Attacking the IDS learning processes

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F13%3A00210663" target="_blank" >RIV/68407700:21230/13:00210663 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1109/ICASSP.2013.6639362" target="_blank" >http://dx.doi.org/10.1109/ICASSP.2013.6639362</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/ICASSP.2013.6639362" target="_blank" >10.1109/ICASSP.2013.6639362</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Attacking the IDS learning processes

Popis výsledku v původním jazyce

Abstract We study the problem of directed attacks on the learning process of an anomaly-based Intrusion Detection System (IDS). We assume that the attack is performed by a knowledgeable attacker with an access to system's inputs, outputs, and all internal states. The attacker uses his knowledge of the IDS (implemented as an ensemble of anomaly detection algorithms) and its internal states to design the strongest undetectable attack of a particular type. We have experimented with different attacks against several anomaly detection algorithms individually, and against their combination. We show that while the individual anomaly detection algorithms can be easily avoided by the worst-case attacker that we assume, it is nearly impossible to avoid them simultaneously. These results were achieved during the experiments performed on university network traffic and are consistent with theoretical hypothesis grounded in steganalysis and watermarking.

Název v anglickém jazyce

Attacking the IDS learning processes

Popis výsledku anglicky

Abstract We study the problem of directed attacks on the learning process of an anomaly-based Intrusion Detection System (IDS). We assume that the attack is performed by a knowledgeable attacker with an access to system's inputs, outputs, and all internal states. The attacker uses his knowledge of the IDS (implemented as an ensemble of anomaly detection algorithms) and its internal states to design the strongest undetectable attack of a particular type. We have experimented with different attacks against several anomaly detection algorithms individually, and against their combination. We show that while the individual anomaly detection algorithms can be easily avoided by the worst-case attacker that we assume, it is nearly impossible to avoid them simultaneously. These results were achieved during the experiments performed on university network traffic and are consistent with theoretical hypothesis grounded in steganalysis and watermarking.

Druh

D - Stať ve sborníku

CEP obor

JD - Využití počítačů, robotika a její aplikace

OECD FORD obor

—

Projekt

<a href="/cs/project/GPP103%2F12%2FP514" target="_blank" >GPP103/12/P514: Detekce anomalií v reálném čase a časově nestálem prostředí</a><br>

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2013

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on

ISBN

9781479903566

ISSN

1520-6149

e-ISSN

—

Počet stran výsledku

5

Strana od-do

8687-8691

Název nakladatele

IEEE

Místo vydání

Piscataway

Místo konání akce

Vancouver

Datum konání akce

26. 5. 2013

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—