@inproceedings{7da7e620848f46628e9d245d5af3ffdf,
title = "Poster: Revisiting anomaly detection system design philosophy",
abstract = "The inherent design of anomaly detection systems (ADSs) make them highly susceptible to evasion attacks and hence their wide-spread commercial deployment has not been witnessed. There are two main reasons for this: 1) ADSs incur high false positives; 2) Are highly susceptible to evasion attacks (false negatives). While efforts have been made to minimize false positives, evasion is still an open problem. We argue that ADSs design is inherently flawed since it relies on the ADS's detection logic and feature space which is trivial to estimate. In information security e.g. cryptographic algorithms (such as DES), security is inherently dependent upon the key and not the algorithm, which makes these systems very robust by rendering evasion computationally infeasible. We believe there is a need to redesign the anomaly detection systems similar to cryptographic systems. We propose to randomize the feature space of an ADS such that it acts as a cryptographic key for the ADS and hence this randomized feature space is used by the ADS logic for detection of anomalies. This would make the evasion of the ADS computationally infeasible for the attacker.",
keywords = "evasion, intrusion detection systems",
author = "Ashfaq, \{Ayesha Binte\} and Ali, \{Muhammad Qasim\} and Ehab Al-Shaer and Khayam, \{Syed Ali\}",
year = "2013",
doi = "10.1145/2508859.2512529",
language = "English",
isbn = "9781450324779",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
pages = "1473--1475",
booktitle = "CCS 2013 - Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security",
note = "2013 ACM SIGSAC Conference on Computer and Communications Security, CCS 2013 ; Conference date: 04-11-2013 Through 08-11-2013",
}