Attacking the IDS learning processes

Author

Pevny, Tomas ; Komon, Martin ; Rehaky, Martin

Author_Institution

Czech Tech. Univ. in Prague, Prague, Czech Republic

fYear

2013

Firstpage

8687

Lastpage

8691

Abstract

We study the problem of directed attacks on the learning process of an anomaly-based Intrusion Detection System (IDS). We assume that the attack is performed by a knowledgeable attacker with an access to system´s inputs, outputs, and all internal states. The attacker uses his knowledge of the IDS (implemented as an ensemble of anomaly detection algorithms) and its internal states to design the strongest undetectable attack of a particular type. We have experimented with different attacks against several anomaly detection algorithms individually, and against their combination. We show that while the individual anomaly detection algorithms can be easily avoided by the worst-case attacker that we assume, it is nearly impossible to avoid them simultaneously. These results were achieved during the experiments performed on university network traffic and are consistent with theoretical hypothesis grounded in steganalysis and watermarking.

Keywords

security of data; steganography; telecommunication traffic; watermarking; IDS learning processes; anomaly detection algorithms; anomaly-based intrusion detection system; directed attacks; knowledgeable attacker; steganalysis; university network traffic; watermarking; Adaptation models; Detection algorithms; Detectors; Entropy; Intrusion detection; Ports (Computers);

fLanguage

English

Publisher

ieee

Conference_Titel

Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on

Conference_Location

Vancouver, BC

ISSN

1520-6149

Type

conf

DOI

10.1109/ICASSP.2013.6639362

Filename

6639362