Extending Advanced Evasion Techniques Using Combinatorial Search
作者: Mhamed Chammem , Mohamed Hamdi , Tai-Hoon Kim
关键词:
摘要: In this paper, we extend the concept of Advanced Evasion Techniques (AETs) by exploring new alternatives to reduce complexity existing evasion tools. The major objective is enhance security testing potential brought AETs increasing number combinations that can be tested and checked on Device Under Test (DUT). We analyze performance non-exhaustive search strategies use clusters where multiple techniques are combined. To end, propose probabilistic trees design scenario-based architectures considered. For an accurate analysis contribution resulting from proposed idea, illustrate our idea using a practical tool, namely EVADER tool designed McAfee.
sci-hub.se 参考文章(10)
William G.J. Halfond, Alessandro Orso, Jeremy Viegas, A Classification of SQL-Injection Attacks and Countermeasures Proceedings of the International Symposium on Secure Software Engineering. ,(2006)
Mangal Sain, Hoon-Jae Lee, Jonathan A.P. Marpaung, Survey on malware evasion techniques: State of the art and challenges international conference on advanced communication technology. pp. 744- 749 ,(2012)
S. Brlek, E. Duchi, E. Pergola, S. Rinaldi, On the equivalence problem for succession rules Discrete Mathematics. ,vol. 298, pp. 142- 154 ,(2005) , 10.1016/J.DISC.2004.07.019
Tsung-Huan Cheng, Ying-Dar Lin, Yuan-Cheng Lai, Po-Ching Lin, Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems IEEE Communications Surveys and Tutorials. ,vol. 14, pp. 1011- 1020 ,(2012) , 10.1109/SURV.2011.092311.00082
Nikos Virvilis, Dimitris Gritzalis, The Big Four - What We Did Wrong in Advanced Persistent Threat Detection? availability, reliability and security. pp. 248- 254 ,(2013) , 10.1109/ARES.2013.32
Olli-Pekka Niemi, Antti Levomäki, Jukka Manner, Dismantling intrusion prevention systems acm special interest group on data communication. ,vol. 42, pp. 285- 286 ,(2012) , 10.1145/2342356.2342412
Julian West, Generating trees and forbidden subsequences Discrete Mathematics. ,vol. 157, pp. 363- 374 ,(1996) , 10.1016/S0012-365X(96)83023-8
Yong-Hee Jeon, Sang-Kil Park, Jin-Tae Oh, Jong-Soo Jang, Detection of DDoS and IDS Evasion Attacks in a High-Speed Networks Environment ,(2007)
Lekha J, Padmavathi G, A C OMPREHENSIVE STUDY ON CLASSIFICATION OF PASSIVE INTRUSION AND EXTRUSION DETECTION SYSTEM Third International Conference on Computer Science, Engineering & Applications. pp. 281- 292 ,(2013) , 10.5121/CSIT.2013.3529
Amirmohammad Sadeghian, Mazdak Zamani, Suhaimi Ibrahim, SQL Injection Is Still Alive: A Study on SQL Injection Signature Evasion Techniques 2013 International Conference on Informatics and Creative Multimedia. pp. 265- 268 ,(2013) , 10.1109/ICICM.2013.52