The Internet, in its original inception, was designed and envisioned to be used to exchange and expand technical and community knowledge using free and open information transport protocols transmitted over a multitude of expanding communications paths and data channels. The underlying communications system expanded rapidly over the last couple decades, connecting the military, academic, and industrial communities all around the world. Rapid application development spurred on by enhanced commercialization and marketing opportunities have resulted in a highly complex and evolved industrial communications market place that is now a well-established and essential worldwide interconnected community of both commerce and communications.
The resulting capabilities and opportunities for prosperity brought on by this human communications marvel has also resulted in the ever escalating attraction of malfeasant actors, relentlessly intent on exploiting and capitalizing on the fundamental open-style architecture on which the Internet was principally designed upon.
The rapid expansion of the Internet as an indispensable international commerce environment and principle global information repository yielded to inevitable requirement for information assurance in the form of three fundamental data tenets; namely confidentiality, integrity, and availability. These three areas of information assurance continue to be the backdrop for the struggle that goes on between those that work to ensure the open exchange of global information and commerce and those that wage unrelenting efforts, intent to exploit this environment for reasons of mischievousness or ill-gotten profit.
In response to the overarching and pressing requirements for data confidentiality, data integrity, and data availability, an entire industry rapidly evolved with the purpose of ensuring that the global Internet is a secure, trusted, and operationally relevant communications environment that would sustain an ever expanding commercial marketspace. To wit, a broad class of systems, tools, and applications were developed and employed at various points within this internetworked system in an attempt to achieve a high, or at the very least, and accepted level of data confidentiality, integrity, and availability. This group of capabilities can include a non-exhaustive list such as network firewalls and packet filtering systems, network traffic load balancers, access control lists for routers and switches, intrusion detection and prevention systems, proxy servers and network address translation systems, network deep packet scanners, web cache servers, email address filters and content scanners, detection and eradication systems for defenses against virus, spyware, and malware attacks, as well as a variety of hardware and software encryption technologies.
Unfortunately, even given all these technologies that are designed specifically to secure the Internet, and the thousands of sub-networks that connect to it, openly communicating or engaging in business (e.g., verifying credit card transactions, transferring funds, storing and using private personal information, buying and selling products) on this global information interchange remains a risky proposition. Malfeasant actors, intent on exploiting information resources on the Internet, continue to develop and deploy advanced evasion techniques. Advanced evasion techniques (AET) are specially crafted tactics, techniques or procedures implemented in software that are designed specifically to subvert the current network security systems or the protection mechanisms used on network connected computer processing systems (e.g., servers, clients, routers, switches).