Browse > Article
http://dx.doi.org/10.4218/etrij.2019-0140

Keyed learning: An adversarial learning framework-formalization, challenges, and anomaly detection applications  

Bergadano, Francesco (Dipartimento di Informatica, Universita degli Studi di Torino)
Publication Information
ETRI Journal / v.41, no.5, 2019 , pp. 608-618 More about this Journal
Abstract
We propose a general framework for keyed learning, where a secret key is used as an additional input of an adversarial learning system. We also define models and formal challenges for an adversary who knows the learning algorithm and its input data but has no access to the key value. This adversarial learning framework is subsequently applied to a more specific context of anomaly detection, where the secret key finds additional practical uses and guides the entire learning and alarm-generating procedure.
Keywords
adversarial learning; anomaly detection; keyed learning;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 G. Ruffo and F. Bergadano, Enfilter: a password enforcement and filter tool based on pattern recognition techniques, in Proc. Int. Conf. Image Analysis Process., Cagliari, Italy, Sept. 2005, pp. 75-82.
2 S. Y. Ooi, S. C. Tan, and C. W. Ping, Anomaly Based Intrusion Detection through Temporal Classification, in Proc. Int. Conf. Neural Inf. Process., Kuching, Malaysia, Nov. 2014, pp. 612-619.
3 J. Kim et al., A lightweight network anomaly detection technique, in Int. Conf. Comput., Netw. Commun.(ICNC), Santa Clara, CA, USA, Jan. 2017, pp. 1-5.
4 G. Wang, J. Yang, and R. Li, Imbalanced SVM based anomaly detection algorithm for imbalanced training datasets, ETRI J. 39 (2017), no. 5, 621-631.   DOI
5 P. Parrend et al., Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection, EURASIP J. Inf. Security 4 (2018), 1-21.
6 F. Maggi et al., Investigating web defacement campaigns at large, in Proc. Asia Conf. Comput. Commun. Security, Incheon, Rep. of Korea, June 2018, pp. 443-456.
7 C. Shen et al., Touch-interaction behavior for continuous user authentication on smartphones, in Proc. IEEE Int. Conf. Biometrics, Phuket, Thailand, May 2015, pp. 157-162.
8 M. Kearns and M. Li, Learning in the presence of malicious errors, SIAM J. Comput. 22 (1993), no. 4, 807-837.   DOI
9 F. Bergadano, D. Gunetti, and C. Picardi, Identity verification through dynamic keystroke analysis, Intell. Data Analysis J. 7 (2003), no. 5, 469-496.   DOI
10 D. Lowd and C. Meek, Adversarial Learning, in Proc. ACM Conf. Knowledge Discovery Data Mining, ACM, Chicago, IL, UDS, Aug. 2005, pp. 641-647.
11 L. Huang et al., Adversarial machine learning, in Proc. ACM Workshop Security Artif. Intell., Chicago, IL, USA, Oct. 2011, pp. 43-58.
12 R. Bendale et al., KIDS: Keyed Anomaly Detection System, Int. J. Adv. Eng. Res. Dev. 12 (2017), 312-325.
13 N. Srndic and P. Laskov, Practical evasion of a learning-based classifier: A case study, in Proc. IEEE Symp.Security Privacy, San Jose, CA, USA, May 2014, pp. 197-211.
14 J. E. Tapiador et al., Key-recovery attacks on KIDS, a keyed anomaly detection system, IEEE Trans. Dependable Secure Comput. 12 (2015), no. 3, 312-325.   DOI
15 C. Aggarwal, J. Pei, and B. Zhang, On privacy preservation against adversarial data mining, in Proc. ACM SIGKDD Int. Conf. Knowled. Discovery Data Mining, ACM, Philadelphia, PA, USA, Aug. 2006, pp. 510-516.
16 H. Xiao et al., Is feature selection secure against training data poisoning? in Proc. Int. Conf. Mach. Learn., Lille, France, July 2015, pp. 1689-1698.
17 F. Bergadano and A. Giordana, A knowledge intensive Approach to concept induction, in Proc. Fifth Int. Conf. Mach. Learn., Margan Kaufmann Publishers, Ann Arbor, MI, USA, June 1988, pp. 305-317.
18 T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5246, IETF, 2008, https://doi.org/10.17487/rfc5246.   DOI
19 J. Arkkom et al., MIKEY: Multimedia Internet KEYing, RFC3820, IETF, 2004, https://doi.org/10.6028/NIST.SP.800-108.   DOI
20 L. Chen, Recommendation for Key Derivation Using Pseudorandom Functions, NIST Special Publication 800-108, NIST, 2009.
21 Y. Vorobeychik and B. Li, Optimal randomized classification in adversarial settings, in Proc. Conf. Autonomous Agents Multiagent Syst., Paris, France, May 2014, pp. 485-492.
22 K. Wang, J. Parekh, and S. Stolfo, Anagram: a Content Anomaly Detector Resistant to Mimicry Attack, in Proc. Int. Conf. Recent Adv. Intrusion Detection, Springer, Hamburg, Germany, Sept. 2005, pp. 226-248.
23 S. Rota Bulo et al., Randomized prediction games for adversarial machine, learning, IEEE Trans. Neural Netw. Learn. Syst. 28 (2017), no. 11, 2466-2478.   DOI
24 M. Bellare, R. Canetti, and H. Krawczyk, Keying hash functions for message authentication, in Proc. Auun. Int. Cryptology Conf., Santa Barbara, CA, USA, Sug. 1996, pp. 1-15.
25 M. Barreno et al., Can machine learning be secure? in Proc. ACM Symp. Inf., Comput. Commun. Security (AsiaCCS), ACM, Taipei, Taiwan, Mar. 2006, pp. 16-25.
26 R. S. Mrdovic and B. Drazenovic, KIDS: a Keyed Intrusion Detection System, in Proc. Int. Conf. Detection Intrusions Malware, Vulnerability Assessment (DIMVA), IEEE, Bonn, Germany, July 2010, pp. 173-182.
27 B. Biggio, G. Fumera, and F. Roli, Adversarial pattern classification using multiple classifiers and randomization, in Proc. Joint IAPR Int. Workshop Structural, Syntactic, Statistical Pattern Recogn., Springer, Orlando, FL, USA, Dec. 2008, pp. 500-509.
28 V. M. Lomte and D. Patil, Survey on keyed IDS and key recovery attacks, Int. J. Sci. Research 4 (2015), no. 12, 846-849.
29 R. Perdisci et al., McPAD: a multiple classifier system for accurate payload-based anomaly detection, Comput. Netw. 53 (2009), no. 6, 864-881.   DOI
30 F. Bergadano et al., Defacement response via keyed learning, in Proc. Int. Conf. Inf. Intell. Syst. Applicat., Larnaca, Cyprus, Aug. 2017, pp. 1-6.
31 G. Davanzo, E. Medvet, and A. Bartoli, Anomaly detection techniques for a web defacement monitoring service, Expert Syst. Applicat. 38 (2011), no. 10, 12521-12530.   DOI
32 K. Scarfone, W. Jansenamd, and M. Tracy, Guide to General Server Security, Section 2.4, Special Publication 800-123, NIST, Gaithersburg, MD, 2008.
33 Y. Bae, I. Kim, and S. O. Hwang, An efficient detection of TCP Syn flood attacks with spoofed IP addresses, J. Intell. Fuzzy Syst. 35 (2018), no. 6, 5983-5991.   DOI
34 N. Munaiah et al., Are Intrusion Detection Studies Evaluated Consistently? A Systematic Literature Review, Technical Report, University of Rochester, 2016.
35 S. Anwar et al., From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions, MDPI Algorithms J. 10 (2017), no. 39, 1-24.
36 S. Kim and B. B. Kang, FriSM: malicious exploit kit detection via feature-based string-similarity matching, in Proc. Int. Conf. Security Privacy Commun. Netw., Singapore, Aug. 2018, pp. 416-432.
37 Q. T. Hai and S. O. Hwang, An efficient classification of malware behavior using deep neural network, J. Intell. Fuzzy Syst. 35 (2018), no. 6, 5801-5814.   DOI
38 K. Borgolte, C. Kruegel, and G. Vigna, Meerkat: Detecting website defacements through image-based object recognition, in Proc. USENIX Security Symp., Washington, D.C., USA, Aug. 2015, pp. 595-610.
39 A. Bartoli, G. Davanzo, and E. Medvet, A framework for largescale detection of web site defacements, ACM Trans. Internet Technol. 10 (2010), no. 3, 1-3.
40 X. Liao et al., Seeking nonsense, looking for trouble: efficient promotional-infection detection through semantic inconsistency search, in Proc. IEEE Symp. Security Privacy, San Jose, CA, USA, May 2016, pp. 707-723.
41 A. Basso and F. Bergadano, Anti-bot strategies based on human interactive proofs, in Handbook of Information and Communication Security, Springer, New York, 2010, pp. 273-291.