Allergy Attack Against Automatic Signature Generation

Chung, Simon P.; Mok, Aloysius K.

doi:10.1007/11856214_4

Cited by 56 publications

(24 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Venkataraman et al also present lower bounds for learning worm signatures based on red herring attacks [63]. Chung and Mok also developed allergy attacks against the Autograph worm signature generation system [12,13]. Autograph operates in two phases.…”

Section: Causative Attacksmentioning

confidence: 99%

Adversarial machine learning

Huang

Joseph

Nelson

et al. 2011

Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence

969

732

View full text Add to dashboard Cite

In this paper (expanded from an invited talk at AISEC 2010), we discuss an emerging field of study: adversarial machine learning-the study of effective machine learning techniques against an adversarial opponent. In this paper, we: give a taxonomy for classifying attacks against online machine learning algorithms; discuss application-specific factors that limit an adversary's capabilities; introduce two models for modeling an adversary's capabilities; explore the limits of an adversary's knowledge about the algorithm, feature space, training, and input data; explore vulnerabilities in machine learning algorithms; discuss countermeasures against attacks; introduce the evasion challenge; and discuss privacy-preserving learning techniques.

show abstract

Section: Causative Attacksmentioning

confidence: 99%

Adversarial machine learning

Huang

Joseph

Nelson

et al. 2011

Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence

969

732

View full text Add to dashboard Cite

show abstract

“…Using the framework presented in Section 2.3, we have demonstrated the effectiveness of Causative attacks against SpamBayes if the adversary is given realistic control over the training process of SpamBayes, by limiting the header fields the attacker can modify and the amount of control over the training set. Our Usenet-25k dictionary attack causes misclassification of 19% of ham messages with only 1% control over the training messages 3 , rendering SpamBayes unusable. Our focused attack changes the classification of the target message virtually 100% of the time with knowledge of only 30% of the target's tokens.…”

Section: Resultsmentioning

confidence: 99%

“…Chung and Mok [3,4] present a Causative Availability attack against the Autograph worm signature generation system [11], which infers blocking rules from the traffic of suspicious nodes. The main idea is that the attack node first sends traffic that causes Autograph to mark it suspicious, then sends traffic similar to legitimate traffic, resulting in rules that cause denial of service.…”

Section: Related Workmentioning

confidence: 99%

Misleading Learners: Co-opting Your Spam Filter

Nelson

Barreno

Jack

et al. 2009

Machine Learning in Cyber Trust

124

View full text Add to dashboard Cite

Using statistical machine learning for making security decisions introduces new vulnerabilities in large scale systems. We show how an adversary can exploit statistical machine learning, as used in the SpamBayes spam filter, to render it useless-even if the adversary's access is limited to only 1% of the spam training messages. We demonstrate three new attacks that successfully make the filter unusable, prevent victims from receiving specific email messages, and cause spam emails to arrive in the victim's inbox. IntroductionApplications use statistical machine learning to perform a growing number of critical tasks in virtually all areas of computing. The key strength of machine learning is adaptability; however, this can become a weakness when an adversary manipulates the learner's environment. With the continual growth of malicious activity and electronic crime, the increasingly broad adoption of learning makes assessing the vulnerability of learning systems to attack an essential problem.The question of robust decision making in systems that rely on machine learning is of interest in its own right. But for security practitioners, it is especially important, as a wide swath of security-sensitive applications build on machine learning technology, including intrusion detection systems, virus and worm detection systems, and spam filters [13,14,18,20,24].Past machine learning research has often proceeded under the assumption that learning systems are provided with training data drawn from a natural distribution of inputs. However, in many real applications an attacker might have the ability to provide a machine learning system with maliciously chosen inputs that cause the system to infer poor classification rules. In the spam domain, for example, the adversary can send carefully crafted spam messages 1 Comp. Sci. Div., Soda Hall #1776, University of California, Berkeley, 94720-1776, USA 17and Reliability, DOI: 10.1007/978-0-387-88735-7_2, In Machine Learning in Cyber Trust: Security, Privacy, Reliability, eds. J. Tsai and P..Yu (eds.) Springer, 2009, pp. 17-51 18 that a human user will correctly identify and mark as spam, but which can influence the underlying machine learning system and adversely affect its ability to correctly classify future messages.We demonstrate how attackers can exploit machine learning to subvert the SpamBayes statistical spam filter. Our attack strategies exhibit two key differences from previous work: traditional attacks modify attack instances to evade a filter, whereas our attacks interfere with the training process of the learning algorithm and modify the filter itself; and rather than focusing only on placing spam emails in the victim's inbox, we also present attacks that remove legitimate emails from the inbox.We consider attackers with one of two goals: expose the victim to an advertisement or prevent the victim from seeing a legitimate message. Potential revenue gain for a spammer drives the first goal, while the second goal is motivated, for example, by an organiza...

show abstract

“…Tools such as Polygraph [28] and Hamsa [24] are used to create attack signature automatically. Attack against automatic signature generator have been studied in [8]. Some of NetAnalyzer signatures are taken from the Nmap [14], and L7 filter [35] databases.…”

Section: Introductionmentioning

confidence: 99%

Probabilistic Identification for Hard to Classify Protocol

Bursztein

2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. With the growing use of protocols obfuscation techniques, protocol identification for Q.O.S enforcement, traffic prohibition, and intrusion detection has became a complex task. This paper address this issue with a probabilistic identification analysis that combines multiples advanced identification techniques and returns an ordered list of probable protocols. It combines a payload analysis with a classifier based on several discriminators, including packet entropy and size. We show with its implementation, that it overcomes the limitations of traditional port-based protocol identification when dealing with hard to classify protocol such as peer to peer protocols. We also details how it deals with tunneled session and covert channel.

show abstract

Allergy Attack Against Automatic Signature Generation

Cited by 56 publications

References 9 publications

Adversarial machine learning

Adversarial machine learning

Misleading Learners: Co-opting Your Spam Filter

Probabilistic Identification for Hard to Classify Protocol

Contact Info

Product

Resources

About