Evolutionary algorithms and genome structure

As we have stated, we apply evolutionary algorithms to generate attack strategies. We have chosen an open source library GAlib5for practical im- plementation of evolution process. It is written in C++ and supports multi- ple genome representations and genetic operators.

One of the key parameters of evolution is the representation ofgenome. In our case, genome stands for an attack strategy. In linear genetic program- ming, genom is usually represented as a sequence of instructions. This is not totally suitable for our problem. We have thus extended this represen- tation. Attack on routing is not typically represented as a sequence of steps executed one by one, but rather steps triggered by various events. Therefore we have decided to represent the strategy as a composition of substrategies. These substrategies can be executed in an arbitrary order. The execution of a substrategy is triggered by the event corresponding to the substrat- egy. Hence the genome is a two-dimensional array, where each row repre- sents the substrategy. Each substrategy begins with its trigger. The genome structure is shown in figure 5.3 by the black color. The gray color demon- strates the possible three-dimensional genome, which can represent the at- tack strategy of the Multiple nodes attacker with heterogenous strategy. Each two-dimensional layer acts as a strategy for one group of malicious 5. http://lancet.mit.edu/ga/ (May 2008)

Trig_2 INS INS ... INS

Trig_x INS INS ... INS

Trig_1 INS INS ... INS

...

Trig_2 INS INS ... INS

Trig_x INS INS ... INS

Trig_1 INS INS ... INS

...

Trig_2 INS INS ... INS

Trig_x INS INS ... INS

Trig_1 INS INS ... INS

...

Figure 5.3: Genome structure. The black color describes the single at- tack strategy. Each row represents a substrategy. The first slot contains trigger, subsequent slots contain sequence of instructions. The gray color demonstrates the possible three dimensional genome representing the at- tack strategies ofMultiple nodes attacker with heterogenous strategy nodes. Three-dimensional genom structure enables us to generate multiple cooperating strategies.

Now we present the structure of triggers and instructions. Our model of node contains several memory slots, which are used for temporal storage of messages and identities of nodes. In order to address these memory slots, instructions include one or more parameters. For example, the instruction can be defined as INS SEND M P1, which mean: send message stored in memory slot P1.

In addition to these parameters, we have incorporated the mechanism of conditional execution of instructions and triggers. Each node contains so called condition memory slots (cms). These slots contain numeric value, which acts as a basis for condition. Instruction has thus two additional pa- rameters,cms– addresses the conditional memory slot andcv– denotes the condition value. If the condition value is lesser than the value in addressed conditional memory slot, instruction is executed, otherwise not. If thecms refers to the condition memory slot number 0, instruction is executed no matter the condition value. Values in condition memory slots can be au- tomatically decremented by node or manipulated by special instructions. The same as for instructions holds for triggers. If the trigger is not executed,

5. AUTOMATIC DESIGN OF ATTACK STRATEGY whole corresponding substrategy is also skipped. We have designed condi- tion mechanism, to enable complex dependencies between various events, instructions and triggers.

Each node is also equipped with temporary memory, which is used for handling incoming messages or messages loaded from memory slots.

As an elementary rules for generating the attack strategy on IGF, we have define following triggers and instructions. We aimed to create high granularity rules, which could lead to generation of completely novel at- tack.

Triggers

The majority of triggers contain parameters cms andcv described above. We briefly describe the event, which triggers the strategy execution.

• TRIG NOP – no operation trigger, the corresponding substrategy is never executed

• TRIG TIMEp1 – time trigger, the substrategy is repeatedly executed eachp1 time units (lets say milliseconds)

• TRIG DATAcms cv – data message not addressed to the malicious node was overheard

• TRIG DATA ME cms cv – data message was delivered to the mali- cious node

• TRIG ORTScms cv– Open RTS was received

• TRIG CTScms cv– CTS message not addressed to the malicious node was overheard

• TRIG CTS MEcms cv– CTS message was delivered to the malicious node

• TRIG ACK cms cv – acknowledgement not addressed to the mali- cious node was overheard

• TRIG ACK MEcms cv – acknowledgement was delivered to the ma- licious node

• TRIG COLLISIONcms cv– collision on medium was detected • TRIG RNGcms cv p1 – the substrategy is executed with probability

Instructions

All the instructions, exceptno operationinstruction, contain parameters of condition mechanism cms and cv described above. Each instruction also includes boolean switch, which determines, whether the instruction will be executed or not. This switch enables to temporarily prune away the instruc- tion and helps in pruning process (discussed in section 5.4).

• INS NOP - no operation

• INS DROP Mcms cv p1 - drop message from memory slotp1 • INS SEND Mcms cv p1 - send message from memory slotp1 • INS STORE M cms cv p1 - store message from temporary memory

into memory slotp1

• INS LOAD Mcms cv p1 - load message from memory slotp1 into the temporary memory.

• INS GENERATE Mcms cv p1 p2 p3 - generate message, store this message into memory slot p1,p2 denotes the type of the generated message (ORTS,CTS,ACK,DATA), destination of the message is loaded from memory slotp3

• INS SEND ORTScms cv- send Open Request To Send

• INS SEND ACKcms cv p1- send acknowledge, destination is loaded from memory slotp1

• INS SEND CTS cms cv p1 - send CTS, destination is loaded from memory slotp1

• INS GET N cms cv p1 p2 p3 - get the information from message stored in memory slotp1, p2 denotes type of the information (ulti- mate source, ultimate destination, transmitting node, receiving node), store the information into memory slotp3

• INS FAKE N cms cv p1 p2 p3 - forge the information in message stored in memory slotp1, p2 denotes type of the information (ulti- mate source, ultimate destination, transmitting node, receiving node), load the information from memory slotp3

• INS SET CMEMcms cv p1 p2 - set the value in condition memory slotp1 to valuep2

5. AUTOMATIC DESIGN OF ATTACK STRATEGY • INS ADD CMEMcms cv p1 p2- add the valuep2to the value stored

in condition memory slotp1

• INS SUB CMEMcms cv p1 p2- subtract the valuep2 from the value stored in condition memory slotp1

Our evolution process involves two genetic operators –crossover and mutation. Crossover derives two new genomes (offsprings), from two ex- isting ones (parents). We have implemented one point crossover. Both par- ents are split in the same point. One offspring inherits the first part from the one parent and second part from the other. Second offspring inherits remaining parts. The point of splitting is chosen randomly, but have to respect the boundaries of substrategies. Hence the point is between two substrategies. We used thecrossover with probability starting at 0 proba- bility (no crossover) up to 0.5, which means massive crossover. Note that crossover can substitute thereproduction operator, that we thus have not implemented.

Mutation simply goes through the genome elements (triggers, instruc- tions and all the parameters and switches) and each one randomly changes with the probability of mutation. This probability is fixed for the whole evolution process, we used both massive mutation (probability was 0.1), and normal mutation (probability was 0.01). After the actual mutation, we performed a validation step to validate the resulting genome. Unwanted constructions can be removed from the genome in this phase. We are thus able to ban some kind of attacks.

Regarding the population size, we have tried small population of 5 in- dividuals as well as larger population of 20 individuals.

Natural selection was based on fitness function. One third of individuals with the best fitness value became parents of the new generation.