Generating mimicry attacks using genetic programming: A benchmarking study

Kayacık, H. Güneş; Zincir-Heywood, A. Nur; Heywood, Malcolm I.; Burschka, Stefan

doi:10.1109/cicybs.2009.4925101

Cited by 10 publications

(5 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Existing techniques for automated attack discovery include state-machine-informed search [21], open-sourceintelligence [44], bug analysis [19], and genetic programming [23]. Defensive synthesis also exists [3].…”

Section: Related Workmentioning

confidence: 99%

Automated Attacker Synthesis for Distributed Protocols

Hippel

Vick

Tripakis

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Distributed protocols should be robust to both benign malfunction (e.g. packet loss or delay) and attacks (e.g. message replay) from internal or external adversaries. In this paper we take a formal approach to the automated synthesis of attackers, i.e. adversarial processes that can cause the protocol to malfunction. Specifically, given a formal threat model capturing the distributed protocol model and network topology, as well as the placement, goals, and interface (inputs and outputs) of potential attackers, we automatically synthesize an attacker. We formalize four attacker synthesis problems -across attackers that always succeed versus those that sometimes fail, and attackers that attack forever versus those that do not -and we propose algorithmic solutions to two of them. We report on a prototype implementation called KORG and its application to TCP as a case-study. Our experiments show that KORG can automatically generate well-known attacks for TCP within seconds or minutes.

show abstract

Section: Related Workmentioning

confidence: 99%

Automated Attacker Synthesis for Distributed Protocols

Hippel

Vick

Tripakis

et al. 2020

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Empirical data set or simulation model Detection/generation of attack scenarios Communication system (Li, 2004;Lu & Traore, 2004) Cyberattack detection system (Kayacik et al, 2009)…”

Section: Identification Of Attack Scenariosmentioning

confidence: 99%

“…Although heuristic methods do not guarantee optimality, they are suitable in cases where the objective function cannot be represented analytically or when its resolution is computationally infeasible. Specifically, genetic programming (GP) and its variants have been applied to automate the process of detecting and generating attack scenarios, where the objective function corresponded to an attack and its fitness evaluated based on empirical data or simulation (Kayacik et al., 2009; Lu & Traore, 2004; Mabu et al., 2010).…”

Section: Disruption Scenariosmentioning

confidence: 99%

Resilience analysis of cyber‐physical systems: A review of models and methods

Cassottana¹,

Roomi

Mashima

et al. 2023

Risk Analysis

View full text Add to dashboard Cite

Cyber‐physical systems (CPSs) are monitored and controlled by a computing and communicating core. This cyber layer enables better management of the controlled subsystem, but it also introduces threats to the security and protection of CPSs, as demonstrated by recent cyberattacks. The resulting governance and policy emphasis on cybersecurity is reflected in the academia by a vast body of literature. In this article, we systematize existing knowledge on CPS analysis. Specifically, we focus on the quantitative assessment of CPSs before and after the occurrence of a disruption. Through the systematic analysis of the models and methods adopted in the literature, we develop a CPS resilience assessment framework consisting of three steps, namely, (1) CPS description, (2) disruption scenario identification, and (3) resilience strategy selection. For each step of the framework, we suggest established methods for CPS analysis and suggest four criteria for method selection. The framework proposes a standardized workflow to assess the resilience of CPSs before and after the occurrence of a disruption. The application of the proposed framework is exemplified with reference to a power substation and associated communication network.The case study shows that the proposed framework supports resilience decision making by quantifying the effects of the implementation of resilience strategies.

show abstract

“…A waypoint-based IDS was introduced in [30] to detect both mimicry attacks and impossible paths attacks by considering the trustworthy execution contexts of programs and restricting system call permissions. Besides, there were also existing work conducted on generating mimicry attacks by using generic programming [31] or static binary analysis [28].…”

Section: B Generating and Revealing Stealthy Attacksmentioning

confidence: 99%