Finding state-of-the-art non-cryptographic hashes with genetic programming

Proceding of: 9th International Conference, Reykjavik, Iceland, September 9-13, 2006.The design of non-cryptographic hash functions by means of evolutionary computation is a relatively new and unexplored problem. In this paper, we use the Genetic Programming paradigm to evolve collision free and fast hash functions. For achieving robustness against collision we use a fitness function based on a non-linearity concept, producing evolved hashes with a good degree of Avalanche Effect. The other main issue, efficiency, is assured by using only very fast operators (both in hardware and software) and by limiting the number of nodes. Using this approach, we have created a new hash function, which we call gp-hash, that is able to outperform a set of five human-generated, widely-used hash functions.This article has been financed by the Spanish founded research MCyT project OP:LINK, Ref:TIN2005-08818-C04-02

A functional framework to evade network IDS

Proceeding of: 44th Hawaii International Conference on System Science, Kauai, HI, January 4-7, 2011Signature based Network Intrusion Detection Systems (NIDS) apply a set of rules to identify hostile traffic in network segments. Currently they are so effective detecting known attacks that hackers seek new techniques to go unnoticed. Some of these techniques consist of exploiting network protocols ambiguities. Nowadays NIDS are prepared against most of these evasive techniques, as they are recognized and sorted out. The emergence of new evasive forms may cause NIDS to fail. In this paper we present an innovative functional framework to evade NIDS. Primary, NIDS are modeled accurately by means of Genetic Programming (GP). Then, we show that looking for evasions on models is simpler than directly trying to understand the behavior of NIDS. We present a proof of concept showing how to evade a self-built NIDS regarding two publicly available datasets. Our framework can be used to audit NIDS.This work was partially supported by CDTI, Ministerio de Industria, Turismo y Comercio of Spain in collaboration with Telefonica I+D, Project SEGUR@ CENIT-2007 2004.Publicad

Evolving hash functions by means of genetic programming

Proceedings of the 8th annual conference on Genetic and evolutionary computation. Seattle, Washington, USA, July 08-12, 2006The design of hash functions by means of evolutionary computation is a relatively new and unexplored problem. In this work, we use Genetic Programming (GP) to evolve robust and fast hash functions. We use a fitness function based on a non-linearity measure, producing evolved hashes with a good degree of Avalanche Effect. Efficiency is assured by using only very fast operators (both in hardware and software) and by limiting the number of nodes. Using this approach, we have created a new hash function, which we call gp-hash, that is able to outperform a set of five human-generated, widely-used hash functions.This article has been financed by the Spanish founded research MCyT project OP:LINK, Ref:TIN2005-08818-C04-02.Publicad

Modeling NIDS evasion with genetic programming

Proceeding of: 9th International Conference on Security and Management (SAM 2010). Las Vegas, Nevada, USA, July 12-15 2010Nowadays, Network Intrusion Detection Systems are quickly updated in order to prevent systems against new attacks. This situation has provoked that attackers focus their efforts on new sophisticated evasive techniques when trying to attack a system. Unfortunately, most of these techniques are based on network protocols ambiguities [1], so NIDS designers must take them into account when updating their tools. In this paper, we present a new approach to improve the task of looking for new evasive techniques. The core of our work is to model existing NIDS using the Genetic Pro- gramming paradigm. Thus, we obtain models that simulate the behavior of NIDS with great precision, but with a much simpler semantics than the one of the NIDS. Looking for this easier semantics allows us to easily construct evasions on the model, and therefore on the NIDS, as their behavior is quite similar. Our results show how precisely GP can model a NIDS behavior.Publicad

Cryptanalysis of the RSA-CEGD protocol

Recently, Nenadi\'c et al. (2004) proposed the RSA-CEGD protocol for certified delivery of e-goods. This is a relatively complex scheme based on verifiable and recoverable encrypted signatures (VRES) to guarantee properties such as strong fairness and non-repudiation, among others. In this paper, we demonstrate how this protocol cannot achieve fairness by presenting a severe attack and also pointing out some other weaknesses.Comment: 8 pages, 1 figur

Intrusion detection effectiveness improvement by a multiagent system

Recent studies about Intrusion Detection Systems (IDS) performance reveal that the value of an IDS and its optimal operation point depend not only on the Hit and False alarm rates but also on costs (such as those associated with making incorrect decisions about detection) and the hostility of the operating environment. An adaptive multiagent IDS is proposed in this paper and it is evaluated according to a promising metric that take into account all these parameters. This paper shows results of a prototype that clearly point out how multiagent technology can improve IDS effectiveness.Publicad

Aproximación racional a semigrupos de operadores lineales

En este trabajo presentamos una nueva clase de aproximaciones racionales a semigrupos de operadores, que dan lugar a métodos de aproximación estables. Los semigrupos de operadores que se pueden aproximar por estos esquemas son de clase C y si, además, son acotados, se caracterizan por tener un generador infinitesimal A de la forma a=lambda sub 0 p+a sub 1 donde P es un operador proyección, A es un número real negativo y A, un operador cuyo espectro esta" contenido en el semiplano Re z < A del plano complejo. Basándose en la posibilidad de reducir un semigrupo no acotado a uno acotado, se extienden, posteriormente, nuestros resultados a operadores no acotados. En el último capitulo, se dan ejemplos de la aplicación de nuestra teoría a la resolución de algunas ecuaciones de gran importancia en la Física, como son la ecuación de difusión y la del transporte.---ABSTRACT---A new kind of rational approximations to operator semigroups stable approximation methods are presented in this paper. The ope_ rator semigroups that can be approximated through such schemes are of the C class and moreover i f they are bounded they are characterized for having an infinitesimal generator A as follows: a=lambda sub 0 p+a sub 1 where P is the projection operator,X 0 is a negative real number and A, is an operator whose spectrum is inside the semiplañe Re z<Xo of the complex plañe. Based on the possibility of reducing a non - bounded semigroup, to a bounded semigroup, our result may be extended later to non - bounded operators. The last chapter includes examples of the appli catión of our theory to sol ve some extremely important equations in its applications, such as the diffusion and transport equations

Autonomous decision on intrusion detection with trained BDI agents

In the context of computer security, the first step to respond to an intrusive incident is the detection of such activity in the monitored system. In recent years, research in intrusion detection has evolved to become a multi-discipline task that involves areas such as data mining, decision analysis, agent-based systems or cost–benefit analysis among others. We propose a multiagent IDS that considers decision analysis techniques in order to configure itself optimally according to the conditions faced. This IDS also provides a quantitative measure of the value of the response decision it can autonomously take. Results regarding the well-known 1999 KDD dataset are shown.Publicad

Fuzzy logic on decision model for IDS

Proceeding of: The 12th IEEE International Conference on Fuzzy Systems, 2003. FUZZ '03. Sunday 25 May - Wednesday 28 May, 2003, St. Louis, Missouri, USANowadays one of the main problems of Intrusion Detection Systems (IDS) is the high rate of false positives that they show. The number of alerts that an IDS launches are clearly higher than the number of real attacks. This paper tries to introduce a measure of the IDS prediction skill in close relationship with these false positives. So the prediction skill of an IDS is then computed according to the false positives produced. The problem faced is how to make an accurate prediction from the results of different IDS. The fraction of IDS over the total number of them that predicts a given event will determine whether such event is predicted or not. The performance obtained from the application of fuzzy thresholds over such fraction is compared with the corresponding crisp thresholds. The results of these comparisons allow us to conclude a relevant improvement when fuzzy thresholds are involved.Publicad