Paragraph: thwarting signature learning by training maliciously

Authors:
James Newsome;Brad Karp;Dawn Song
Affiliations:
Carnegie Mellon University;University College London;Carnegie Mellon University
Venue:
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Year:
2006

Citing 18
Cited 24

Redundant noisy attributes, attribute errors, and linear-threshold learning using winnow

COLT '91 Proceedings of the fourth annual workshop on Computational learning theory
Learning Quickly When Irrelevant Attributes Abound: A New Linear-Threshold Algorithm

Machine Learning
Adversarial classification

Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Secure program execution via dynamic information flow tracking

ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
The top speed of flash worms

Proceedings of the 2004 ACM workshop on Rapid malcode
Polygraph: Automatically Generating Signatures for Polymorphic Worms

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Adversarial learning

Proceedings of the eleventh ACM SIGKDD international conference on Knowledge discovery in data mining
Vigilante: end-to-end containment of internet worms

Proceedings of the twentieth ACM symposium on Operating systems principles
Fast and automated generation of attack signatures: a basis for building self-protecting servers

Proceedings of the 12th ACM conference on Computer and communications security
Automatic diagnosis and response to memory corruption vulnerabilities

Proceedings of the 12th ACM conference on Computer and communications security
On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits

Proceedings of the 12th ACM conference on Computer and communications security
Can machine learning be secure?

ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Towards Automatic Generation of Vulnerability-Based Signatures

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
MisleadingWorm Signature Generators Using Deliberate Noise Injection

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Hamsa: Fast Signature Generation for Zero-day PolymorphicWorms with Provable Attack Resilience

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Building a reactive immune system for software services

ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Automated worm fingerprinting

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Autograph: toward automated, distributed worm signature detection

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Analyzing network traffic to detect self-decrypting exploit code

ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Machine Learning for Computer Security

The Journal of Machine Learning Research
Sweeper: a lightweight end-to-end system for defending against fast worms

Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Large-scale collection and sanitization of network security data: risks and challenges

NSPW '06 Proceedings of the 2006 workshop on New security paradigms
Catch me, if you can: evading network signatures with web-based polymorphic worms

WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
LISABETH: automated content-based signature generator for zero-day polymorphic worms

Proceedings of the fourth international workshop on Software engineering for secure systems
Exploiting machine learning to subvert your spam filter

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
A Multiple Instance Learning Strategy for Combating Good Word Attacks on Spam Filters

The Journal of Machine Learning Research
ANTIDOTE: understanding and defending against poisoning of anomaly detectors

Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Botzilla: detecting the "phoning home" of malicious software

Proceedings of the 2010 ACM Symposium on Applied Computing
Emulation-based detection of non-self-contained polymorphic shellcode

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Advanced allergy attacks: does a corpus really help

RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Thwarting zero-day polymorphic worms with network-level length-based signature generation

IEEE/ACM Transactions on Networking (TON)
Behavioral clustering of HTTP-based malware and signature generation using malicious network traces

NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Mimimorphism: a new approach to binary code obfuscation

Proceedings of the 17th ACM conference on Computer and communications security
A misleading attack against semi-supervised learning for intrusion detection

MDAI'10 Proceedings of the 7th international conference on Modeling decisions for artificial intelligence
Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning

WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Adversarial machine learning

Proceedings of the 4th ACM workshop on Security and artificial intelligence
Sampling attack against active learning in adversarial environment

MDAI'12 Proceedings of the 9th international conference on Modeling Decisions for Artificial Intelligence
Scalable fine-grained behavioral clustering of HTTP-based malware

Computer Networks: The International Journal of Computer and Telecommunications Networking
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues

Information Sciences: an International Journal
An agent-based model to simulate and analyse behaviour under noisy and deceptive information

Adaptive Behavior - Animals, Animats, Software Agents, Robots, Adaptive Systems
Security analysis of online centroid anomaly detection

The Journal of Machine Learning Research
Approaches to adversarial drift

Proceedings of the 2013 ACM workshop on Artificial intelligence and security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Defending a server against Internet worms and defending a user's email inbox against spam bear certain similarities. In both cases, a stream of samples arrives, and a classifier must automatically determine whether each sample falls into a malicious target class (e.g., worm network traffic, or spam email). A learner typically generates a classifier automatically by analyzing two labeled training pools: one of innocuous samples, and one of samples that fall in the malicious target class. Learning techniques have previously found success in settings where the content of the labeled samples used in training is either random, or even constructed by a helpful teacher, who aims to speed learning of an accurate classifier. In the case of learning classifiers for worms and spam, however, an adversary controls the content of the labeled samples to a great extent. In this paper, we describe practical attacks against learning, in which an adversary constructs labeled samples that, when used to train a learner, prevent or severely delay generation of an accurate classifier. We show that even a delusive adversary, whose samples are all correctly labeled, can obstruct learning. We simulate and implement highly effective instances of these attacks against the Polygraph [15] automatic polymorphic worm signature generation algorithms.