使用GP授权攻击自动逃避IDS

2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications Pub Date : 2007-04-01 DOI:10.1109/CISDA.2007.368148

H. G. Kayacik, A. N. Zincir-Heywood, M. Heywood

{"title":"使用GP授权攻击自动逃避IDS","authors":"H. G. Kayacik, A. N. Zincir-Heywood, M. Heywood","doi":"10.1109/CISDA.2007.368148","DOIUrl":null,"url":null,"abstract":"A mimicry attack is a type of attack where the basic steps of a minimalist 'core' attack are used to design multiple attacks achieving the same objective from the same application. Research in mimicry attacks is valuable in determining and eliminating weaknesses of detectors. In this work, we provide a genetic programming based automated process for designing all components of a mimicry attack relative to the Stide detector under a vulnerable Traceroute application. Results indicate that the automatic process is able to generate mimicry attacks that reduce the alarm rate from ~65% of the original attack, to ~2.7%, effectively making the attack indistinguishable from normal behaviors","PeriodicalId":403553,"journal":{"name":"2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications","volume":"43 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":"{\"title\":\"Automatically Evading IDS Using GP Authored Attacks\",\"authors\":\"H. G. Kayacik, A. N. Zincir-Heywood, M. Heywood\",\"doi\":\"10.1109/CISDA.2007.368148\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A mimicry attack is a type of attack where the basic steps of a minimalist 'core' attack are used to design multiple attacks achieving the same objective from the same application. Research in mimicry attacks is valuable in determining and eliminating weaknesses of detectors. In this work, we provide a genetic programming based automated process for designing all components of a mimicry attack relative to the Stide detector under a vulnerable Traceroute application. Results indicate that the automatic process is able to generate mimicry attacks that reduce the alarm rate from ~65% of the original attack, to ~2.7%, effectively making the attack indistinguishable from normal behaviors\",\"PeriodicalId\":403553,\"journal\":{\"name\":\"2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications\",\"volume\":\"43 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2007-04-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"18\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CISDA.2007.368148\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CISDA.2007.368148","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 18

摘要

模仿攻击是一种攻击类型，其中使用极简主义“核心”攻击的基本步骤来设计从同一应用程序实现相同目标的多个攻击。研究模仿攻击对于确定和消除检测器的弱点是有价值的。在这项工作中，我们提供了一个基于遗传编程的自动化过程，用于设计在易受攻击的Traceroute应用程序下相对于Stide检测器的模仿攻击的所有组件。结果表明，自动过程能够产生模仿攻击，将原始攻击的报警率从~65%降低到~2.7%，有效地使攻击与正常行为无法区分

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Automatically Evading IDS Using GP Authored Attacks

A mimicry attack is a type of attack where the basic steps of a minimalist 'core' attack are used to design multiple attacks achieving the same objective from the same application. Research in mimicry attacks is valuable in determining and eliminating weaknesses of detectors. In this work, we provide a genetic programming based automated process for designing all components of a mimicry attack relative to the Stide detector under a vulnerable Traceroute application. Results indicate that the automatic process is able to generate mimicry attacks that reduce the alarm rate from ~65% of the original attack, to ~2.7%, effectively making the attack indistinguishable from normal behaviors

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications

自引率

0.00%

发文量