Evolutionary computation as an artificial attacker: generating evasion attacks for detector vulnerability testing

Created by W.Langdon from gp-bibliography.bib Revision:1.7642

@Article{Kayacik:2011:EI,

• author = "Hilmi Gunes Kayacik and A. Nur Zincir-Heywood and Malcolm I. Heywood",
• title = "Evolutionary computation as an artificial attacker: generating evasion attacks for detector vulnerability testing",
• journal = "Evolutionary Intelligence",
• year = "2011",
• volume = "4",
• number = "4",
• pages = "243--266",
• month = dec,
• keywords = "genetic algorithms, genetic programming, Engineering, Computer security, Intrusion detection, Anomaly detection, Evasion attacks, Evolutionary computation, Artificial arms race",
• ISSN = "1864-5909",
• publisher = "Springer",
• DOI = "doi:10.1007/s12065-011-0065-0",
• size = "24 pages",
• abstract = "Intrusion detection systems protect our infrastructures by monitoring for signs of intrusions. However, intrusion detection systems are themselves susceptible to vulnerabilities, which the attackers take advantage of to evade detection. In particular, we focus on evasion attacks in which the attacker aims to generate a stealthy attack that eliminates or minimises the likelihood of detection. Attackers achieve stealth by mimicking normal behaviour while achieving the attack goals, hence bypassing the detector. Previous work focused on generating evasion attacks using the internal knowledge of the detectors, hence adopting a white-box access to the detector. On the other hand, we adopt a black-box approach and propose an evolutionary attacker based on Genetic Programming. The access of our black-box approach is limited to the feedback of the detector such as anomaly rates and delays. We compare our black-box approach with various white-box approaches to investigate its effectiveness. In doing so, the impact of anomalies from the break-in stage of the attacks and the delays based on locality frame counts are also discussed. This is particularly important if the performance comparison is to reflect the real capabilities of detectors.",
• affiliation = "School of Computer Science, Carleton University, 1125 Colonel By Drive, Ottawa, ON K1S 5B6, Canada",

}

Genetic Programming entries for Hilmi Gunes Kayacik Nur Zincir-Heywood Malcolm Heywood

Citations