Abstract | ||
---|---|---|
Statistical machine learning techniques have recently garnered increased popularity as a means to improve network design and security. For intrusion detection, such methods build a model for normal behavior from training data and detect attacks as deviations from that model. This process invites adversaries to manipulate the training data so that the learned model fails to detect subsequent attacks. We evaluate poisoning techniques and develop a defense, in the context of a particular anomaly detector - namely the PCA-subspace method for detecting anomalies in backbone networks. For three poisoning schemes, we show how attackers can substantially increase their chance of successfully evading detection by only adding moderate amounts of poisoned data. Moreover such poisoning throws off the balance between false positives and false negatives thereby dramatically reducing the efficacy of the detector. To combat these poisoning activities, we propose an antidote based on techniques from robust statistics and present a new robust PCA-based detector. Poisoning has little effect on the robust model, whereas it significantly distorts the model produced by the original PCA method. Our technique substantially reduces the effectiveness of poisoning for a variety of scenarios and indeed maintains a significantly better balance between false positives and false negatives than the original method when under attack. |
Year | DOI | Venue |
---|---|---|
2009 | 10.1145/1644893.1644895 | Internet Measurement Conference |
Keywords | Field | DocType |
new robust pca-based detector,poisoning technique,training data,false positive,original pca method,anomaly detector,poisoning scheme,pca-subspace method,false negative,robust model,poisoning activity,principal components analysis,intrusion detection,robust statistics,network design,principal component analysis | Training set,Data mining,Network planning and design,Computer science,Adversarial machine learning,Robust statistics,Artificial intelligence,False positives and false negatives,Detector,Intrusion detection system,Machine learning | Conference |
Citations | PageRank | References |
58 | 2.49 | 22 |
Authors | ||
8 |
Name | Order | Citations | PageRank |
---|---|---|---|
Benjamin I.P. Rubinstein | 1 | 210 | 10.37 |
Blaine Nelson | 2 | 1127 | 58.95 |
Ling Huang | 3 | 2496 | 118.80 |
D. Joseph | 4 | 5463 | 492.96 |
Shing-Hon Lau | 5 | 95 | 4.83 |
Satish Rao | 6 | 4104 | 439.00 |
Nina Taft | 7 | 2109 | 154.92 |
J. D. Tygar | 8 | 5516 | 587.67 |