research-article

Evolution of network enumeration strategies in emulated computer networks

Authors:

Kevin Schoonover,

Hannah Reinbolt,

Daniel Tauritz,

Chris Rawlings,

Aaron Scott PopeAuthors Info & Claims

GECCO '18: Proceedings of the Genetic and Evolutionary Computation Conference Companion

Pages 1640 - 1647

https://doi.org/10.1145/3205651.3208270

Published: 06 July 2018 Publication History

Abstract

Successful attacks on computer networks today do not often owe their victory to directly overcoming strong security measures set up by the defender. Rather, most attacks succeed because the number of possible vulnerabilities are too large for humans to fully protect without making a mistake. Regardless of the security elsewhere, a skilled attacker can exploit a single vulnerability in a defensive system and negate the benefits of those security measures. This paper presents an evolutionary framework for evolving attacker agents in a real, emulated network environment using genetic programming, as a foundation for coevolutionary systems which can automatically discover and mitigate network security flaws. We examine network enumeration, an initial network reconnaissance step, through our framework and present results demonstrating its success, indicating a broader applicability to further cyber-security tasks.

References

[1]

Elias Bou-Harb, Mourad Debbabi, and Chadi Assi. Cyber Scanning: A Comprehensive Survey. IEEE Communications Surveys Tutorials, 16(3):1496--1519, Third 2014.

[2]

Markus Brameier and Wolfgang Banzhaf. A comparison of linear genetic programming and neural networks in medical data mining. IEEE Transactions on Evolutionary Computation, 5(1):17--26, Feb 2001.

Digital Library

[3]

Edmund K. Burke, Steven Gustafson, and Graham Kendall. Diversity in Genetic Programming: An Analysis of Measures and Correlation with Fitness. Trans. Evol. Comp, 8(1):47--62, February 2004.

Digital Library

[4]

Armand R. Burks and William F. Punch. An Efficient Structural Diversity Technique for Genetic Programming. In Proceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation, GECCO '15, pages 991--998, New York, NY, USA, 2015. ACM.

Digital Library

[5]

Jonathan Crussell, Jeremy Erickson, David Fritz, and John Floren, minimega v. 3.0, version 00. https://www.osti.gov//servlets/purl/1312788/, 2015.

[6]

Michael DeHaan. Ansible. https://www.ansible.com/, 2012.

[7]

Anna I. Esparcia-Alcázar and Jaroslav Moravec. Fitness approximation for bot evolution in genetic programming. Soft Computing, 17(8):1479--1487, Aug 2013.

Digital Library

[8]

Dennis Garcia, Anthony Erb Lugo, Erik Hemberg, and Una-May O'Reilly. Investigating Coevolutionary Archive Based Genetic Algorithms on Cyber Defense Networks. In Proceedings of the Genetic and Evolutionary Computation Conference Companion, GECCO '17, pages 1455--1462, New York, NY, USA, 2017. ACM.

Digital Library

[9]

Dor Green. Pyshark. http://kiminewt.github.io/pyshark/, 12 2013.

[10]

Steven Gustafson and Leonardo Vanneschi. Crossover-based tree distance in genetic programming. IEEE Transactions on Evolutionary Computation, 12(4):506--524, Aug 2008.

Digital Library

[11]

John R. Koza. Hierarchical genetic algorithms operating on populations of computer programs. In N. S. Sridharan, editor, Proceedings of the Eleventh International Joint Conference on Artificial Intelligence IJCAI-89, volume 1, pages 768--774, Detroit, MI, USA, 20--25 August 1989. Morgan Kaufmann.

Digital Library

[12]

Gordon Lyon. Nmap. https://nmap.org/, 1997.

[13]

MarketsandMarkets. Penetration testing market worth 1,724.3 million usd by 2021. https://www.marketsandmarkets.com/PressReleases/penetration-testing.asp,2016.

[14]

Julian F. Miller and Peter Thomson. Cartesian Genetic Programming. In Riccardo Poli, Wolfgang Banzhaf, William B. Langdon, Julian Miller, Peter Nordin, and Terence C. Fogarty, editors, Genetic Programming, pages 121--132, Berlin, Heidelberg, 2000. Springer Berlin Heidelberg.

Digital Library

[15]

David J. Montana. Strongly Typed Genetic Programming. Evol. Comput., 3(2): 199--230, June 1995.

