Using Probability Densities to Evolve more Secure Software Configurations

The use of Evolutionary Algorithms (EAs) is one method for securing software configurations in a changing environment. Using this approach, configurations are modeled as biological chromosomes, and a continual sequence of selection, recombination, and mutation processes is performed. While this approach can evolve secure configurations based on current conditions, it is also possible to inadvertently lose solutions to previous threats during the evolution process. This paper improves the performance of EA-based configuration management by incorporating parameter-setting history. Over the generations (EA iterations), counts are maintained regarding the parameter-settings and the security of the configuration. Probability densities are then developed and used during mutation to encourage the selection of previously secure settings. As a result, these secure settings are likely to be maintained as attacks alternate between vulnerabilities. Experimental results using configuration parameters from RedHat Linux installed Apache web-servers indicate the addition of parameter history significantly improves the ability to maintain secure settings as an attacker alternates between different threats.