Definition

advanced evasion technique (AET)

An advanced evasion technique (AET) is a type of network attack that combines several different known evasion methods to create a new technique that's delivered over several layers of the network simultaneously. The code in the AET itself is not necessarily malicious; the danger is that it provides the attacker with undetectable access to the network.

There are currently about 200 known evasion techniques that are recognized by vendor products. An AET can create literally millions of "new" evasion techniques from just a couple of combinations -- none of which would be recognized by current intrusion detection system (IDS) vendor products. If all 200 were used, the permutations would be unlimited.

Here is a very simplified explanation for how an AET works:

    Let's say that the words "attack" and "intrude" represent two strings of known malicious code. When an IDS identifies those strings in a request, the system intervenes and denies entry.

    If, however, "kaarindtuettcr" and "tittnrrakdeuac" were part of a request, the system wouldn't recognize the code as simply being the well-known malicious strings "attack" and "intrude" combined and rearranged in a new way. The IDS would not intervene and entry would be allowed.

The Finnish data security vendor Stonesoft was the first to identify and report on the danger of AETs. The Community Emergency Response Team (CERT) in Finland is working with Stonesoft and other network security suppliers to address vulnerabilities that are being exposed during testing.

See also: metamorphic and polymorphic malware

Softstone demonstrates how AETs work in this short video.

This was last updated in October 2010
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: