Using Code Bloat to Obfuscate Evolved Network Traffic
نویسندگان
چکیده
In this work, we investigate the ability of genetic programming techniques to evolve valid network patterns, while avoiding detectability by obfuscating the intent of the traffic. In order to validate our system’s capabilities, we choose to evolve a port scan attack while running the packets through an Intrusion Detection System (IDS). In turn, the evolutionary process uses feedback such that it minimizes the alarms raised while port scanning across a network range. Results build off of previous work allow us to further analyze and understand what the role of introns, code bloat, play in the systems ability to reduce the detectability of it malicious behaviour.
منابع مشابه
Genetic Programming Bloat without Semantics
To investigate the fundamental causes of bloat, six artificial random binary tree search spaces are presented. Fitness is given by program syntax (the genetic programming genotype). GP populations are evolved on both random problems and problems with “building blocks”. These are compared to problems with explicit ineffective code (introns, junk code, inviable code). Our results suggest the entr...
متن کاملThe Evolution of Size and Shape
The phenomenon of growth in program size in genetic programming populations has been widely reported. In a variety of experiments and static analysis we test the standard protective code explanation and find it to be incomplete. We suggest bloat is primarily due to distribution of fitness in the space of possible programs and because of this, in the absence of bias, it is in general inherent in...
متن کاملDetecting Network-based Obfuscated Code Injection Attacks Using Sandboxing
Intrusion detection systems (IDSs) are widely recognised as the last line of defence often used to enable incident response when intrusion prevention mechanisms are ineffective, or have been compromised. A signature based network IDS (NIDS) which operates by comparing network traffic to a database of suspicious activity patterns (known as signatures) is a popular solution due to its ease of dep...
متن کاملCode Bloat Problem in Genetic Programming
The concept of “bloat” in Genetic Programming is a well-established phenomenon characterized by variable-length genomes gradually increasing in size during evolution [1]. Bloat hampers the efficiency and ability of genetic programming for solving problems. A range of explanations have been proposed for the problem of bloat, including destructive crossover and mutation operators, selection press...
متن کاملBehavioral Analysis of Traffic Flow for an Effective Network Traffic Identification
Fast and accurate network traffic identification is becoming essential for network management, high quality of service control and early detection of network traffic abnormalities. Techniques based on statistical features of packet flows have recently become popular for network classification due to the limitations of traditional port and payload based methods. In this paper, we propose a metho...
متن کامل