Skip to main content
SpringerLink
Log in
Book cover

European Conference on the Applications of Evolutionary Computation

EvoApplications 2012: Applications of Evolutionary Computation pp 11–20Cite as

Network Protocol Discovery and Analysis via Live Interaction

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7248))

Abstract

In this work, we explore the use of evolutionary computing toward protocol analysis. The ability to discover, analyse, and experiment with unknown protocols is paramount within the realm of network security; our approach to this crucial analysis is to interact with a network service, discovering sequences of commands that do not result in error messages. In so doing, our work investigates the real-life responses of a service, allowing for exploration and analysis of the protocol in question. Our system initiates sequences of commands randomly, interacts with and learns from the responses, and modifies its next set of sequences accordingly. Such an exploration results in a set of command sequences that reflect correct uses of the service in testing. These discovered sequences can then be used to identify the service, unforeseen uses of the service, and, most importantly, potential weaknesses.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: Automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, p. 329. ACM (2007)

    Google Scholar 

  2. Doucette, J., Heywood, M.I.: Novelty-Based Fitness: An Evaluation under the Santa Fe Trail. In: Esparcia-Alcázar, A.I., Ekárt, A., Silva, S., Dignum, S., Uyar, A.Ş. (eds.) EuroGP 2010. LNCS, vol. 6021, pp. 50–61. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  3. Froese, T.: Steps toward the evolution of communication in a multi-agent system. In: Symposium for Cybernetics Annual Research Projects, SCARP 2003. Citeseer (2003)

    Google Scholar 

  4. Heywood, M.I., Nur Zincir-Heywood, A.: Dynamic page based crossover in linear genetic programming. IEEE Transactions on Systems, Man, and Cybernetics: Part B - Cybernetics 32(3), 380–388 (2002)

    Article  Google Scholar 

  5. Huelsbergen, L.: Toward simulated evolution of machine language iteration. In: Koza, J.R., Goldberg, D.E., Fogel, D.B., Riolo, R.L. (eds.) Proceedings of the First Annual Conference on Genetic Programming 1996, July 28-31, pp. 315–320. Stanford University, MIT Press, CA, USA (1996)

    Google Scholar 

  6. Kaksonen, R., Laasko, M., Takanen, A.: Vulnerability analysis of software through syntax testing. University of Oulu, Finland, Tech. Rep. (2000)

    Google Scholar 

  7. Gunes Kayacik, H., Heywood, M.I., Nur Zincir-Heywood, A.: Evolving Buffer Overflow Attacks with Detector Feedback. In: Giacobini, M. (ed.) EvoWorkshops 2007. LNCS, vol. 4448, pp. 11–20. Springer, Heidelberg (2007)

    Google Scholar 

  8. Gunes Kayacyk, H., Nur Zincir-Heywood, A., Heywood, M.: Evolving successful stack overflow attacks for vulnerability testing. In: 21st Annual Computer Security Applications Conference, ACSAC 2005, pp. 225–234. IEEE Computer Society (December 2005)

    Google Scholar 

  9. Khasteh, S.H., Shouraki, S.B., Halavati, R., Khameneh, E.: Evolution of a communication protocol between a group of intelligent agents. In: World Automation Congress, WAC 2006, pp. 1–6. Citeseer (2006)

    Google Scholar 

  10. Khasteh, S.H., Shouraki, S.B., Halavati, R., Lesani, M.: Communication Protocol Evolution by Natural Selection. In: 2006 and International Conference on Intelligent Agents, Web Technologies and Internet Commerce, Computational Intelligence for Modelling, Control and Automation, p. 152 (2006)

    Google Scholar 

  11. LaRoche, P., Nur Zincir-Heywood, A., Heywood, M.I.: Evolving tcp/ip packets: A case study of port scans. In: CDROM: IEEE Symposium on Computational Intelligence for Security and Defense Applications (2009)

    Google Scholar 

  12. LaRoche, P., Nur Zincir-Heywood, A., Heywood, M.I.: Using Code Bloat to Obfuscate Evolved Network Traffic. In: Di Chio, C., Brabazon, A., Di Caro, G.A., Ebner, M., Farooq, M., Fink, A., Grahl, J., Greenfield, G., Machado, P., O’Neill, M., Tarantino, E., Urquhart, N. (eds.) EvoApplications 2010. LNCS, vol. 6025, pp. 101–110. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. LaRoche, P., Nur Zincir-Heywood, A., Heywood, M.I.: Exploring the state space of an application protocol: A case study of smtp. In: 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS 2011), pp. 152–159 (April 2011)

    Google Scholar 

  14. Marquis, S., Dean, T.R., Knight, S.: Scl: a language for security testing of network applications. In: CASCON 2005: Proceedings of the 2005 Conference of the Centre for Advanced Studies on Collaborative Research, pp. 155–164. IBM Press (2005)

    Google Scholar 

  15. Nordin, P.: A compiling genetic programming system that directly manipulates the machine code. In: Kinnear Jr., K.E. (ed.) Advances in Genetic Programming, ch. 14, pp. 311–331. MIT Press (1994)