Digital Library

[16]

Kinga Mrugala, Nilufer Tuptuk, and Stephen Hailes. Evolving attackers against wireless sensor networks using genetic programming. IET Wireless Sensor Systems, 7(4):113--122, 2017.

[17]

Savon Noir. Libnmap. https://libnmap.readthedocs.io/, 5 2013.

[18]

Red Hat, Inc. Libvirt virtualization api. https://libvirt.org/, 2005.

[19]

George Rush. Cyber security research frameworks for coevolutionary network defense. Master's thesis, Missouri University of Science and Technology, Missouri S&T, Rolla, MO 65409, Fall 2015.

[20]

George Rush, Daniel R. Tauritz, and Alexander D. Kent. Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES). In Proceedings of the Companion Publication of the 2015 Annual Conference on Genetic and Evolutionary Computation, GECCO Companion '15, pages 859--866, New York, NY, USA, 2015. ACM.

Digital Library

[21]

Xiaokui Shu, Ke Tian, Andrew Ciambrone, and Danfeng Yao. Breaking the Target: An Analysis of Target Data Breach and Lessons Learned. CoRR, abs/1701.04940, 2017.

[22]

United States Computer Emergency Readiness Team. Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors, https://www.us-cert.gov/ncas/alerts/TA18-074A/, March 2018.

Cited By

Harris STauritz DKrawiec K(2021)Competitive coevolution for defense and securityProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3449726.3463193(1898-1906)Online publication date: 7-Jul-2021
https://dl.acm.org/doi/10.1145/3449726.3463193
Schoonover KMichalak EHarris SGausmann AReinbolt HTauritz DRawlings CPope ACollberg CPeterson P(2018)GalaxyProceedings of the 11th USENIX Conference on Cyber Security Experimentation and Test10.5555/3307412.3307420(8-8)Online publication date: 13-Aug-2018
https://dl.acm.org/doi/10.5555/3307412.3307420

Index Terms

Evolution of network enumeration strategies in emulated computer networks
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches
      1. Bio-inspired approaches
        Genetic programming
2. Security and privacy
  1. Network security

Recommendations

Towards Countermeasure of Insider Threat in Network Security
INCOS '11: Proceedings of the 2011 Third International Conference on Intelligent Networking and Collaborative Systems

We discuss countermeasure against insider threats in network security aspect. In the context of countermeasure against insider threats, there is no perimeter for access control in a network. A traditional access control process by using a firewall on a ...
Initiating a Moving Target Network Defense with a Real-time Neuro-evolutionary Detector
GECCO '16 Companion: Proceedings of the 2016 on Genetic and Evolutionary Computation Conference Companion

The moving network target defense (MTD) based approach to security aims to design and develop capabilities to dynamically change the attack surfaces to make it more difficult for attackers to strike. One such capability is to dynamically change the IP ...
Security of internet-connected computer networks

The security of computer networks connected to the internet is an important, vital and hotly contested real-world issue. Once the computer networks get connected to the internet, the number of attacks, their strength and intensity grow exponentially. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

GECCO '18: Proceedings of the Genetic and Evolutionary Computation Conference Companion

July 2018

1968 pages

ISBN:9781450357647

DOI:10.1145/3205651

Editor:
Hernan Aguirre
Shinshu University
,
General Chair:
Keiki Takadama
The University of Electro-Communications

Copyright © 2018 ACM.

Publication rights licensed to ACM. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

SIGEVO: ACM Special Interest Group on Genetic and Evolutionary Computation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 July 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

GECCO '18

Sponsor:

SIGEVO

GECCO '18: Genetic and Evolutionary Computation Conference

July 15 - 19, 2018

Kyoto, Japan

Acceptance Rates

Overall Acceptance Rate 1,669 of 4,410 submissions, 38%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
196
Total Downloads

Downloads (Last 12 months)10
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Harris STauritz DKrawiec K(2021)Competitive coevolution for defense and securityProceedings of the Genetic and Evolutionary Computation Conference Companion10.1145/3449726.3463193(1898-1906)Online publication date: 7-Jul-2021
https://dl.acm.org/doi/10.1145/3449726.3463193
Schoonover KMichalak EHarris SGausmann AReinbolt HTauritz DRawlings CPope ACollberg CPeterson P(2018)GalaxyProceedings of the 11th USENIX Conference on Cyber Security Experimentation and Test10.5555/3307412.3307420(8-8)Online publication date: 13-Aug-2018
https://dl.acm.org/doi/10.5555/3307412.3307420

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents