Good morning, my name is Radim Ostadal, and today I would like to provide you with a brief overview of our research about the G ANET project, particularly about the issues and difficulties we faced regarding the virtualized environment. GANET is an abbreviation for Genetic Algorithms in Networks. It is a framework for rapid evolution of denial-of-service attacks. Its core components are virtual-ization and genetic programming. Why are we using virtualization? Because it's quite easy to restore the whole environment into some kind of pre-defined initial state. It's easy to distribute the computation to different hosts and to repeat the experiments. We use a very modular system; it's able to employ different applications, different crypto libraries, and even different operating systems. For output we are interested in enhancement of current denial-of-service attacks, fine-tuning of its parameters, and in the identification of new vulnerabilities in tested components. We are using VirtualBox as our virtualization platform, Python as a scripting language, and pyvbox libraries as an API to VirtualBox. So far we run two scenarios that I will be speaking about later. The first is about the modification of HTTP headers, and the second is about the slow SSL attack. Before I start speaking about the virtualization issues, I would like to spend several minutes on the genetic programming as one of our core concepts, and on the GANET framework itself. The genetic programming is evolution-based methodology inspired by biological evolution. Its main target is to find a program or an algorithm that performs some specified objective. It is a generate-and-test approach that starts with a generation of a random population of candidate solutions. Each of those candidate solutions is evaluated using a fitness function that assigns a fitness value. Based on those fitness values, the worst part of a solution is discarded. We employ genetically inspired operators like mutation or crossover on the better part. Through these operations we prepare the next generation (the next population of candidate solutions), and we evaluate them again by a fitness function. We repeat the process until we find a sufficiently good solution. For GANET project we've defined several fitness functions that we can use. For example, the total processor time used by the application or the total length of connection establishment in case of slow SSL attacks. We also considered the usage of random access memory and the total volume of transmitted data. It's possible to use any application-specific performance counters and I am sure you would be able to think about several others regarding the denial-of-service attacks.
展开▼
