An Evolutionary, Agent-Based Model to Aid in Computer Intrusion Detection and Prevention
ICOSYSTEM CORP CAMBRIDGE MA
Pagination or Media Count:
We have developed a realistic agent-based simulation model of hacker behavior. In the model, hacker scripts are generated using a simple but powerful hacker grammar that has the potential to cover all possible hacker scripts. The model can be used to characterize the evidence generated by any hacker script, including new scripts that appear every day, and to train inexperienced investigators and incident handlers how to deal with a compromised system and look for evidence. The model can also be used in order to design sophisticated artificial intelligence techniques to automate intrusion detection and evidence collection. Finally, we summarize an extension of this work in which an evolutionary algorithm was used to evolve scripts that achieve certain goals without being detected.
- Computer Systems Management and Standards