops 2009. Lecture Notes in Computer Science, vol 5484. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01129-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-01129-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01128-3
Online ISBN: 978-3-642-01129-0
eBook Packages: Computer ScienceComputer Science (R0)