Abstract
A fundamental drawback of current anomaly detection systems (ADSs) is the ability of a skilled attacker to evade detection. This is due to the flawed assumption that an attacker does not have any information about an ADS. Advanced persistent threats that are capable of monitoring network behavior can always estimate some information about ADSs which makes these ADSs susceptible to evasion attacks. Hence in this paper, we first assume the role of an attacker to launch evasion attacks on anomaly detection systems. We show that the ADSs can be completely paralyzed by parameter estimation attacks. We then present a mathematical model to measure evasion margin with the aim to understand the science of evasion due to ADS design. Finally, to minimize the evasion margin, we propose a key-based randomization scheme for existing ADSs and discuss its robustness against evasion attacks. Case studies are presented to illustrate the design methodology and extensive experimentation is performed to corroborate the results.
| Original language | English |
|---|---|
| Title of host publication | 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 460-468 |
| Number of pages | 9 |
| ISBN (Electronic) | 9781467378765 |
| DOIs | |
| State | Published - 3 Dec 2015 |
| Externally published | Yes |
| Event | 3rd IEEE International Conference on Communications and Network Security, CNS 2015 - Florence, Italy Duration: 28 Sep 2015 → 30 Sep 2015 |
Publication series
| Name | 2015 IEEE Conference on Communications and NetworkSecurity, CNS 2015 |
|---|
Conference
| Conference | 3rd IEEE International Conference on Communications and Network Security, CNS 2015 |
|---|---|
| Country/Territory | Italy |
| City | Florence |
| Period | 28/09/15 → 30/09/15 |
Bibliographical note
Publisher Copyright:© 2015 IEEE.
ASJC Scopus subject areas
- Computer Networks and Communications