{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T07:22:44Z","timestamp":1761895364367,"version":"3.37.3"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2011,10,9]],"date-time":"2011-10-09T00:00:00Z","timestamp":1318118400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Evol. Intel."],"published-print":{"date-parts":[[2011,12]]},"DOI":"10.1007\/s12065-011-0065-0","type":"journal-article","created":{"date-parts":[[2011,10,8]],"date-time":"2011-10-08T07:37:59Z","timestamp":1318059479000},"page":"243-266","source":"Crossref","is-referenced-by-count":12,"title":["Evolutionary computation as an artificial attacker: generating evasion attacks for detector vulnerability testing"],"prefix":"10.1007","volume":"4","author":[{"given":"Hilmi G\u00fcne\u015f","family":"Kayac\u0131k","sequence":"first","affiliation":[]},{"given":"A. Nur","family":"Zincir-Heywood","sequence":"additional","affiliation":[]},{"given":"Malcolm I.","family":"Heywood","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2011,10,9]]},"reference":[{"key":"65_CR1","unstructured":"Banzhaf W, Francone FD, Keller RE, Nordin P (1998) Genetic programming: an introduction: on the automatic evolution of computer programs and its applications. Morgan Kaufmann Publishers Inc., San Francisco"},{"issue":"1","key":"65_CR2","doi-asserted-by":"crossref","first-page":"164","DOI":"10.1214\/aoms\/1177697196","volume":"41","author":"LE Baum","year":"1970","unstructured":"Baum LE, Petrie T, Soules G, Weiss N (1970) A maximization technique occurring in the statistical analysis of probabilistic functions of markov chains. Ann Math Stat 41(1):164\u2013171. doi: 10.2307\/2239727","journal-title":"Ann Math Stat"},{"key":"65_CR3","doi-asserted-by":"crossref","DOI":"10.1093\/oso\/9780198538493.001.0001","volume-title":"Neural Networks for Pattern Recognition","author":"CM Bishop","year":"1995","unstructured":"Bishop CM (1995) Neural networks for pattern recognition. Oxford University Press Inc., New York"},{"key":"65_CR4","volume-title":"Graphical methods for data analysis","author":"JM Chambers","year":"1983","unstructured":"Chambers JM, Cleveland WS, Tukey PA (1983) Graphical methods for data analysis. Wadsworth, Belmont"},{"key":"65_CR5","volume-title":"Multi-Objective Optimization using Evolutionary Algorithms","author":"K Deb","year":"2001","unstructured":"Deb K (2001) Multi-objective optimization using evolutionary algorithms. Wiley, London"},{"key":"65_CR6","doi-asserted-by":"crossref","unstructured":"Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA (1996) A sense of self for unix processes. In: SP \u201996: proceedings of the 1996 IEEE symposium on security and privacy. IEEE Computer Society, Washington, DC, p 120","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"65_CR7","doi-asserted-by":"crossref","unstructured":"Gao D, Reiter MK, Song D (2004) Gray-box extraction of execution graphs for anomaly detection. In: CCS \u201904: proceedings of the 11th ACM conference on computer and communications security. ACM, New York, pp 318\u2013329. doi: http:\/\/doi.acm.org\/10.1145\/1030083.1030126","DOI":"10.1145\/1030083.1030126"},{"key":"65_CR8","doi-asserted-by":"crossref","unstructured":"Gao D, Reiter MK, Song D (2006) Behavioral distance measurement using hidden markov models. In: Proceedings of the 9th international symposium on recent advances in intrusion detection\u2014RAID. Lecture notes in computer science, LNCS 4219, pp 19\u201340","DOI":"10.1007\/11856214_2"},{"key":"65_CR9","doi-asserted-by":"crossref","unstructured":"Giffin JT, Jha S, Miller BP (2006) Automated discovery of mimicry attacks. In: Recent advances in intrusion detection, 9th international symposium, RAID 2006. Lecture notes in computer science, vol 4219. Springer, Berlin, pp 41\u201360","DOI":"10.21236\/ADA454761"},{"key":"65_CR10","unstructured":"Inoue H, Somayaji A (June 2007) Lookahead pairs and full sequences: a tale of two anomaly detection methods. In: Proceedings of the 2nd annual symposium on information assurance (academic track of the 10th NYS cyber security conference), pp 