Can a good offense be a good defense? vulnerability testing of anomaly detectors through an artificial arms race

Hilmi Gunes Kayacik, Nur Zincir-Heywood, Malcolm Heywood

    Research output: Contribution to journalArticle

    Abstract

    Intrusion detection systems, which aim to protect our IT infrastructure are not infallible. Attackers take advantage of detector vulnerabilities and weaknesses to evade detection, hence hindering the effectiveness of the detectors. To do so, attackers generate evasion attacks which can eliminate or minimize the detection while successfully achieving the attacker’s goals. This work proposes an artificial arms race between an automated ‘white-hat’ attacker and various anomaly detectors for the purpose of identifying detector weaknesses.
    Original languageEnglish
    Pages (from-to)4366-4383
    Number of pages18
    JournalApplied Soft Computing
    Volume11
    Issue number7
    DOIs
    Publication statusPublished - Oct 2011

    Fingerprint

    Detectors
    Testing
    Intrusion detection

    Keywords

    • computer security
    • intrusion detection
    • evasion attacks
    • genetic programming
    • arms race

    Cite this

    Kayacik, Hilmi Gunes ; Zincir-Heywood, Nur ; Heywood, Malcolm. / Can a good offense be a good defense? vulnerability testing of anomaly detectors through an artificial arms race. In: Applied Soft Computing. 2011 ; Vol. 11, No. 7. pp. 4366-4383.
    @article{34d940ddee6e479da39755600e70f249,
    title = "Can a good offense be a good defense? vulnerability testing of anomaly detectors through an artificial arms race",
    abstract = "Intrusion detection systems, which aim to protect our IT infrastructure are not infallible. Attackers take advantage of detector vulnerabilities and weaknesses to evade detection, hence hindering the effectiveness of the detectors. To do so, attackers generate evasion attacks which can eliminate or minimize the detection while successfully achieving the attacker’s goals. This work proposes an artificial arms race between an automated ‘white-hat’ attacker and various anomaly detectors for the purpose of identifying detector weaknesses.",
    keywords = "computer security , intrusion detection, evasion attacks, genetic programming, arms race",
    author = "Kayacik, {Hilmi Gunes} and Nur Zincir-Heywood and Malcolm Heywood",
    year = "2011",
    month = "10",
    doi = "10.1016/j.asoc.2010.09.005",
    language = "English",
    volume = "11",
    pages = "4366--4383",
    journal = "Applied Soft Computing",
    issn = "1568-4946",
    publisher = "Elsevier BV",
    number = "7",

    }

    Can a good offense be a good defense? vulnerability testing of anomaly detectors through an artificial arms race. / Kayacik, Hilmi Gunes; Zincir-Heywood, Nur; Heywood, Malcolm.

    In: Applied Soft Computing, Vol. 11, No. 7, 10.2011, p. 4366-4383.

    Research output: Contribution to journalArticle

    TY - JOUR

    T1 - Can a good offense be a good defense? vulnerability testing of anomaly detectors through an artificial arms race

    AU - Kayacik, Hilmi Gunes

    AU - Zincir-Heywood, Nur

    AU - Heywood, Malcolm

    PY - 2011/10

    Y1 - 2011/10

    N2 - Intrusion detection systems, which aim to protect our IT infrastructure are not infallible. Attackers take advantage of detector vulnerabilities and weaknesses to evade detection, hence hindering the effectiveness of the detectors. To do so, attackers generate evasion attacks which can eliminate or minimize the detection while successfully achieving the attacker’s goals. This work proposes an artificial arms race between an automated ‘white-hat’ attacker and various anomaly detectors for the purpose of identifying detector weaknesses.

    AB - Intrusion detection systems, which aim to protect our IT infrastructure are not infallible. Attackers take advantage of detector vulnerabilities and weaknesses to evade detection, hence hindering the effectiveness of the detectors. To do so, attackers generate evasion attacks which can eliminate or minimize the detection while successfully achieving the attacker’s goals. This work proposes an artificial arms race between an automated ‘white-hat’ attacker and various anomaly detectors for the purpose of identifying detector weaknesses.

    KW - computer security

    KW - intrusion detection

    KW - evasion attacks

    KW - genetic programming

    KW - arms race

    UR - http://www.scopus.com/inward/record.url?eid=2-s2.0-79960561766&partnerID=8YFLogxK

    U2 - 10.1016/j.asoc.2010.09.005

    DO - 10.1016/j.asoc.2010.09.005

    M3 - Article

    AN - SCOPUS:79960561766

    VL - 11

    SP - 4366

    EP - 4383

    JO - Applied Soft Computing

    JF - Applied Soft Computing

    SN - 1568-4946

    IS - 7

    ER -