Abstract
A mimicry attack is an exploit in which basic behavioral objectives of a minimalist 'core' attack are used to design multiple attacks achieving the same objective from the same application. Research in mimicry attacks is valuable in determining and eliminating detector weaknesses. In this work, we provide a process for evolving all components of a mimicry attack relative to the Stide (anomaly) detector under a Traceroute exploit. To do so, feedback from the detector is directly incorporated into the fitness function, thus guiding evolution towards potential blind spots in the detector. Results indicate that we are able to evolve mimicry attacks that reduce the detector anomaly rate from "67% of the original core exploit, to less than 3%, effectively making the attack indistinguishable from normal behaviors. © Springer-Verlag Berlin Heidelberg 2007.
Cite
CITATION STYLE
Kayacik, H. G., Heywood, M. I., & Zincir-Heywood, A. N. (2007). Evolving buffer overflow attacks with detector feedback. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4448 LNCS, pp. 11–20). Springer Verlag. https://doi.org/10.1007/978-3-540-71805-5_2
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
