Genetic and Evolutionary Computation Conference (GECCO2006) Workshop Program: Military and Security Applications of Evolutionary Computation, ACM Press, 8-12 July 2006.
Analysis of Attack Graphs using Evolutionary Computation
Designing Secure Communication Using Evolutionary Approach
Principles of a Computer Immune System
in "1997 New Security Paradigms Workshop"
Genetic Algorithms, Nonlinear Dynamical Systems, and Models of International Security [find similar] [try Google]
Handbook of Genetic Algorithms, pp. 166-185, Van Nostrand Reinhold, 1991.
International Conference on Computational Intelligence and Security (CIS'05), 2005
Machine Learning Techniques for the Computer Security Domain of Anomaly Detection
======
Focus on Student Research: Using Genetic Programming to Generate and Detect Attacks (Top)
Submitted by Hilmi Güneþ Kayacýk
Hilmi Güneþ Kayacýk is a Ph.D. student at Dalhousie University. He is part of the Network Information Management and Security project led by Dr. Nur Zincir-Heywood and Dr. Malcolm Heywood.
Two-dimensional visualization of network
traffic from a detector we developed
that shows separation between normal
behavior and attacks.In the last few years, we saw many changes in information technology. Many things changed for the better from a user’s point of view. Hardware got faster and cheaper, operating systems are easier to use and more reliable. Unfortunately, in case of computer security, this was not the case. Along with many benefits, the Internet also created numerous ways to compromise the security and stability of the systems connected to it. In 2003, 137,529 incidents were reported to CERT while in 1993, there were 1,334 reported incidents. Working in a networked environment exposes us to new threats every day.
The basic nature of computer security is that new attacks are continuously under development. As new attacks are discovered, security software that you have such as firewalls, virus scanners and intrusion detection systems should be updated to be able to recognize the new attacks. In order to produce the update, a human expert should analyze the attack and develop signatures or rules that describe the attack. Such an expert is responsible for recognizing the new unseen attacks and developing necessary signatures. This implies computer security software is as useful as the expert's ability of recognizing unseen attacks. The alternative approach is called the anomaly detection, which aims to define the normal behavior on a given computer system. Any deviation from the normal behavior is flagged as suspicious activity. However, developing normal behavior models is a challenge since normal behavior on one computer system may be considered suspicious in another.
Experienced attackers alter their attacks in a way to make their actions go unnoticed by both signature and anomaly based detectors. In response, security experts try to develop signatures or models that can describe all variants of the attack. The motivation of our research in Network Information Management and Security laboratory is to formulate a method for enabling detectors to automatically generalize to a wide range of embodiments of the same generic attack. To do so, we develop both detectors and corresponding attackers, and formulate the problem as an "arms race" between both parties. Within such a context the detector is encouraged to generalize beyond recognizing the specific instance of a single attack, therefore freeing the detector from working in a purely reactive manner.
Within this wider framework, my research focuses on the attacker side of the arms race, in particular building variants of a generic class of attack. For this purpose, I am using Genetic Programming to generate a population of attack variants. As with other forms of Evolutionary Computation, Genetic Programming is based on a population of candidate solutions. Candidate solutions take the form of computer programs (in an arbitrary programming language), thus naturally fitting the objective of designing alternative malicious code. In order to guide the evolution of such a population, selection and search operators are based on the concepts of natural selection and genetics. Main objective of my research is to provide variants of an attack class so that we can build detectors that are robust against any instance of an attack class
By eliminating the need for a human expert to develop attack signatures, detectors can detect unknown attacks and can easily be customized for different computing environments. Hopefully, being proactive rather than reactive in detecting known and unknown attacks will allow us to better defend our information technology infrastructures.
More information about our ongoing research can be found at Network Information Management and Security Group�s web site.
没有评论:
发表评论