Casting out demons: Sanitizing training data for anomaly sensors

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2008, Pages 81-95

  Cretu, Gabriela F ^a   Stavrou, Angelos ^b   Locasto, Michael E ^c   Stolfo, Salvatore J ^a   Keromytis, Angelos D ^a  

^a Department of Earth and Environmental Sciences

^b Krasnow Institute for Advanced Study

^c DARTMOUTH COLLEGE   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ANOMALOUS EVENTS; ANOMALY DETECTIONS; COLLABORATIVE APPROACH; GROUND TRUTH; HIGH-QUALITY; MICRO-MODELS; MULTIPLE MODELING; REALISTIC DATA; SANITIZATION; SANITIZATION PROCESSES; SECURITY AND PRIVACY; SINGLE SITES; TRAINING DATA; TRAINING PHASE; VOTING SCHEMES;

COMBINES; LABELING; SENSORS;

COMPUTER CRIME;

EID: 50249170401     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2008.11     Document Type: Conference Paper

References (31)

1. th USENIX Security Symposium, August 2005.
2. L. Breiman. Bagging Predictors. Machine Learning, 24(2):123-140, 1996.
3. P. K. Chan and S. J. Stolfo. Experiments in Multistrategy Learning by Meta-Learning. In Proceedings of the second international conference on information and knowledge management, pages 314-323, Washington, DC, 1993.
4. J. R. Crandall, Z. Su, S. F. Wu, and F. T. Chong. On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits. In ACM Conference on Computer and Communications Security, Alexandria, VA, 2005.
5. G. F. Cretu, A. Stavrou, S. J. Stolfo, and A. D. Keromytis. Data Sanitization: Improving the Forensic Utility of Anomaly Detection Systems. In Workshop on Hot Topics in System Dependability (HotDep), 2007.
6. T. Detristan, T. Ulenspiegel, Y. Malcom, and M. S. von Underduk. Polymorphic Shellcode Engine Using Spectrum Analysis. Phrack, 11(61-9), 2003.
7. T. G. Dietterich. Ensemble Methods in Machine Learning. Lecture Notes in Computer Science, 1857:1-15, 2000.
8. P. Domingos. Metacost: A general method for making classifiers cost-sensitive. In Knowledge Discovery and Data Mining, pages 155-164, 1999.
9. th ACM Conference on Computer and Communications Security (CCS), pages 59-68, 2006.
10. th Workshop on Hot Topics in Operating Systems, pages 67-72, 1997.
11. Y. Freund and R. E. Schapire. A decision-theoretic generalization of on-line learning and an application to boosting. In European Conference on Computational Learning Theory, pages 23-37, 1995.
12. S. S. Janak Parekh, Ke Wang. Privacy-preserving payload-based correlation for accurate malicious traffic detection. In SIGCOMM Workshop on Large Scale Attack Defense, 2006.
13. C. Kruegel, T. Toth, and E. Kirda. Service Specific Anomaly Detection for Network Intrusion Detection. In Symposium on Applied Computing (SAC), Madrid, Spain, 2002.
14. R. P. Lippmann and J. Haines. Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation. In Proceedings of the Recent Advances in Intrusion Detection (RAID 2000), pages 162-182, 2000.
15. J. McHugh. Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory. ACM TISSEC, 3(4):262-291, 2000.
16. D. Moore and C. Shannon. The Spread of the Code Red Worm (CRv2). http://www.caida.org/analysis/security/code-red/coderedv2 analysis.xml.
17. J. Newsome, B. Karp, and D. Song. Polygraph: Automatically Generating Signatures for Polymorphic Worms. In IEEE Security and Privacy, Oakland, CA, 2005.
18. J. J. Parekh. Privacy-Preserving Distributed Event Corroboration. PhD thesis, Columbia University, 2007.
19. B. Parmanto, M. P. W., and H. R. Doyle. Improving Committee Diagnosis with Resampling Techniques. Advances in Neural Information Processing Systems, 8:882-888, 1996.
20. nd International Workshop on Automated and Algorithmic Debugging, 1995.
21. S. Sidiroglou, M. E. Locasto, S. W. Boyd, and A. D. Keromytis. Building a Reactive Immune System for Software Services. In Proceedings of the USENIX Technical Conference, June 2005.
22. th USENIX Security Symposium, August 2000.
23. Y. Song, M. E. Locasto, A. Stavrou, A. D. Keromytis, and S. J. Stolfo. On the Infeasibility of Modeling Polymorphic Shellcode. In ACM Computer and Communications Security Conference (CCS), 2007.
24. S. Stolfo, W. Fan, W. Lee, A. Prodromidis, and P. Chan. Cost-based Modeling for Fraud and Intrusion Detection: Results from the JAM Project. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX), 2000.
25. K. M. Tan and R. A. Maxion. Why 6? Defining the Operational Limits of stide, an Anomaly-Based Intrusion Detector. In Proceedings of the IEEE Symposium on Security and Privacy, pages 188-201, May 2002.
26. th New Security Paradigms Workshop (NSPW), pages 21-29, September 2006.
27. D. Wagner and P. Soto. Mimicry Attacks on Host-Based Intrusion Detection Systems. In ACM CCS, 2002.
28. K. Wang, G. Cretu, and S. J. Stolfo. Anomalous Payload-based Worm Detection and Signature Generation. In Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID), September 2005.
29. K. Wang, J. J. Parekh, and S. J. Stolfo. Anagram: A Content Anomaly Detector Resistant toMimicry Attack. In Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID), September 2006.
30. K. Wang and S. J. Stolfo. Anomalous Payload-based Network Intrusion Detection. In Proceedings of the Symposium on Recent Advances in Intrusion Detection (RAID), September 2004.
31. D. Wolpert. Stacked Generalization. In Neural Networks, volume 5, pages 241-259, 1992.