Publication:
Modeling NIDS evasion with genetic programming

Thumbnail Image
Identifiers
URI: https://hdl.handle.net/10016/9673
ISBN: 1-60132-162-7
Files
Pastrana, Orfila, Ribagorda - 2010 - Modeling NIDS evasion with Genetic Programming - 9th In.pdf (396.96 KB)
Publication date
2010-07
Defense date
Authors
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
CSREA Press
Impact
Google Scholar
Export
Research Projects
Organizational Units
Journal Issue
Abstract
Nowadays, Network Intrusion Detection Systems are quickly updated in order to prevent systems against new attacks. This situation has provoked that attackers focus their efforts on new sophisticated evasive techniques when trying to attack a system. Unfortunately, most of these techniques are based on network protocols ambiguities [1], so NIDS designers must take them into account when updating their tools. In this paper, we present a new approach to improve the task of looking for new evasive techniques. The core of our work is to model existing NIDS using the Genetic Pro- gramming paradigm. Thus, we obtain models that simulate the behavior of NIDS with great precision, but with a much simpler semantics than the one of the NIDS. Looking for this easier semantics allows us to easily construct evasions on the model, and therefore on the NIDS, as their behavior is quite similar. Our results show how precisely GP can model a NIDS behavior.
Description
Proceeding of: 9th International Conference on Security and Management (SAM 2010). Las Vegas, Nevada, USA, July 12-15 2010
Keywords
Evasion, Intrusion detection, Network security
Bibliographic citation
Proceedings of 9th International Conference on Security and Management (SAM 2010). Las Vegas, Nevada, USA.
Collections
DI - COSEC - Artículos en Congresos Internacionales
DI - COSEC - Capítulos de Monografías