Stealthy Poisoning Attacks on PCAbased Anomaly Detectors

Stealthy Poisoning Attacks on PCAbased Anomaly Detectors

Citation
"Stealthy Poisoning Attacks on PCAbased Anomaly Detectors". B. Rubinstein, B. Nelson, L. Huang, A. Joseph, S. Lau, S. Rao, N. Taft, and J. D. Tygar (eds.), June, 2009.

Abstract
We consider systems that use PCA-based detectors obtained from a comprehensive view of the network’s traffic to identify anomalies in backbone networks. To assess these detectors’ susceptibility to adversaries wishing to evade detection, we present and evaluate short-term and long-term data poison- ing schemes that trade-off between poisoning duration and the volume of traffic injected for poisoning. Stealthy Boil- ing Frog attacks significantly reduce chaff volume, while only moderately increasing poisoning duration. ROC curves pro- vide a comprehensive analysis of PCA-based detection on contaminated data, and show that even small attacks can undermine this otherwise successful anomaly detector.

Electronic downloads

Sigmetrics.09.pdf · application/pdf · 337 kbytes

Citation formats

HTML

 <a
href="http://www.truststc.org/pubs/727.html"
><i>Stealthy Poisoning Attacks on PCAbased Anomaly
Detectors</i></a>,  B. Rubinstein, B. Nelson, L.
Huang, A. Joseph, S. Lau, S. Rao, N. Taft, and J. D. Tygar
(eds.), June, 2009.

Plain text

 "Stealthy Poisoning Attacks on PCAbased Anomaly
Detectors".  B. Rubinstein, B. Nelson, L. Huang, A.
Joseph, S. Lau, S. Rao, N. Taft, and J. D. Tygar (eds.),
June, 2009.

BibTeX

@proceedings{RubinsteinNelsonHuangJosephLauRaoTaftTygar09_StealthyPoisoningAttacksOnPCAbasedAnomalyDetectors,
    title = {Stealthy Poisoning Attacks on PCAbased Anomaly
              Detectors},
    editor = { B. Rubinstein, B. Nelson, L. Huang, A. Joseph, S.
              Lau, S. Rao, N. Taft, and J. D. Tygar},
    month = {June},
    year = {2009},
    abstract = {We consider systems that use PCA-based detectors
              obtained from a comprehensive view of the
              networkâ��s traffic to identify anomalies in
              backbone networks. To assess these detectorsâ��
              susceptibility to adversaries wishing to evade
              detection, we present and evaluate short-term and
              long-term data poison- ing schemes that trade-off
              between poisoning duration and the volume of
              traffic injected for poisoning. Stealthy Boil- ing
              Frog attacks significantly reduce chaff volume,
              while only moderately increasing poisoning
              duration. ROC curves pro- vide a comprehensive
              analysis of PCA-based detection on contaminated
              data, and show that even small attacks can
              undermine this otherwise successful anomaly
              detector.},
    URL = {http://www.truststc.org/pubs/727.html}
}

Posted by Jessica Gamble on 7 Apr 2010.
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.