Created by W.Langdon from gp-bibliography.bib Revision:1.4951
The proposed approach focuses on stack buffer overflow attacks on a 32-bit Intel architecture and aims to optimise the various characteristics of the attack. Three components exist in a common stack buffer overflow attack: the shellcode, NoOP and return address components. Therefore, automation of attack generation is realised in three stages: (1) identifying the suitable NoOP and return address components, (2) designing the shellcode at the assembly level, and (3) designing the shellcode at the system call level. The first and second stage address the evasion of misuse detectors by employing obfuscation, whereas the third stage addresses the evasion of anomaly detectors by employing mimicry attacks.
In short, the proposed approach takes the form of a black-box search process where the attacks are rewarded according to two main criteria: (a) their ability to carry out the malicious intent, while (b) minimising or eliminating the detectable attack characteristics. Furthermore, it is demonstrated that there are two parts to buffer overflow attacks: (i) the preamble and (ii) the exploit. Therefore, the anomaly rate of the whole attack is calculated on both parts. Additionally, the proposed approach supports multi-objective optimisation, where multiple characteristics of attacks can be improved. The proposed approach is evaluated against six detectors and four vulnerable applications. The results show that attacks which the proposed approach generates under a black-box assumption are as effective as the attacks in generated under a white-box assumption adopted by previous work.",
Genetic Programming entries for Hilmi Gunes Kayacik