RT Conference Proceedings
T1 Modeling NIDS evasion with genetic programming
A1 Pastrana, Sergio
A1 Orfila, Agustín
A1 Ribagorda Garnacho, Arturo
AB Nowadays, Network Intrusion Detection Systems are quickly updated in order to prevent systems against new attacks. This situation has provoked that attackers focus their efforts on new sophisticated evasive techniques when trying to attack a system. Unfortunately, most of these techniques are based on network protocols ambiguities [1], so NIDS designers must take them into account when updating their tools. In this paper, we present a new approach to improve the task of looking for new evasive techniques. The core of our work is to model existing NIDS using the Genetic Pro- gramming paradigm. Thus, we obtain models that simulate the behavior of NIDS with great precision, but with a much simpler semantics than the one of the NIDS. Looking for this easier semantics allows us to easily construct evasions on the model, and therefore on the NIDS, as their behavior is quite similar. Our results show how precisely GP can model a NIDS behavior.
PB CSREA Press
SN 1-60132-162-7
YR 2010
FD 2010-07
LK https://hdl.handle.net/10016/9673
UL https://hdl.handle.net/10016/9673
LA eng
NO Proceeding of: 9th International Conference on Security and Management (SAM 2010). Las Vegas, Nevada, USA, July 12-15 2010
DS e-Archivo
RD 30 jun. 2024