ANTIDOTE: understanding and defending against poisoning of anomaly detectors

Authors:
Benjamin I.P. Rubinstein;Blaine Nelson;Ling Huang;Anthony D. Joseph;Shing-hon Lau;Satish Rao;Nina Taft;J. D. Tygar
Affiliations:
University of California - Berkeley, Berkeley, CA, USA;University of California - Berkeley, Berkeley, CA, USA;Intel Labs Berkeley, Berkeley, CA, USA;University of California - Berkeley, and Intel Labs Berkeley, Berkeley, CA, USA;University of California - Berkeley, Berkeley, CA, USA;University of California - Berkeley, Berkeley, CA, USA;Intel Labs Berkeley, Berkeley, CA, USA;University of California - Berkeley, Berkeley, CA, USA
Venue:
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Year:
2009

Citing 21
Cited 15

Adversarial classification

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Diagnosing network-wide traffic anomalies

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Characterization of network-wide anomalies in traffic flows

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Polygraph: Automatically Generating Signatures for Polymorphic Worms

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Adversarial learning

Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
High breakdown estimators for principal components: the projection-pursuit approach revisited

Journal of Multivariate Analysis
Can machine learning be secure?

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Prediction, Learning, and Games

Prediction, Learning, and Games
Detection and identification of network anomalies using sketch subspaces

Proceedings of the 6th ACM SIGCOMM conference on Internet measurement
Evading network anomaly detection systems: formal reasoning and practical techniques

Proceedings of the 13th ACM conference on Computer and communications security
Network anomography

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Combining filtering and statistical methods for anomaly detection

IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Sensitivity of PCA for traffic anomaly detection

Proceedings of the 2007 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Towards highly reliable enterprise network services via inference of multi-level dependencies

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Automating cross-layer diagnosis of enterprise wireless networks

Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Filtering spam with behavioral blacklisting

Proceedings of the 14th ACM conference on Computer and communications security
Exploiting machine learning to subvert your spam filter

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
What's going on?: learning communication rules in edge networks

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Stealthy poisoning attacks on PCA-based anomaly detectors

ACM SIGMETRICS Performance Evaluation Review
Paragraph: thwarting signature learning by training maliciously

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

BasisDetect: a model-based network event detection framework

IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
MAWILab: combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking

Proceedings of the 6th International COnference
Robust traffic anomaly detection with principal component pursuit

Proceedings of the ACM CoNEXT Student Workshop
Learning entropy

NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
P3CA: private anomaly detection across ISP networks

PETS'11 Proceedings of the 11th international conference on Privacy enhancing technologies
Bagging classifiers for fighting poisoning attacks in adversarial classification tasks

MCS'11 Proceedings of the 10th international conference on Multiple classifier systems
Adversarial machine learning

Proceedings of the 4th ACM workshop on Security and artificial intelligence
Rapid detection of maintenance induced changes in service performance

Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Structural analysis of network traffic matrix via relaxed principal component pursuit

Computer Networks: The International Journal of Computer and Telecommunications Networking
Securing application-level topology estimation networks: facing the frog-boiling attack

RAID'11 Proceedings of the 14th international conference on Recent Advances in Intrusion Detection
Tracking concept drift in malware families

Proceedings of the 5th ACM workshop on Security and artificial intelligence
Improving an SVD-based combination strategy of anomaly detectors for traffic labelling

Proceedings of the Asian Internet Engineeering Conference
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues

Information Sciences: an International Journal
Approaches to adversarial drift

Proceedings of the 2013 ACM workshop on Artificial intelligence and security
Robust assessment of changes in cellular networks

Proceedings of the ninth ACM conference on Emerging networking experiments and technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Statistical machine learning techniques have recently garnered increased popularity as a means to improve network design and security. For intrusion detection, such methods build a model for normal behavior from training data and detect attacks as deviations from that model. This process invites adversaries to manipulate the training data so that the learned model fails to detect subsequent attacks. We evaluate poisoning techniques and develop a defense, in the context of a particular anomaly detector - namely the PCA-subspace method for detecting anomalies in backbone networks. For three poisoning schemes, we show how attackers can substantially increase their chance of successfully evading detection by only adding moderate amounts of poisoned data. Moreover such poisoning throws off the balance between false positives and false negatives thereby dramatically reducing the efficacy of the detector. To combat these poisoning activities, we propose an antidote based on techniques from robust statistics and present a new robust PCA-based detector. Poisoning has little effect on the robust model, whereas it significantly distorts the model produced by the original PCA method. Our technique substantially reduces the effectiveness of poisoning for a variety of scenarios and indeed maintains a significantly better balance between false positives and false negatives than the original method when under attack.