Can a good offense be a good defense? Vulnerability testing of anomaly detectors through an artificial arms race

  • Kayacik H
  • Zincir-Heywood A
  • Heywood M
  • 31


    Mendeley users who have this article in their library.
  • 8


    Citations of this article.


Intrusion detection systems, which aim to protect our IT infrastructure are not infallible. Attackers take advantage of detector vulnerabilities and weaknesses to evade detection, hence hindering the effectiveness of the detectors. To do so, attackers generate evasion attacks which can eliminate or minimize the detection while successfully achieving the attacker's goals. This work proposes an artificial arms race between an automated 'white-hat' attacker and various anomaly detectors for the purpose of identifying detector weaknesses. The proposed arms race aims to automate the vulnerability testing of the anomaly detectors so that the security experts can be more proactive in eliminating detector vulnerabilities. © 2010 Elsevier B.V. All rights reserved.

Author-supplied keywords

  • Arms race
  • Computer security
  • Evasion attacks
  • Genetic Programming
  • Intrusion detection

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • Hilmi Güne Kayacik

  • A. Nur Zincir-Heywood

  • Malcolm I. Heywood

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free