Evolving TCP/IP packets: A case study of port scans

Abstract

In this work, we investigate the ability of genetic programming techniques to evolve valid network packets, including all relevant header values, towards a specific goal. We see this as a first step in building a fuzzing system that can learn to adapt for vulnerability analysis. By developing a system that learns the packets that are required to be transmitted towards targets, using feedback from an external network source, we make a step towards having a system that can intelligently explore the capabilities of a given security system. In order to validate our system's capabilities we evolve a variety of port scan patterns while running the packets through an IDS, with the goal to minimizes the alarms raised during the scanning process. Results show that the system not only successfully evolves valid TCP packets, but also remains stealthy in its activity.