Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Can machine learning be secure?
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Sensitivity of PCA for traffic anomaly detection
Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
ANTIDOTE: understanding and defending against poisoning of anomaly detectors
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Hi-index | 0.00 |
We consider systems that use PCA-based detectors obtained from a comprehensive view of the network's traffic to identify anomalies in backbone networks. To assess these detectors' susceptibility to adversaries wishing to evade detection, we present and evaluate short-term and long-term data poisoning schemes that trade-off between poisoning duration and the volume of traffic injected for poisoning. Stealthy Boiling Frog attacks significantly reduce chaff volume,while only moderately increasing poisoning duration. ROC curves provide a comprehensive analysis of PCA-based detection on contaminated data, and show that even small attacks can undermine this otherwise successful anomaly detector.