Accession Number:

ADA464183

Title:

An Evolutionary, Agent-Based Model to Aid in Computer Intrusion Detection and Prevention

Descriptive Note:

Corporate Author:

ICOSYSTEM CORP CAMBRIDGE MA

Report Date:

2005-06-01

Pagination or Media Count:

15.0

Abstract:

We have developed a realistic agent-based simulation model of hacker behavior. In the model, hacker scripts are generated using a simple but powerful hacker grammar that has the potential to cover all possible hacker scripts. The model can be used to characterize the evidence generated by any hacker script, including new scripts that appear every day, and to train inexperienced investigators and incident handlers how to deal with a compromised system and look for evidence. The model can also be used in order to design sophisticated artificial intelligence techniques to automate intrusion detection and evidence collection. Finally, we summarize an extension of this work in which an evolutionary algorithm was used to evolve scripts that achieve certain goals without being detected.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE