Randomized Anagram revisited

Journal of Network and Computer Applications

Volumn 41, Issue 1, 2014, Pages 182-196

  Pastrana, Sergio ^a   Orfila, Agustin ^a   Tapiador, Juan E ^a   Peris Lopez, Pedro ^a  

^a UNIVERSIDAD CARLOS III DE MADRID   (Spain)

Author keywords

Adversarial classification; Anomaly detection; Evasion attacks; Intrusion detection systems; Keywords

Indexed keywords

COMPUTER CRIME; LEARNING ALGORITHMS;

ADVERSARIAL CLASSIFICATIONS; ANOMALY DETECTION; EVASION ATTACKS; INTRUSION DETECTION SYSTEMS; KEYWORDS;

RANDOM PROCESSES;

EID: 84899065894     PISSN: 10848045     EISSN: 10958592     Source Type: Journal    
DOI: 10.1016/j.jnca.2013.11.006     Document Type: Article

References (42)

1. D. Ariu, R. Tronci, and G. Giacinto HMMPayl an intrusion detection system based on hidden Markov models Comput Secur 30 2011 221 241
2. Aziz A, Salama M, ella Hassanien A, El-Ola Hanafi S. Detectors generation using genetic algorithm for a negative selection inspired anomaly network intrusion detection system. In: 2012 federated conference on computer science and information systems (FedCSIS); 2012. p. 597-602.
3. Barreno M, Nelson B, Sears R, Joseph AD, Tygar J. Can machine learning be secure? In: Proceedings of the 2006 ACM symposium on information, computer and communications security, ACM; 2006. p. 16-25. (Pubitemid 46644722)
4. M. Barreno, B. Nelson, A.D. Joseph, and J. Tygar The security of machine learning Mach Learn 81 2010 121 148
5. B. Biggio, G. Fumera, and F. Roli Multiple classifier systems for robust classifier design in adversarial environments Int J Mach Learn Cybern 1 2010 27 41
6. B. Biggio, G. Fumera, and F. Roli Security evaluation of pattern classifiers under attack IEEE Trans Knowl Data Eng 99 2013 1
7. B.H. Bloom Space/time trade-offs in hash coding with allowable errors Commun ACM 13 1970 422 426
8. D. Brumley, and D. Boneh Remote timing attacks are practical Comput Netw 48 2005 701 716 (Pubitemid 40684158)
9. Champion T, Durst R. Air force intrusion detection system evaluation environment. In: Recent advances in intrusion detection (RAID); 1999.
10. Chen S, Wang R, Wang X, Zhang K. Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: 2010 IEEE symposium on security and privacy (SP), IEEE; 2010. p. 191-206.
11. Chung SP, Mok AK. Advanced allergy attacks: does a corpus really help? In: Recent advances in intrusion detection. Springer; 2007. p. 236-55.
12. I. Corona, G. Giacinto, and F. Roli Adversarial attacks against intrusion detection systems taxonomy, solutions and open issues Inf Sci 239 2013 201 225
13. Fogla P, Lee W. Evading network anomaly detection systems: formal reasoning and practical techniques. In: Proceedings of the 13th ACM conference on computer and communications security. ACM, Alexandria, VA, USA; 2006. p. 59-68. (Pubitemid 47131356)
14. Fogla P, Sharif M, Perdisci R, Kolesnikov O, Lee W. Polymorphic blending attacks. In: Proceedings of the 15th USENIX security symposium, USENIX, Vancouver, BC, Canada; 2006. p. 241-56.
15. Hadziosmanovic D, Simionato L, Bolzoni D, Zambon E, Etalle S. N-gram against the machine: on the feasibility of the n-gram network analysis for binary protocols. In: Recent advances in intrusion detection. Lecture notes in computer science, vol. 7462. Springer; 2012. p. 354-73.
16. B. Hu, and Y. Shen Machine learning based network traffic classification a survey J Inf Comput Sci 9 2012 3161 3170
17. Huang L, Joseph AD, Nelson B, Rubinstein BI, Tygar JD. Adversarial machine learning. In: Proceedings of the 4th ACM workshop on security and artificial intelligence, AISec '11, ACM, New York, NY, USA; 2011. p. 43-58.
18. M. Kloft, and P. Laskov Online anomaly detection under adversarial impact J Mach Learn Res - Proc Track 9 2010 405 412
19. Kolesnikov O, Lee W. Advanced polymorphic worms: evading IDS by blending in with normal traffic. Technical Report, Georgia Institute of Technology; 2005.
20. G. Kumar, K. Kumar, and M. Sachdeva The use of artificial intelligence based techniques for intrusion detection a review Artif Intell Rev 34 2010 369 387
21. S. Lee, G. Kim, and S. Kim Self-adaptive and dynamic clustering for online anomaly detection Expert Syst Appl 38 2011 14891 14898
