Can a good offense be a good defense? vulnerability testing of anomaly detectors through an artificial arms race

Hilmi Gunes Kayacik, Nur Zincir-Heywood, Malcolm Heywood

    Research output: Contribution to journalArticle

    Abstract

    Intrusion detection systems, which aim to protect our IT infrastructure are not infallible. Attackers take advantage of detector vulnerabilities and weaknesses to evade detection, hence hindering the effectiveness of the detectors. To do so, attackers generate evasion attacks which can eliminate or minimize the detection while successfully achieving the attacker’s goals. This work proposes an artificial arms race between an automated ‘white-hat’ attacker and various anomaly detectors for the purpose of identifying detector weaknesses.
    Original languageEnglish
    Pages (from-to)4366-4383
    Number of pages18
    JournalApplied Soft Computing
    Volume11
    Issue number7
    DOIs
    Publication statusPublished - Oct 2011

    Keywords

    • computer security
    • intrusion detection
    • evasion attacks
    • genetic programming
    • arms race

    Fingerprint Dive into the research topics of 'Can a good offense be a good defense? vulnerability testing of anomaly detectors through an artificial arms race'. Together they form a unique fingerprint.

  • Cite this