Team for Research in
Ubiquitous Secure Technology

Stealthy Poisoning Attacks on PCAbased Anomaly Detectors

Citation
"Stealthy Poisoning Attacks on PCAbased Anomaly Detectors". B. Rubinstein, B. Nelson, L. Huang, A. Joseph, S. Lau, S. Rao, N. Taft, and J. D. Tygar (eds.), June, 2009.

Abstract
We consider systems that use PCA-based detectors obtained from a comprehensive view of the network’s traffic to identify anomalies in backbone networks. To assess these detectors’ susceptibility to adversaries wishing to evade detection, we present and evaluate short-term and long-term data poison- ing schemes that trade-off between poisoning duration and the volume of traffic injected for poisoning. Stealthy Boil- ing Frog attacks significantly reduce chaff volume, while only moderately increasing poisoning duration. ROC curves pro- vide a comprehensive analysis of PCA-based detection on contaminated data, and show that even small attacks can undermine this otherwise successful anomaly detector.

Electronic downloads

Citation formats  
  • HTML
     <a
    href="http://www.truststc.org/pubs/727.html"
    ><i>Stealthy Poisoning Attacks on PCAbased Anomaly
    Detectors</i></a>,  B. Rubinstein, B. Nelson, L.
    Huang, A. Joseph, S. Lau, S. Rao, N. Taft, and J. D. Tygar
    (eds.), June, 2009.
  • Plain text
     "Stealthy Poisoning Attacks on PCAbased Anomaly
    Detectors".  B. Rubinstein, B. Nelson, L. Huang, A.
    Joseph, S. Lau, S. Rao, N. Taft, and J. D. Tygar (eds.),
    June, 2009.
  • BibTeX
    @proceedings{RubinsteinNelsonHuangJosephLauRaoTaftTygar09_StealthyPoisoningAttacksOnPCAbasedAnomalyDetectors,
        title = {Stealthy Poisoning Attacks on PCAbased Anomaly
                  Detectors},
        editor = { B. Rubinstein, B. Nelson, L. Huang, A. Joseph, S.
                  Lau, S. Rao, N. Taft, and J. D. Tygar},
        month = {June},
        year = {2009},
        abstract = {We consider systems that use PCA-based detectors
                  obtained from a comprehensive view of the
                  network’s traffic to identify anomalies in
                  backbone networks. To assess these detectors’
                  susceptibility to adversaries wishing to evade
                  detection, we present and evaluate short-term and
                  long-term data poison- ing schemes that trade-off
                  between poisoning duration and the volume of
                  traffic injected for poisoning. Stealthy Boil- ing
                  Frog attacks significantly reduce chaff volume,
                  while only moderately increasing poisoning
                  duration. ROC curves pro- vide a comprehensive
                  analysis of PCA-based detection on contaminated
                  data, and show that even small attacks can
                  undermine this otherwise successful anomaly
                  detector.},
        URL = {http://www.truststc.org/pubs/727.html}
    }
    

Posted by Jessica Gamble on 7 Apr 2010.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.