Evading Anomaly Detection through Variance Injection Attacks on PCA

(Extended Abstract)
  • Benjamin I. P. Rubinstein
  • Blaine Nelson
  • Ling Huang
  • Anthony D. Joseph
  • Shing-hon Lau
  • Nina Taft
  • J. D. Tygar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5230)

Abstract

Whenever machine learning is applied to security problems, it is important to measure vulnerabilities to adversaries who poison the training data. We demonstrate the impact of variance injection schemes on PCA-based network-wide volume anomaly detectors, when a single compromised PoP injects chaff into the network. These schemes can increase the chance of evading detection by sixfold, for DoS attacks.

References

  1. 1.
    Barreno, M., Nelson, B., Joseph, A.D., Tygar, J.D.: The security of machine learning. Technical Report UCB/EECS-2008-43, UC Berkeley (April 2008)Google Scholar
  2. 2.
    Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: Proc. SIGCOMM 2004, pp. 219–230 (2004)Google Scholar
  3. 3.
    Rubinstein, B.I.P., Nelson, B., Huang, L., Joseph, A.D., Lau, S., Taft, N., Tygar, J.D.: Compromising PCA-based anomaly detectors for network-wide traffic. Technical report UCB/EECS-2008-73, UC Berkeley (May 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Benjamin I. P. Rubinstein
    • 1
  • Blaine Nelson
    • 1
  • Ling Huang
    • 2
  • Anthony D. Joseph
    • 1
    • 2
  • Shing-hon Lau
    • 1
  • Nina Taft
    • 2
  • J. D. Tygar
    • 1
  1. 1.UC Berkeley 
  2. 2.Intel ResearchBerkeley 

Personalised recommendations