Abstract
A mimicry attack is an exploit in which basic behavioral objectives of a minimalist ’core’ attack are used to design multiple attacks achieving the same objective from the same application. Research in mimicry attacks is valuable in determining and eliminating detector weaknesses. In this work, we provide a process for evolving all components of a mimicry attack relative to the Stide (anomaly) detector under a Traceroute exploit. To do so, feedback from the detector is directly incorporated into the fitness function, thus guiding evolution towards potential blind spots in the detector. Results indicate that we are able to evolve mimicry attacks that reduce the detector anomaly rate from ~67% of the original core exploit, to less than 3%, effectively making the attack indistinguishable from normal behaviors.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Wagner, D., Soto, P.: Mimicry attacks on host based intrusion detection systems, ACM Conference on Computer and Communications Security, pp. 255–264 (2002)
Tan, K.M.C., Killourhy, K.S., Maxion, R.A.: Undermining an Anomaly-based Intrusion Detection System using Common Exploits. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002, vol. 2516, pp. 54–73. Springer, Berlin Heidelberg New York (2002)
Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Automating mimicry attacks using static binary analysis, Proceedings of the USENIX Security Symposium, pp. 717–738 (2005)
Tan, K.M.C.: McHugh, J., Killourhy, K.S.: Hiding Intrusions: From the Abnormal to the Normal and Beyond, Symposium on Information Hiding, pp. 1–17 (2002)
Kayacik, H.G., Zincir-Heywood, A.N., Heywood, M.I.: Evolving Successful Stack Overflow Attacks for Vulnerability Testing, 21st Annual Computer Security Applications Conference, pp. 225–234 (2005)
Kayacik, H.G., Heywood, M.I., Zincir-Heywood, A.N.: On Evolving Buffer Overflow Attacks using Genetic Programming. Proceedings of the Genetic and Evolutionary Computation Conference. In: SIGEVO, July 8-12, pp. 1667–1673. ACM Press, New York, NY, USA (2006)
University of New Mexico, Computer Science Department, Computer Immune Systems Data Sets and Software http://www.cs.unm.edu/immsec/data-sets.htm (Last accessed May 2006)
Securiteam Web Site, Linux Traceroute Exploit Code Released (GDB), October 2002 http://www.securiteam.com/exploits/6A00A1F5QM.html (Last accessed May 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kayacik, H.G., Heywood, M.I., Zincir-Heywood, A.N. (2007). Evolving Buffer Overflow Attacks with Detector Feedback. In: Giacobini, M. (eds) Applications of Evolutionary Computing. EvoWorkshops 2007. Lecture Notes in Computer Science, vol 4448. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-71805-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-540-71805-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-71804-8
Online ISBN: 978-3-540-71805-5
eBook Packages: Computer ScienceComputer Science (R0)