An Evolutionary, Agent-Based Model to Aid in Computer Intrusion Detection and Prevention

Abstract

We have developed a realistic agent-based simulation model of hacker behavior. In the model, hacker scripts are generated using a simple but powerful hacker grammar that has the potential to cover all possible hacker scripts. The model can be used to characterize the evidence generated by any hacker script, including new scripts that appear every day, and to train inexperienced investigators and incident handlers how to deal with a compromised system and look for evidence. The model can also be used in order to design sophisticated artificial intelligence techniques to automate intrusion detection and evidence collection. Finally, we summarize an extension of this work in which an evolutionary algorithm was used to evolve scripts that achieve certain goals without being detected.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jun 01, 2005
Accession Number
ADA464183

Entities

People

  • Ben Shargel
  • Eric Bonabeau
  • Julien Budynek
  • Paolo Gaudiano

Tags

DTIC Thesaurus Topics

  • Agent-Based Simulations
  • Algorithms
  • Analyzers
  • Computational Science
  • Computer Crime
  • Computers
  • Cybersecurity
  • Denial Of Service Attack
  • Detection
  • Evolutionary Algorithms
  • Intrusion
  • Intrusion Detection
  • Intrusion Detectors
  • Machine Learning
  • New York
  • Operating Systems
  • Simulations

Fields of Study

  • Computer science

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Computational Linguistics
  • Cybersecurity.

Technology Areas

  • AI & ML