Title :
Attacking the IDS learning processes
Author :
Pevny, Tomas ; Komon, Martin ; Rehaky, Martin
Author_Institution :
Czech Tech. Univ. in Prague, Prague, Czech Republic
Abstract :
We study the problem of directed attacks on the learning process of an anomaly-based Intrusion Detection System (IDS). We assume that the attack is performed by a knowledgeable attacker with an access to system´s inputs, outputs, and all internal states. The attacker uses his knowledge of the IDS (implemented as an ensemble of anomaly detection algorithms) and its internal states to design the strongest undetectable attack of a particular type. We have experimented with different attacks against several anomaly detection algorithms individually, and against their combination. We show that while the individual anomaly detection algorithms can be easily avoided by the worst-case attacker that we assume, it is nearly impossible to avoid them simultaneously. These results were achieved during the experiments performed on university network traffic and are consistent with theoretical hypothesis grounded in steganalysis and watermarking.
Keywords :
security of data; steganography; telecommunication traffic; watermarking; IDS learning processes; anomaly detection algorithms; anomaly-based intrusion detection system; directed attacks; knowledgeable attacker; steganalysis; university network traffic; watermarking; Adaptation models; Detection algorithms; Detectors; Entropy; Intrusion detection; Ports (Computers);
Conference_Titel :
Acoustics, Speech and Signal Processing (ICASSP), 2013 IEEE International Conference on
Conference_Location :
Vancouver, BC
DOI :
10.1109/ICASSP.2013.6639362