    Google Scholar 

  16. Postel, J., Reynolds, J.: File Transfer Protocol. RFC 959 (Standard), Updated by RFCs 2228, 2640, 2773, 3659, 5797 (October 1985)

    Google Scholar 

  17. Tal, O., Knight, S., Dean, T.: Syntax-based vulnerability testing of frame-based network protocols. In: Proc. 2nd Annual Conference on Privacy, Security and Trust (2004)

    Google Scholar 

  18. Wondracek, G., Comparetti, P.M., Kruegel, C., Kirda, E., Anna, S.S.S.: Automatic network protocol analysis. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium, NDSS 2008. Citeseer (2008)

    Google Scholar 

  19. Xiao, S., Deng, L., Li, S., Wang, X.: Integrated tcp/ip protocol software testing for vulnerability detection. In: 2003 International Conference on Computer Networks and Mobile Computing, ICCNMC 2003, pp. 311–319. IEEE (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada

    Patrick LaRoche, A. Nur Zincir-Heywood & Malcolm I. Heywood

Authors
  1. Patrick LaRoche
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Nur Zincir-Heywood
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Malcolm I. Heywood
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Statistics, University of Strathclyde, 16 Richmond Street, G1 1XQ, Glasgow, UK

    Cecilia Di Chio

  2. Financial Mathematics and Computation Cluster Natural Computing Research and Applications Group Complex and Adaptive Systems Laboratory, University College, Dublin, Ireland

    Alexandros Agapitos

  3. Department of Computer Engineering, University of Parma, Viale Usberti 181/a, 43100, Parma, Italy

    Stefano Cagnoni

  4. ETSI Informática, Universidad de Málaga, Campus de Teatinos, 29071, Málaga, Spain

    Carlos Cotta

  5. Centro Universitario de Merida, Universidad de Extremadura, Spain

    Francisco Fernández de Vega

  6. Dalle Molle Institute for Artificial Intelligence (IDSIA), Lugano, Switzerland

    Gianni A. Di Caro

  7. DFKI Bremen, Cyber-Physical Systems, Bremen, Germany

    Rolf Drechsler

  8. Knowledge Engineering Research Group, Aston University, B4 7ET, Aston Triangle, Birmingham, UK

    Anikó Ekárt

  9. Instituto Tecnológico de Informática, Edif. 8G Acceso B, Universidad Politécnica de Valencia, 46022, Valencia, Spain

    Anna I. Esparcia-Alcázar

  10. Next Generation Intelligent Networks Research Center (nexGIN RC), National University of Computer & Emerging Sciences (FAST-NU), Islamabad, Pakistan

    Muddassar Farooq

  11. Department of Computer Science,, University College London, Gower Street, WC1E 6BT, London, UK

    William B. Langdon

  12. Depto. Arquitectura y Tecnologa de Computadores, ETS Ingeiera Informtica, C/Daniel Saucedo Aranda, s/n, 18071, Granada, Spain

    Juan J. Merelo-Guervós

  13. Chair of Algorithm Engineering, Computational Intelligence Group, Dept. of Computer Science, Technische Universität Dortmund, Germany

    Mike Preuss

  14. HTWK Leipzig, Fakultät Elektrotechnik und Informationstechnik, Institut Mess–, Steuerungs– und Regelungstechnik, Postfach 30 11 66, D–04251, Leipzig, Germany

    Hendrik Richter

  15. INESC-ID Lisboa, Rua Alves Redol 9,, 1000-029, Lisboa, Portugal

    Sara Silva

  16. Centre for Informatics and Systems, University of Coimbra, Portugal

    Anabela Simões

  17. Dipartimento di Automatica e Informatica, Politecnico di Torino, Italy

    Giovanni Squillero

  18. Institute of High Performance Computing and Networking, ICAR-CNR, Naples, Italy

    Ernesto Tarantino

  19. Dipartimento di Tecnologie dell’Informazione, Universita’ degli Studi di Milano, Italy

    Andrea G. B. Tettamanzi

  20. IT University of Copenhagen, Rued Langaards Vej 7, 2300, Copenhagen, Denmark

    Julian Togelius

  21. Centre for Emergent Computing, Edinburgh Napier University, Edinburgh,, UK

    Neil Urquhart

  22. Department of Computer Engineering, Istanbul Technical University, 34490, Maslak, Turkey

    A. Şima Uyar

  23. Center For Computer Games Research, IT University Of Copenhagen, Rued Langgaards Vej 7, 2300, Copenhagen, Denmark

    Georgios N. Yannakakis

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

LaRoche, P., Zincir-Heywood, A.N., Heywood, M.I. (2012). Network Protocol Discovery and Analysis via Live Interaction. In: Di Chio, C., et al. Applications of Evolutionary Computation. EvoApplications 2012. Lecture Notes in Computer Science, vol 7248. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29178-4_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29178-4_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29177-7

  • Online ISBN: 978-3-642-29178-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation