poster

Stealthy poisoning attacks on PCA-based anomaly detectors

Authors:

Benjamin I.P. Rubinstein,

J. D. TygarAuthors Info & Claims

ACM SIGMETRICS Performance Evaluation Review, Volume 37, Issue 2

Pages 73 - 74

https://doi.org/10.1145/1639562.1639592

Published: 16 October 2009 Publication History

Get Access

Abstract

We consider systems that use PCA-based detectors obtained from a comprehensive view of the network's traffic to identify anomalies in backbone networks. To assess these detectors' susceptibility to adversaries wishing to evade detection, we present and evaluate short-term and long-term data poisoning schemes that trade-off between poisoning duration and the volume of traffic injected for poisoning. Stealthy Boiling Frog attacks significantly reduce chaff volume,while only moderately increasing poisoning duration. ROC curves provide a comprehensive analysis of PCA-based detection on contaminated data, and show that even small attacks can undermine this otherwise successful anomaly detector.

References

[1]

M. Barreno, B. Nelson, R. Sears, A.D. Joseph, and J.D. Tygar. "Can machine learning be secure?". In Proc. ASIACCS'06, 2006.

Digital Library

Google Scholar

[2]

A. Lakhina, M. Crovella, and C. Diot. "Diagnosing network-wide traffic anomalies". In Proc. SIGCOMM'04, pages 219--230, 2004.

Digital Library

Google Scholar

[3]

T. Oetiker. The Multi Router Traffic Grapher. http://oss.oetiker.ch/mrtg/, 2008.

Google Scholar

[4]

H. Ringberg, A. Soule, J. Rexford, and C. Diot. "Sensitivity of PCA for traffic anomaly detection". Proc. SIGMETRICS 07, 35(1):109--120, 2007.

Digital Library

Google Scholar

[5]

B.I.P. Rubinstein, B. Nelson, L. Huang, A.D. Joseph, S. Lau, N. Taft, and D. Tygar. "Compromising PCA-based anomaly detectors for network-wide traffic". Technical Report No. UCB/EECS-2008-73, EECS Department, University of California, Berkeley, 2008.

Google Scholar

[6]

B.I.P. Rubinstein, B. Nelson, L. Huang, A.D. Joseph, S. Lau, N. Taft, and J.D. Tygar. "Evading anomaly detection through variance injection attacks on PCA" (extended abstract). In Recent Advances in Intrusion Detection, volume 5230/2008 of Lecture Notes in Computer Science, pages 394--395, 2008.

Digital Library

Google Scholar

[7]

Y. Zhang, Z. Ge, A. Greenberg, and M. Roughan. "Network anomography". In Proc. IMC 05, pages 1--14, NY, NY, USA, 2005.

Digital Library

Google Scholar

Cited By

View all

Sourav SChen B(2024)Exposing Hidden Attackers in Industrial Control Systems Using Micro-DistortionsIEEE Transactions on Smart Grid10.1109/TSG.2023.330071015:2(2089-2101)Online publication date: Mar-2024
https://doi.org/10.1109/TSG.2023.3300710
Teixeira RAntunes MBarraca JGomes DAguiar R(2024)Rethinking security: the resilience of shallow ML modelsInternational Journal of Data Science and Analytics10.1007/s41060-024-00655-1Online publication date: 18-Oct-2024
https://doi.org/10.1007/s41060-024-00655-1
Sundaram RVullikanti AXu HYao F(2023)PAC-learning for strategic classificationThe Journal of Machine Learning Research10.5555/3648699.364889124:1(9155-9192)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.5555/3648699.3648891
Show More Cited By

Index Terms

Stealthy poisoning attacks on PCA-based anomaly detectors

Recommendations

ANTIDOTE: understanding and defending against poisoning of anomaly detectors
IMC '09: Proceedings of the 9th ACM SIGCOMM conference on Internet measurement

Statistical machine learning techniques have recently garnered increased popularity as a means to improve network design and security. For intrusion detection, such methods build a model for normal behavior from training data and detect attacks as ...
Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification
Abstract
Machine learning is key for automated detection of malicious network activity to ensure that computer networks and organizations are protected against cyber security attacks. Recently, there has been growing interest in the domain of ...
Sensitivity of PCA for traffic anomaly detection
SIGMETRICS '07 Conference Proceedings

Detecting anomalous traffic is a crucial part of managing IP networks. In recent years, network-wide anomaly detection based on Principal Component Analysis (PCA) has emerged as a powerful method for detecting a wide variety of anomalies. We show that ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGMETRICS Performance Evaluation Review

ACM SIGMETRICS Performance Evaluation Review Volume 37, Issue 2

September 2009

89 pages

ISSN:0163-5999

DOI:10.1145/1639562

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2009

Published in SIGMETRICS Volume 37, Issue 2

Check for updates

Author Tags

Qualifiers

Poster

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

27
Total Citations
View Citations
384
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)2

Reflects downloads up to 28 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sourav SChen B(2024)Exposing Hidden Attackers in Industrial Control Systems Using Micro-DistortionsIEEE Transactions on Smart Grid10.1109/TSG.2023.330071015:2(2089-2101)Online publication date: Mar-2024
https://doi.org/10.1109/TSG.2023.3300710
Teixeira RAntunes MBarraca JGomes DAguiar R(2024)Rethinking security: the resilience of shallow ML modelsInternational Journal of Data Science and Analytics10.1007/s41060-024-00655-1Online publication date: 18-Oct-2024
https://doi.org/10.1007/s41060-024-00655-1
Sundaram RVullikanti AXu HYao F(2023)PAC-learning for strategic classificationThe Journal of Machine Learning Research10.5555/3648699.364889124:1(9155-9192)Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.5555/3648699.3648891
Kerkouche RÁcs GFritz MKnijnenburg BPapadimitratos P(2023)Client-specific Property Inference against Secure Aggregation in Federated LearningProceedings of the 22nd Workshop on Privacy in the Electronic Society10.1145/3603216.3624964(45-60)Online publication date: 26-Nov-2023
https://dl.acm.org/doi/10.1145/3603216.3624964
Zhang LYu K(2023)Improved Network Anomaly Detection Method2023 IEEE 7th Information Technology and Mechatronics Engineering Conference (ITOEC)10.1109/ITOEC57671.2023.10291368(101-104)Online publication date: 15-Sep-2023
https://doi.org/10.1109/ITOEC57671.2023.10291368
Turtiainen HCostin APolyakov AHämäläinen T(2022)Offensive Machine Learning Methods and the Cyber Kill ChainArtificial Intelligence and Cybersecurity10.1007/978-3-031-15030-2_6(125-145)Online publication date: 1-Aug-2022
https://doi.org/10.1007/978-3-031-15030-2_6
Hong NWang XWang Z(2021)Abnormal Access Behavior Detection of Ideological and Political MOOCs in Colleges and UniversitiesMobile Information Systems10.1155/2021/99777362021Online publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1155/2021/9977736
Nassif ATalib MNasir QDakalbab F(2021)Machine Learning for Anomaly Detection: A Systematic ReviewIEEE Access10.1109/ACCESS.2021.30830609(78658-78700)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3083060
Mahloujifar SDiochnos DMahmoody M(2020)Learning under p-tampering poisoning attacksAnnals of Mathematics and Artificial Intelligence10.1007/s10472-019-09675-188:7(759-792)Online publication date: 1-Jul-2020
https://dl.acm.org/doi/10.1007/s10472-019-09675-1
Chen WHelu XJin CZhang MLu HSun YTian Z(2020)Advanced persistent threat organization identification based on software gene of malwareTransactions on Emerging Telecommunications Technologies10.1002/ett.388431:12Online publication date: 22-Dec-2020
https://dl.acm.org/doi/10.1002/ett.3884
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

ANTIDOTE: understanding and defending against poisoning of anomaly detectors

Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification

Sensitivity of PCA for traffic anomaly detection

Comments

Published In

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

ANTIDOTE: understanding and defending against poisoning of anomaly detectors

Defending against adversarial machine learning attacks using hierarchical learning: A case study on network traffic attack classification

Sensitivity of PCA for traffic anomaly detection

Comments

Information

Published In

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations