Exploring the state space of an application protocol: A case study of SMTP

In this work, we explore the state space of a network application protocol by employing genetic programming techniques. To this end, we target Simple Mail Transfer Protocol (SMTP), which is a well-known and open protocol on the Internet. In order to achieve our goal, we aim to evolve the payload such that solution individuals result in an email being sent successfully through the targeted server. The proposed system implements an archive paradigm where, upon completion of the evolutionary process, a collection (archive) of solutions are presented. Specifically, they can all achieve the goal, but each does so in a unique manner. This collection allows us to examine the state space of the application protocol, giving us the ability to verify that these variations are either intended by the protocol, or should be addressed for security reasons.

[1]  Tom Froese MEng Steps toward the Evolution of Communication in a Multi-Agent System , 2004 .

[2]  Shu Xiao,et al.  Integrated TCP/IP protocol software testing for vulnerability detection , 2003, 2003 International Conference on Computer Networks and Mobile Computing, 2003. ICCNMC 2003..

[3]  R. Halavati,et al.  Evolution of a Communication Protocol Between a Group of Intelligent Agents , 2006, 2006 World Automation Congress.

[4]  Malcolm I. Heywood,et al.  Evolving TCP/IP packets: A case study of port scans , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[5]  Saeed Bagheri Shouraki,et al.  Communication Protocol Evolution by Natural Selection , 2006, 2006 International Conference on Computational Inteligence for Modelling Control and Automation and International Conference on Intelligent Agents Web Technologies and International Commerce (CIMCA'06).

[6]  Christopher Krügel,et al.  Automatic Network Protocol Analysis , 2008, NDSS.

[7]  Malcolm I. Heywood,et al.  Dynamic page based crossover in linear genetic programming , 2002, IEEE Trans. Syst. Man Cybern. Part B.

[8]  Malcolm I. Heywood,et al.  Evolving Buffer Overflow Attacks with Detector Feedback , 2007, EvoWorkshops.

[9]  Scott Knight,et al.  Syntax-based Vulnerability Testing of Frame-based Network Protocols , 2004, PST.

[10]  Malcolm I. Heywood,et al.  On evolving buffer overflow attacks using genetic programming , 2006, GECCO '06.

[11]  Malcolm I. Heywood,et al.  Novelty-Based Fitness: An Evaluation under the Santa Fe Trail , 2010, EuroGP.

[12]  Peter Nordin,et al.  A compiling genetic programming system that directly manipulates the machine-code , 1994 .

[13]  Zhenkai Liang,et al.  Polyglot: automatic extraction of protocol message format using dynamic binary analysis , 2007, CCS '07.

[14]  Thomas R. Dean,et al.  SCL: a language for security testing of network applications , 2005, CASCON.

[15]  Jon Postel,et al.  Simple Mail Transfer Protocol , 1981, RFC.

[16]  Malcolm I. Heywood,et al.  Using Code Bloat to Obfuscate Evolved Network Traffic , 2010, EvoApplications.

[17]  Wolfgang Banzhaf,et al.  The evolution of genetic code in Genetic Programming , 1999 .

[18]  L. Huelsbergen,et al.  Toward simulated evolution of machine-language iteration , 1996 .

[19]  Wei Mao,et al.  SMTP Extension for Internationalized Email Addresses , 2008, RFC.