Practical Evasion of a Learning-Based Classifier: A Case Study

rndic, Nedim; Laskov, Pavel

doi:10.1109/sp.2014.20

Cited by 240 publications

(237 citation statements)

References 37 publications

Supporting

Mentioning

218

Contrasting

Order By: Relevance

“…Wagner and Soto [14] demonstrated the mimicry attack against a host-based IDS that mimics the legitimate sequence of system calls. Srndic and Laskov [15] presented a mimicry attack against PDF Rate [16], a system to detect malicious pdf files based on the random forest classifier.…”

Section: Related Workmentioning

confidence: 99%

“…Srndic and Laskov [9] applied a gradient descent-kernel density estimation attack against the PDF Rate system that uses SVM and random forest classifier. Biggio et al [10] demonstrated a gradient descent component against the SVM classifier and a neural network.…”

Section: Related Workmentioning

confidence: 99%

“…And over 70% of the advanced malware created today uses one or more evasion techniques to avoid detection 2 . Attackers collect the knowledge of machine learning based detection approach and develop new evasion techniques, such as new communication channel [4][5][6][7][8], mimicry attack [9,10], gradient descent attack [9,10], poison attack [11], and so on.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Fortifying Botnet Classification based on Venn-abers Prediction

Wang¹,

Gao²,

Zhang³

et al. 2017

dtcse

View full text Add to dashboard Cite

Abstract. Botnet is one of the most significant threats to the Internet so that many botnet detection approaches have been proposed based on machine learning techniques. But botnets evolve more and more rapidly and over 70% malware created today uses one or more evasion techniques to avoid detection. Consequently, botnet detection models based on static threshold is facing the concept drift challenge. In this paper, we introduced Venn-Abers algorithm into detection model to mitigate concept drift problem. We selected KNN and KDE as scoring classifier to build a Venn-Abers predictor. The experiments show that each prediction has a probability interval output by a Venn-Abers predictor that accurately indicate the quality of prediction. The drop of prediction quality is a signature for concept drift even when the prediction result is correct.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Fortifying Botnet Classification based on Venn-abers Prediction

Wang¹,

Gao²,

Zhang³

et al. 2017

dtcse

View full text Add to dashboard Cite

show abstract

“…Drift refers to the non-stationarity of data where the data distribution changes over time. This drift can be natural gradual drift, for example, changes to a user's preference over time, or adversarial drift where an adversary changes the data to purposefully decrease the classification accuracy [14,25,53]. For example, using malware re-packaging toolkits, known as Fully Un-Detectable or FUD crypters, malware vendors repackage malware to evade anti-virus tools [7].…”

Section: Active Learning For Securitymentioning

confidence: 99%

Adversarial Active Learning

Miller

Kantchelian

Afroz

et al. 2014

Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop

View full text Add to dashboard Cite

Active learning is an area of machine learning examining strategies for allocation of finite resources, particularly human labeling efforts and to an extent feature extraction, in situations where available data exceeds available resources. In this open problem paper, we motivate the necessity of active learning in the security domain, identify problems caused by the application of present active learning techniques in adversarial settings, and propose a framework for experimentation and implementation of active learning systems in adversarial contexts. More than other contexts, adversarial contexts particularly need active learning as ongoing attempts to evade and confuse classifiers necessitate constant generation of labels for new content to keep pace with adversarial activity. Just as traditional machine learning algorithms are vulnerable to adversarial manipulation, we discuss assumptions specific to active learning that introduce additional vulnerabilities, as well as present vulnerabilities that are amplified in the active learning setting. Lastly, we present a software architecture, Security-oriented Active Learning Testbed (SALT), for the research and implementation of active learning applications in adversarial contexts.

show abstract

“…For instance, an attacker inserts positively labeled datapoints with words of heavy negative sentiment.To our knowledge, our work is the first to demonstrate adversarial machine learning attacks in such a practical scenario. Recent work has also considered practical scenarios, but focused on evasion attacks [20,21].…”

Section: Introductionmentioning

confidence: 99%

On the Practicality of Integrity Attacks on Document-Level Sentiment Analysis

Newell

Potharaju

Xiang

et al. 2014

Proceedings of the 2014 Workshop on Artificial Intelligent and Security Workshop

View full text Add to dashboard Cite

Sentiment analysis plays an important role in the way companies, organizations, or political campaigns are run, making it an attractive target for attacks. In integrity attacks an attacker influences the data used to train the sentiment analysis classification model in order to decrease its accuracy. Previous work did not consider practical constraints dictated by the characteristics of data generated by a sentiment analysis application and relied on synthetic or preprocessed datasets inspired by spam, intrusion detection, or handwritten digit recognition. We identify and demonstrate integrity attacks against document-level sentiment analysis that take into account such practical constraints. Our attacks, while inspired by existing work, require novel improvements to function in a realistic environment where a victim performs typical steps such as data cleaning, labeling, and feature extraction prior to training the classification model. We demonstrate the effectiveness of the attacks on three datasets -two Twitter datasets and an Android dataset.

show abstract

Practical Evasion of a Learning-Based Classifier: A Case Study

Cited by 240 publications

References 37 publications

Fortifying Botnet Classification based on Venn-abers Prediction

Fortifying Botnet Classification based on Venn-abers Prediction

Adversarial Active Learning

On the Practicality of Integrity Attacks on Document-Level Sentiment Analysis

Contact Info

Product

Resources

About