Lazycoder

Read his full post here: http://boingboing.net/2004_02_01_archive.html#107644286038202207

I’d love to hear from anyone else who attended the talk and get their impressions. Evolving the Bad Guy Eric Bonabeau, Ph.D., Icosystem Corporation

http://conferences.oreillynet.com/cs/et2004/view/e_sess/4847

at the

O’Reilly Emerging Technology Conference:

http://conferences.oreillynet.com/et2004

2-10-04

San Diego, CA

Cory Doctorow

doctorow@craphound.com

–

Bad guys co-evolve with your defenses — tax code, software and
NBA rules all need to constantly evolve, as does Google

Evolutionary computation: represent individuals as genetic
strings, i.e. 110100101

Test individuals for fitness — how good they are at finding and
exploiting loopholes

Mutate and crossover to get individuals who are better and better
at solving your problem — at finding loopholes.

In 2002, Sussex researchers tried to design an osscilator using
evolutionary computation, but found it ended up weird because of
unintentional RFI emission from a nearby PC

–

Example: Identify failure modes in complex fluid control system.
Control engineers can only test a fraction of all configs and
scenaria, and can only imagine a small fraction of possibilities.

Secondary example: ID small investments that can dramatically
improve robustness.

Build a genetic algorithm to represent components of the fluid
control system that can contribute to catastrophic failure. These
components become the genotype in the simulation.

Try to identify correlated v. uncorrelated damage. Very
counterintuitive for a human brain. Say a terroist attacks the
system at three different points — is there a combination of
three ruptures or poisonings that creates catastrophic failures?

The worst three-point ruptures turn out to involve ruptures among
relatively unimportant failure points — the combination of three
minor failures is major. And these failures can be substantially
mitigated by adding a single pipe-segment.

–

Example: Trying to sink an unmanned sub. Discovered failure modes
the engineers had never considered. We say airplanes are safe
because they’ve been "engineered" but without nonhuman,
nnonintelligent exploration of failure mode, you are NOT safe.

–

Example: fighting script kiddies.

Evolve simple intrusion scripts that are difficult to detect.

* Build a grammar for automated script generation

* Test scripts in fast simulaitons

* Fitness is absence of evidence in logfiles

* Select, recombine, lather, rinse and repeat

Tried this against a RedHat box. Came up with examples of scripts
that were very crude and left lots of footprints. These scripts
were bred for fitness.

–

Example: fighting Google Bombs

I tend to believe that if something isn’t in Google, it doesn’t
exist. How robust is Google to attack that artifically inflates
search rankings?

For example, "Miserable failure" returned, as its top result, the
White House bio for GW Bush. This only took 32 well-placed links.
With limited resources, you can bias sear results. But can you do
it systematically?

Attack: for given webpage, search term and target page: promote
target page to term 1 for search result for search term

Strategies: try to raise pagerank of single page that has a
single outbound link to target page. Or create more complex web
of interactions.

We can evolve strategies to discover loopholes in Google’s
results even without knowing the algorithm.

–

Systems are more complex than our brains can understand.]]>