Practical evasion of a learning-based classifier: A case study

Proceedings - IEEE Symposium on Security and Privacy

Volumn , Issue , 2014, Pages 197-211

  Šrndić, Nedim ^a   Laskov, Pavel ^a  

^a UNIVERSITY OF TÜBINGEN   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

TAXONOMIES;

AMOUNT OF INFORMATION; CLASSIFIER SYSTEMS; DEFENSE MECHANISM; DEPLOYED SYSTEMS; DETECTION ACCURACY; EVASION STRATEGY; POTENTIAL TECHNIQUES; TEST CASE;

ONLINE SYSTEMS;

EID: 84914145282     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SP.2014.20     Document Type: Conference Paper

References (47)

1. U. Bayer, P. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda, "Scalable, behavior-based malware clustering," in Network and Distributed System Security Symposium (NDSS), 2009.
2. O. Thonnard, "A multicriteria clustering approach to support attack attribution in cyberspace." Ph.D. dissertation, Ecole Doctorale d'Informatique, Télécommunications et Electronique de Paris, 2010.
3. M. Cova, C. Kruegel, and G. Vigna, "Detection and analysis of driveby-download attacks and malicious Java Script code," in International Conference on World Wide Web (WWW), 2010, pp. 281-290.
4. M. A. Rajab, L. Ballard, N. Lutz, P. Mavrommatis, and N. Provos, "CAMP: Content-agnostic malware protection," in Network and Distributed System Security Symposium (NDSS), 2013.
5. D. Canali, M. Cova, G. Vigna, and C. Kruegel, "Prophiler: a fast filter for the large-scale detection of malicious web pages," in International Conference on World Wide Web (WWW), 2011, pp. 197-206.
6. G. Stringhini, C. Kruegel, and G. Vigna, "Shady paths: leveraging surfing crowds to detect malicious web pages," in ACM Conference on Computer and Communications Security (CCS), 2013, pp. 133-144.
7. M. Egele, G. Stringhini, C. Kruegel, and G. Vigna, "COMPA: Detecting compromised accounts on social networks." in Network and Distributed System Security Symposium (NDSS), 2013.
8. D. M. Freeman, "Using naive bayes to detect spammy names in social networks," in ACM Workshop on AI and Security (AISec), 2013, pp. 3-12.
9. B. Rahbarinia, R. Perdisci, A. Lanzi, and K. Li, "Peerrush: mining for unwanted p2p traffic," in Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2013, pp. 62-82.
10. M. Barreno, B. Nelson, A. Joseph, and J. Tygar, "The security of machine learning," Machine Learning, vol. 81, no. 2, pp. 121-148, 2010.
11. M. Kearns and M. Li, "Learning in the presence of malicious errors," SIAM Journal on Computing, vol. 22, no. 4, pp. 807-837, 1993.
12. M. Brückner, C. Kanzow, and T. Scheffer, "Static prediction games for adversarial learning problems," Journal of Machine Learning Research, pp. 2617-2654, 2012.
13. M. Kloft and P. Laskov, "Security analysis of online centroid anomaly detection," Journal of Machine Learning Research, vol. 13, pp. 3133-3176, 2012.
14. B. Biggio, G. Fumera, and F. Roli, "Security evaluation of pattern classifiers under attack," IEEE Transactions on Knowledge and Data Engineering, vol. 99, no. PrePrints, p. 1, 2013.
15. P. Fogla, M. Sharif, R. Perdisci, O. Kolesnikov, and W. Lee, "Polymorphic blending attacks," in USENIX Security Symposium, 2006, pp. 241-256.
16. R. Perdisci, D. Dagon, W. Lee, P. Fogla, and M. Sharif, "Misleading worm signature generators using deliberate noise injection," in IEEE Symposium on Security and Privacy, 2006, pp. 17-31.
17. B. Biggio, B. Nelson, and P. Laskov, "Poisoning attacks against support vector machines," in International Conference on Machine Learning, 2012.
18. Y. Lindell and B. Pinkas, "Privacy preserving data mining," in International Cryptology Conference on Advances in Cryptology (CRYPTO), 2000, pp. 36-54.
19. C. Dwork, "Differential privacy: a survey of results," in International conference on theory and applications of models of computation (TAMC), 2008, pp. 1-19.
20. P. Fogla and W. Lee, "Evading network anomaly detection systems: formal reasoning and practical techniques," in ACM Conference on Computer and Communications Security, 2006, pp. 59-68.
21. D. Lowd and C. Meek, "Good word attacks on statistical spam filters," in Proceedings of the ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, 2005, pp. 641-647.
22. B. Biggio, I. Corona, D. Maiorca, B. Nelson, N. Šrndić, P. Laskov, G. Giacinto, and F. Roli, "Evasion attacks against machine learning at test time," in European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases, 2013. [Online]. Available: http://dx.doi.org/10.1007/978-3-642-40994-3 25