22. H.-J. Liao, C.-H.R. Lin, Y.-C. Lin, and K.-Y. Tung Intrusion detection system a comprehensive review J Netw Comput Appl 36 2013 16 24
23. Lowd D, Meek C. Adversarial learning. In: Proceedings of the eleventh ACM SIGKDD international conference on knowledge discovery in data mining. ACM; 2005. p. 641-7. (Pubitemid 43218333)
24. Mrdovic S, Drazenovic B. Kids: keyed intrusion detection system. In: Proceedings of the 7th international conference on detection of intrusions and malware, and vulnerability assessment, DIMVA'10, Springer-Verlag, Berlin, Heidelberg; 2010. p. 173-82.
25. Mutz D, Vigna G, Kemmerer R. An experience developing an IDS stimulator for the black-box testing of network intrusion detection systems. In: Proceedings of the 19th IEEE annual computer security applications conference; 2003. p. 374-83.
26. Pastrana S, Orfila A, Ribagorda A. A functional framework to evade network IDS. In: Proceedings of the 44th IEEE Hawaii international conference on systems sciences, Koloa, Hawaii, USA; 2011, p. 1-10.
27. S. Pastrana, A. Mitrokotsa, A. Orfila, and P. Peris-Lopez Evaluation of classification algorithms for intrusion detection in MANETs Knowl-Based Syst 36 2012 217 225
28. Perdisci R, Dagon D, Lee W, Fogla P, Sharif M. Misleading worm signature generators using deliberate noise injection. In: Proceedings of the 2006 IEEE symposium on security and privacy. IEEE; 2006, p. 17-31. (Pubitemid 44753709)
29. R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee McPAD a multiple classifier system for accurate payload-based anomaly detection Comput Netw 53 2009 864 881
30. Ptacek TH, Newsham TN. Insertion, evasion, and denial of service: eluding network intrusion detection. Technical Report, Secure Networks, Inc., Syracuse, NY, USA; 1998.
31. Roesch M. Snort: lightweight intrusion detection for networks. In: Proceedings of the 13th systems administration conference, USENIX, Seattle, WA, USA; 1999. p. 229-38.
32. K. Satpute, S. Agrawal, J. Agrawal, and S. Sharma A survey on anomaly detection in network intrusion detection system using particle swarm optimization based machine learning techniques Adv Intell Syst Comput 199 2013 441 452
33. Scarfone KA, Mell PM. SP 800-94. Guide to intrusion detection and prevention systems (IDPS), Technical Report, Gaithersburg, MD, United States; 2007.
34. Shankar U. Active mapping: resisting NIDS evasion without altering traffic. In: Proceedings of the 2002 IEEE symposium on security and privacy, Oakland, CA, USA; 2002. p. 44-61.
35. Sommer R, Paxson V. Outside the closed world: on using machine learning for network intrusion detection. In: Proceedings of the 2010 IEEE symposium on security and privacy, SP '10, IEEE Computer Society, Washington, DC, USA; 2010. p. 305-16.
36. Song Y, Locasto ME, Stavrou A, Keromytis AD, Stolfo SJ. On the infeasibility of modeling polymorphic shellcode. In: Proceedings of the 14th ACM conference on computer and communications security, CCS '07, ACM, New York, NY, USA; 2007. p. 541-51.
37. J. Song, H. Takakura, Y. Okabe, and K. Nakao Toward a more practical unsupervised anomaly detection system Inf Sci Int J 231 2013 4 14
38. Vigna G, Robertson W, Balzarotti D. Testing network-based intrusion detection signatures using mutant exploits. In: Proceedings of the 11th ACM conference on computer and communications security, ACM, Washington, DC, USA; 2004. p. 21.
39. Vutukuru M, Balakrishnan H, Paxson V. Efficient and robust TCP stream normalization. In: Proceedings of the 2008 IEEE symposium on security and privacy. Oakland, CA, USA; 2008. p. 96-110.
40. Wang K. Network payload-based anomaly detection and content-based alert correlation (Ph.D. thesis), New York, NY, USA; 2007.
41. K. Wang, and S. Stolfo Anomalous payload-based network intrusion detection E. Jonsson, A. Valdes, M. Almgren, Recent advances in intrusion detection. Lecture notes in computer science vol. 3224 2004 Springer Berlin/Heidelberg 203 222 (Pubitemid 39741895)
42. Wang K, Parekh JJ, Stolfo SJ. Anagram: a content anomaly detector resistant to mimicry attack. In: Proceedings of the 9th international symposium on recent advances in intrusion detection. Lecture notes in computer science, vol. 4219. Springer, Hamburg, Germany; 2006. p. 226-48. (Pubitemid 44617855)