Is data clustering in adversarial settings secure?

Biggio, Battista; Pillai, Ignazio; Bulò, Samuel Rota; Ariu, Davide; Pelillo, Marcello; Roli, Fabio

doi:10.1145/2517312.2517321

Cited by 94 publications

(112 citation statements)

References 21 publications

Supporting

Mentioning

106

Contrasting

Order By: Relevance

“…It has to be remarked that ∆DH t is not the kind of tool one hopes to employ as part of a proper informationtheoretic approach to the problem of quantifying differences between hierarchies: its sign is not constant, and there is much interaction among the summands in (15) and (16). It would be much more appropriate to construct and employ a proper notion of conditional entropy.…”

Section: Comparing Truncated Hierarchiesmentioning

confidence: 99%

“…4, 14, 15. Given the central role of HC in cyber-security it is critical to understand and design around the vulnerabilities of hierarchical clustering methods. An interesting set of articles by Biggio et al 4,16,17 highlights a major vulnerability in HC: sensitivity to poisoning attacks. Biggio et al 4 emphasizes the centrality of clustering of malware families in the identification of common characteristics and the design of suitable countermeasures.…”

Section: Introductionmentioning

confidence: 99%

“…4 Their analysis provides convincing poisoning schemes against other existing algorithms. 16,17 In this paper, we test the hypothesis that, by employing natural entropy based diversity measures developed here, one could counter poisoning attacks against the SLHC method using a fairly simple reactive control mechanism based on allowing only small variations in the above measures for each time step. The idea is that large variations of the measure may only occur as a result of very coarse-grained alterations in the underlying hierarchy.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Detecting poisoning attacks on hierarchical malware classification systems

et al. 2017

View full text Add to dashboard Cite

Anti-virus software based on unsupervised hierarchical clustering (HC) of malware samples has been shown to be vulnerable to poisoning attacks. In this kind of attack, a malicious player degrades anti-virus performance by submitting to the database samples specifically designed to collapse the classification hierarchy utilized by the anti-virus (and constructed through HC) or otherwise deform it in a way that would render it useless. Though each poisoning attack needs to be tailored to the particular HC scheme deployed, existing research seems to indicate that no particular HC method by itself is immune. We present results on applying a new notion of entropy for combinatorial dendrograms to the problem of controlling the influx of samples into the data base and deflecting poisoning attacks. In a nutshell, effective and tractable measures of change in hierarchy complexity are derived from the above, enabling on-the-fly flagging and rejection of potentially damaging samples. The information-theoretic underpinnings of these measures ensure their indifference to which particular poisoning algorithm is being used by the attacker, rendering them particularly attractive in this setting. ABSTRACT Anti-virus software based on unsupervised hierarchical clustering (HC) of malware samples has been shown to be vulnerable to poisoning attacks. In this kind of attack, a malicious player degrades anti-virus performance by submitting to the database samples specifically designed to collapse the classification hierarchy utilized by the anti-virus (and constructed through HC) or otherwise deform it in a way that would render it useless. Though each poisoning attack needs to be tailored to the particular HC scheme deployed, existing research seems to indicate that no particular HC method by itself is immune. We present results on applying a new notion of entropy for combinatorial dendrograms to the problem of controlling the influx of samples into the data base and deflecting poisoning attacks. In a nutshell, effective and tractable measures of change in hierarchy complexity are derived from the above, enabling on-the-fly flagging and rejection of potentially damaging samples. The information-theoretic underpinnings of these measures ensure their indifference to which particular poisoning algorithm is being used by the attacker, rendering them particularly attractive in this setting.

show abstract

Section: Comparing Truncated Hierarchiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detecting poisoning attacks on hierarchical malware classification systems

et al. 2017

View full text Add to dashboard Cite

show abstract

“…Capability: since poisoning samples do not need to preserve any malicious functionality, the attacker can add any number of them to the initial dataset, with the only constraint on their feature values given by feature normalization. The optimal attack strategy can be therefore formulated as We refer the reader to [23] for details on the (approximate) solution of this optimization problem. We considered three different greedy heuristics tailored to single-linkage hierarchical clustering, named Bridge (Best), Bridge (Hard), and Bridge (Soft): poisoning samples are added one at a time, until |A| points are added.…”

Section: Poisoning Http-based Malware Clusteringmentioning

confidence: 99%

Pattern Recognition Systems under Attack

Roli

Biggio

Fumera

2013

Progress in Pattern Recognition, Image Analysis, Computer Vision, and Applications

Self Cite

View full text Add to dashboard Cite

We analyze the problem of designing pattern recognition systems in adversarial settings, under an engineering viewpoint, motivated by their increasing exploitation in security-sensitive applications like spam and malware detection, despite their vulnerability to potential attacks has not yet been deeply understood. We first review previous work and report examples of how a complex system may be evaded either by leveraging on trivial vulnerabilities of its untrained components, e.g., parsing errors in the pre-processing steps, or by exploiting more subtle vulnerabilities of learning algorithms. We then discuss the need of exploiting both reactive and proactive security paradigms complementarily to improve the security by design. Our ultimate goal is to provide some useful guidelines for improving the security of pattern recognition in adversarial settings, and to suggest related open issues to foster research in this area.

show abstract

“…And over 70% of the advanced malware created today uses one or more evasion techniques to avoid detection 2 . Attackers collect the knowledge of machine learning based detection approach and develop new evasion techniques, such as new communication channel [4][5][6][7][8], mimicry attack [9,10], gradient descent attack [9,10], poison attack [11], and so on.…”

Section: Introductionmentioning

confidence: 99%

Fortifying Botnet Classification based on Venn-abers Prediction

Wang¹,

Gao²,

Zhang³

et al. 2017

dtcse

View full text Add to dashboard Cite

Abstract. Botnet is one of the most significant threats to the Internet so that many botnet detection approaches have been proposed based on machine learning techniques. But botnets evolve more and more rapidly and over 70% malware created today uses one or more evasion techniques to avoid detection. Consequently, botnet detection models based on static threshold is facing the concept drift challenge. In this paper, we introduced Venn-Abers algorithm into detection model to mitigate concept drift problem. We selected KNN and KDE as scoring classifier to build a Venn-Abers predictor. The experiments show that each prediction has a probability interval output by a Venn-Abers predictor that accurately indicate the quality of prediction. The drop of prediction quality is a signature for concept drift even when the prediction result is correct.

show abstract

Is data clustering in adversarial settings secure?

Cited by 94 publications

References 21 publications

Detecting poisoning attacks on hierarchical malware classification systems

Detecting poisoning attacks on hierarchical malware classification systems

Pattern Recognition Systems under Attack

Fortifying Botnet Classification based on Venn-abers Prediction

Contact Info

Product

Resources

About