9\u201319"},{"key":"65_CR11","unstructured":"Japkowicz N, Myers C, Gluck M (1995) A novelty detection approach to classification. In: Proceedings of the fourteenth joint conference on artificial intelligence, pp 518\u2013523"},{"key":"65_CR12","doi-asserted-by":"crossref","unstructured":"Kang DK, Fuller D, Honavar V (2005) Learning classifiers for misuse and anomaly detection using a bag of system calls representation. Information assurance workshop, 2005 IAW \u201905 proceedings from the sixth annual IEEE SMC, pp 118\u2013125. doi: 10.1109\/IAW.2005.1495942","DOI":"10.1109\/IAW.2005.1495942"},{"key":"65_CR13","unstructured":"Kayac\u0131k HG (2009) Can the best defense be a good offense? evolving (mimicry) attacks for detector vulnerability testing under a +black-box+ assumption. PhD thesis, Dalhousie University"},{"key":"65_CR14","doi-asserted-by":"crossref","unstructured":"Kayac\u0131k HG, Zincir-Heywood AN (2008) Mimicry attacks demystified: What can attackers do to evade detection? In: PST \u201908: proceedings of the 2008 sixth annual conference on privacy, security and trust. IEEE Computer Society, Washington, DC, pp 213\u2013223. doi: http:\/\/dx.doi.org\/10.1109\/PST.2008.25","DOI":"10.1109\/PST.2008.25"},{"key":"65_CR15","unstructured":"Kayac\u0131k HG, Heywood M, Zincir-Heywood N (2006) On evolving buffer overflow attacks using genetic programming. In: Proceedings of the conference on genetic and evolutionary computation (GECCO). SIGEVO, ACM, pp 1667\u20131674"},{"key":"65_CR16","unstructured":"Kayac\u0131k HG, Heywood M, Zincir-Heywood N (2007) Evolving buffer overflow attacks with detector feedback. In: Proceedings of the EvoWorkshops (EvoCOMNET). LNCS, vol 4448. Springer, Berlin, pp 11\u201320"},{"key":"65_CR17","doi-asserted-by":"crossref","unstructured":"Kayac\u0131k HG, Zincir-Heywood AN, Heywood M, Burschka S (2009) Optimizing anomaly detector deployment under evolutionary black-box vulnerability testing. In: Computational intelligence for security and defense applications, 2009. CISDA 2009. IEEE Symposium, pp 1\u20138. doi: 10.1109\/CISDA.2009.5356546","DOI":"10.1109\/CISDA.2009.5356546"},{"key":"65_CR18","doi-asserted-by":"crossref","unstructured":"Kramer MA (1991) Nonlinear principal component analysis using autoassociative neural networks. AIChE J 37(2):233\u2013243","DOI":"10.1002\/aic.690370209"},{"key":"65_CR19","unstructured":"Kruegel C, Kirda E, Mutz D, Robertson W, Vigna G (2005) Automating mimicry attacks using static binary analysis. In: SSYM\u201905: proceedings of the 14th conference on USENIX security symposium. USENIX Association, Berkeley, pp 161\u2013176"},{"key":"65_CR20","doi-asserted-by":"crossref","unstructured":"Kumar R, Rockett P (2002) Improved sampling of the pareto-front in multiobjective genetic optimizations by steady-state evolution: a pareto converging genetic algorithm. Evol Comput 10(3):283\u2013314 doi: http:\/\/dx.doi.org\/10.1162\/106365602760234117","DOI":"10.1162\/106365602760234117"},{"key":"65_CR21","doi-asserted-by":"crossref","unstructured":"Lee J, Cho S, Baek J (2003) Trend detection using auto-associative neural networks: intraday kospi 200 futures. Computational intelligence for financial engineering, 2003 proceedings 2003 IEEE international conference, pp 417\u2013420. doi: 10.1109\/CIFER.2003.1196290","DOI":"10.1109\/CIFER.2003.1196290"},{"key":"65_CR22","doi-asserted-by":"crossref","unstructured":"Manevitz L, Yousef M (2007) One-class document classification via neural networks. Neurocomputing 70(7\u20139):1466\u20131481, doi: http:\/\/dx.doi.org\/10.1016\/j.neucom.2006.05.013","DOI":"10.1016\/j.neucom.2006.05.013"},{"key":"65_CR23","unstructured":"Securityfocus vulnerability archives (2010) Ibnl traceroute heap corruption vulnerability. http:\/\/www.securityfocus.com\/bid\/1739 . Last accessed August 2010"},{"key":"65_CR24","unstructured":"Securityfocus vulnerability archives (2010) Redhat linux restore insecure environment variables vulnerability. http:\/\/www.securityfocus.com\/bid\/1914 . Last accessed August 2010"},{"key":"65_CR25","unstructured":"Securityfocus vulnerability archives (2010) Samba \u2018call_trans2open\u2019 remote buffer overflow vulnerability. http:\/\/www.securityfocus.com\/bid\/7294 . Last accessed August 2010"},{"key":"65_CR26","unstructured":"Securityfocus vulnerability archives (2010) Wu-ftpd remote format string stack overwrite vulnerability. http:\/\/www.securityfocus.com\/bid\/1387 . Last accessed August 2010"},{"key":"65_CR27","doi-asserted-by":"crossref","unstructured":"Sekar R, Bendre M, Dhurjati D, Bollineni P (2001) A fast automaton-based method for detecting anomalous program behaviors. In: SP \u201901: proceedings of the 2001 IEEE symposium on security and privacy. IEEE Computer Society, Washington, DC, p 144","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"65_CR28","unstructured":"Somayaji AB (2002) Operating system stability and security through process homeostasis. PhD thesis, The University of New Mexico, chairperson: Stephanie Forrest"},{"key":"65_CR29","unstructured":"Stide website (2010) Source code of Stide and system call data sets. http:\/\/www.cs.unm.edu\/immsec\/systemcalls.htm . Last accessed August 2010"},{"key":"65_CR30","unstructured":"Tan KMC, Maxion RA (2002) \u201cwhy 6?\u201d Defining the operational limits of Stide, an anomaly-based intrusion detector. In: SP \u201902: proceedings of the 2002 IEEE symposium on security and privacy. IEEE Computer Society, Washington, DC, p 188"},{"issue":"1","key":"65_CR31","doi-asserted-by":"crossref","first-page":"96","DOI":"10.1109\/JSAC.2002.806130","volume":"21","author":"KMC Tan","year":"2003","unstructured":"Tan KMC, Maxion RA (2003) Determining the operational limits of an anomaly-based intrusion detector. Selected areas in communications. IEEE J 21(1):96\u2013110. doi: 10.1109\/JSAC.2002.806130","journal-title":"Selected Areas in Communications. IEEE Journal on"},{"key":"65_CR32","doi-asserted-by":"crossref","unstructured":"Tan KMC, Killourhy KS, Maxion RA (2002) Undermining an anomaly-based intrusion detection system using common exploits. In: Proceedings of the 5th international symposium on recent advances in intrusion detection\u2014RAID. Lecture notes in computer science, LNCS 2516, pp 54\u201373","DOI":"10.1007\/3-540-36084-0_4"},{"key":"65_CR33","doi-asserted-by":"crossref","unstructured":"Tan KMC, McHugh J, Killourhy KS (2003) Hiding intrusions: from the abnormal to the normal and beyond. In: IH \u201902: revised papers from the 5th international workshop on information hiding, Springer, London, pp 1\u201317","DOI":"10.1007\/3-540-36415-3_1"},{"key":"65_CR34","doi-asserted-by":"crossref","unstructured":"Vigna G, Robertson W, Balzarotti D (2004) Testing network-based intrusion detection signatures using mutant exploits. In: CCS \u201904: proceedings of the 11th ACM conference on computer and communications security, ACM, New York, pp 21\u201330, doi: http:\/\/doi.acm.org\/10.1145\/1030083.1030088","DOI":"10.1145\/1030083.1030088"},{"key":"65_CR35","doi-asserted-by":"crossref","unstructured":"Wagner D, Soto P (2002) Mimicry attacks on host-based intrusion detection systems. In: CCS \u201902: Proceedings of the 9th ACM conference on computer and communications security. ACM, New York, pp 255\u2013264. doi: http:\/\/doi.acm.org\/10.1145\/586110.586145","DOI":"10.1145\/586110.586145"}],"container-title":["Evolutionary Intelligence"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s12065-011-0065-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s12065-011-0065-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s12065-011-0065-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,13]],"date-time":"2024-04-13T12:28:28Z","timestamp":1713011308000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s12065-011-0065-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,10,9]]},"references-count":35,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2011,12]]}},"alternative-id":["65"],"URL":"https:\/\/doi.org\/10.1007\/s12065-011-0065-0","relation":{},"ISSN":["1864-5909","1864-5917"],"issn-type":[{"type":"print","value":"1864-5909"},{"type":"electronic","value":"1864-5917"}],"subject":[],"published":{"date-parts":[[2011,10,9]]}}}