|
Summary
The following weekly goals were identified last week:
1. Testing performed on the exploit: Initially, the testing of the exploit was successful and a full documentation of the testing can be found here.
However, it was realized that the exploit was not correctly running, and when it was correctly running, it was unable to run under Systrace (read day 5 Journal for more details)
2. Map the systrace output to an anomaly rate: This goal is scrapped, as our IDS has changed.
3. Install and set up the Vulnerability Analysis tool: The vulnerability analysis tool was installed properly. Currently, the tool has the ability to collaborate with
the Stide Anomaly Detector, and in the future, it will be my job to make the tool collaborate with Systrace. Therefore, I also installed and tested Stide and have the knowledge necessary
to properly use it. To prepare myself, I read the following items to help me better understand the mechanisms and workings of both the tools:
1. H. Gunes Kayacik, A. Nur Zincir-Heywood, Malcolm I. Heywood, "Automatically Evading IDS Using GP Authored Attacks" (*)
2. H. Gunes Kayacik, A. Nur Zincir-Heywood, "Mimicry Attacks Demystified: What Can Attackers Do To Evade Detection?"
3. J. Rehmeyer, "Draft: User Documentation for the Stide Software Package"
4. H. Gunes Kayacik, "GP Code Documentation"
5. H. Gunes Kayacik, "Thesis' Chapter 5 & 8 - Can the Best Defense be a Good Offense? Evolving Mimicry Attacks for Detector Vulnerability Testing under a Black Box Assumption"
Next Week: Our research has shifted, due to unexpected problems, and Systrace will no longer be used.
|
|
|
home
|
best viewed with Internet Explorer 7.0 or Mozilla Firefox 2.0
|