advanced evasion technique (AET)

An advanced evasion technique (AET) is a type of network attack that combines several different known evasion techniques on-the-fly to create a new technique that won't be recognized by an intrusion detection system

An advanced evasion technique (AET) is a type of network attack that combines several different known evasion methods to create a new technique that's delivered over several layers of the network simultaneously. The code in the AET itself is not necessarily malicious; the danger is that it provides the attacker with undetectable access to the network.

There are currently about 200 known evasion techniques that are recognized by vendor products. An AET can create literally millions of "new" evasion techniques from just a couple of combinations -- none of which would be recognized by current intrusion detection system (IDS) vendor products. If all 200 were used, the permutations would be unlimited.

Here is a very simplified explanation for how an AET works:

    Let's say that the words "attack" and "intrude" represent two strings of known malicious code. When an IDS identifies those strings in a request, the system intervenes and denies entry.

    If, however, "kaarindtuettcr" and "tittnrrakdeuac" were part of a request, the system wouldn't recognize the code as simply being the well-known malicious strings "attack" and "intrude" combined and rearranged in a new way. The IDS would not intervene and entry would be allowed.

The Finnish data security vendor Stonesoft was the first to identify and report on the danger of AETs. The Community Emergency Response Team (CERT) in Finland is working with Stonesoft and other network security suppliers to address vulnerabilities that are being exposed during testing.

See also: metamorphic and polymorphic malware

Softstone demonstrates how AETs work in this short video.

This was first published in October 2010

Glossary

'advanced evasion technique (AET)' is part of the:

View All Definitions
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close