23. C. Smutz and A. Stavrou, "Malicious PDF detection using metadata and structural features," in Annual Computer Security Applications Conference (ACSAC), 2012, pp. 239-248.
24. -, "Malicious PDF detection using metadata and structural features," Available at http://cs.gmu.edu, Department of Computer Science, George Mason University, 4400 University Drive MSN 4A5, Fairfax, VA 22030-4444 USA, Tech. Rep. GMU-CS-TR-2012-5, 2012.
25. D. Sculley, M. E. Otey, M. Pohl, B. Spitznagel, J. Hainsworth, and Y. Zhou, "Detecting adversarial advertisements in the wild," in ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD), 2011, pp. 274-282.
26. B. Nelson, M. Barreno, F. J. Chi, A. D. Joseph, B. I. P. Rubinstein, U. Saini, C. Sutton, J. D. Tygar, and K. Xia, "Exploiting machine learning to subvert your spam filter," in USENIX Workshop on Largescale Exploits and Emergent Threats (LEET), 2008, pp. 1-9.
27. C. Yang, R. C. Harkreader, and G. Gu, "Die free or live hard? empirical evaluation and new design for fighting evolving twitter spammers," in Recent Adances in Intrusion Detection (RAID), 2011, pp. 318-337.
28. M. Brennan, S. Afroz, and R. Greenstadt, "Adversarial stylometry: Circumventing authorship recognition to preserve privacy and anonymity," ACM Transactions on Information Systems Security, vol. 15, no. 3, pp. 1-22, 2012.
29. G. Oberreuter, G. L'Huillier, S. A. Ríos, and J. D. Velásquez, "Outlierbased approaches for intrinsic and external plagiarism detection," in Knowledge-based and intelligent information and engineering systems, 2011, pp. 11-20.
30. "Document management - Portable document format - Part 1: PDF 1.7," http://www.adobe.com/devnet/pdf/pdf reference.html, 2008.
31. L. Breiman, "Random forests," Machine learning, vol. 45, no. 1, pp. 5-32, 2001.
32. S. Jana and V. Shmatikov, "Abusing file processing in malware detectors for fun and profit," in IEEE Symposium on Security and Privacy, 2012, pp. 80-94.
33. D. Maiorca, I. Corona, and G. Giacinto, "Looking at the bag is not enough to find the bomb: An evasion of structural methods for malicious pdf files detection," in SIGSAC Symposium on Information, Computer and Communications Security, 2013, pp. 119-130.
34. E. Parzen, "On estimation of a probability density function and mode," The Annals of Mathematical Statistics, vol. 33, no. 3, pp. 1065-1076, 1962.
35. C. Cortes and V. Vapnik, "Support vector networks," Machine Learning, vol. 20, pp. 273-297, 1995.
36. F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay, "Scikit-learn: Machine learning in Python," Journal of Machine Learning Research, vol. 12, pp. 2825-2830, 2011.
37. K. Wang, J. Parekh, and S. Stolfo, "Anagram: A content anomaly detector resistant to mimicry attack," in Recent Adances in Intrusion Detection (RAID), 2006, pp. 226-248.
38. K. Rieck and P. Laskov, "Language models for detection of unknown attacks in network traffic," Journal in Computer Virology, vol. 2, pp. 243-256, 2007.
39. J. Kolter and M. Maloof, "Learning to detect and classify malicious executables in the wild," Journal of Machine Learning Research, 2006, to appear.
40. Z. Shafiq, S. Khayam, and M. Farooq, "Embedded malware detection using markov n-grams," in Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2008, pp. 88-107.
41. K. Rieck, T. Krüger, and A. Dewald, "Cujo: Efficient detection and prevention of drive-by-download attacks," in Annual Computer Security Applications Conference (ACSAC), 2010, pp. 31-39.
42. P. Laskov and N. Šrndić, "Static detection of malicious JavaScriptbearing PDF documents," in Annual Computer Security Applications Conference (ACSAC), 2011, pp. 373-382.
43. A. Globerson and S. Roweis, "Nightmare at test time: Robust learning by feature deletion," in International Conference on Machine Learning (ICML), 2006, pp. 353-360.
44. O. Dekel, O. Shamir, and L. Xiao, "Learning to classify with missing and corrupted features," Machine Learning, vol. 81, no. 2, pp. 149-178, 2010.
45. F. Roli, G. Giacinto, and G. Vernazza, "Methods for designing multiple classifier systems," in Multiple Classifier Systems, 2001, pp. 78-87.
46. R. Perdisci, D. Ariu, P. Fogla, G. Giacinto, and W. Lee, "McPAD: A multiple classifier system for accurate payload-based anomaly detection," Computer Networks, vol. 53, no. 6, pp. 864-881, 2009.
47. B. Biggio, G. Fumera, and F. Roli, "Multiple classifier systems for adversarial classification tasks." in Multiple Classifier Systems, 2009, pp. 132-141.