Title :
Evolving TCP/IP packets: A case study of port scans
Author :
LaRoche, Patrick ; Zincir-Heywood, Nur ; Heywood, Malcolm I.
Author_Institution :
Fac. of Comput. Sci., Dalhousie Univ. of Halifax, Halifax, NS, Canada
Abstract :
In this work, we investigate the ability of genetic programming techniques to evolve valid network packets, including all relevant header values, towards a specific goal. We see this as a first step in building a fuzzing system that can learn to adapt for vulnerability analysis. By developing a system that learns the packets that are required to be transmitted towards targets, using feedback from an external network source, we make a step towards having a system that can intelligently explore the capabilities of a given security system. In order to validate our system´s capabilities we evolve a variety of port scan patterns while running the packets through an IDS, with the goal to minimizes the alarms raised during the scanning process. Results show that the system not only successfully evolves valid TCP packets, but also remains stealthy in its activity.
Keywords :
cryptographic protocols; fuzzy systems; genetic algorithms; security of data; transport protocols; IDS; TCP/IP packets; fuzzing system; genetic programming; port scans; vulnerability analysis; Arm; Computer network reliability; Feedback; Genetic programming; Intrusion detection; Machine learning; Protection; Security; System testing; TCPIP;
Conference_Titel :
Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on
Conference_Location :
Ottawa, ON
Print_ISBN :
978-1-4244-3763-4
Electronic_ISBN :
978-1-4244-3764-1
DOI :
10.1109/CISDA.2009.5356541
