assessing the feasibility of machine learning to detect
play

Assessing the Feasibility of Machine Learning to Detect Network - PowerPoint PPT Presentation

Nov 08, 2022 •227 likes •395 views

Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo Barradas PhD Stage: Planner Advisors: Prof. Lus Rodrigues & Prof. Nuno Santos Research Area: Privacy-Enhancing Technologies Diogo Barradas - EuroSys

  1. Assessing the Feasibility of Machine Learning to Detect Network Covert Channels Name: Diogo Barradas PhD Stage: Planner Advisors: Prof. Luís Rodrigues & Prof. Nuno Santos Research Area: Privacy-Enhancing Technologies Diogo Barradas - EuroSys Doctoral Workshop 2018

  2. What’s All This About? What’s the Problem? ● Current unobservability assessments of covert channels are flawed ○ 2 Diogo Barradas - EuroSys Doctoral Workshop 2018

  3. What’s All This About? What’s the Problem? ● Current unobservability assessments of covert channels are flawed ○ Why Should We Care? ● Inaccurate unobservability assessments can place human lives in jeopardy ○ 3 Diogo Barradas - EuroSys Doctoral Workshop 2018

  4. What’s All This About? What’s the Problem? ● Current unobservability assessments of covert channels are flawed ○ Why Should We Care? ● Inaccurate unobservability assessments can place human lives in jeopardy ○ What Are You Going To Do About It? ● Develop a robust framework for the unobservability assessment of covert channels ○ 4 Diogo Barradas - EuroSys Doctoral Workshop 2018

  5. What’s All This About? What’s the Problem? ● Current unobservability assessments of covert channels are flawed ○ Why Should We Care? ● Inaccurate unobservability assessments can place human lives in jeopardy ○ What Are You Going To Do About It? ● Develop a robust framework for the unobservability assessment of covert channels ○ ● Then What? Foster the design of new tools to circumvent repressive network control ○ 5 Diogo Barradas - EuroSys Doctoral Workshop 2018

  6. Multiple Tools Generate Covert Channels in the Internet Recent approaches tunnel data through encrypted protocols ● e.g. Skype ○ 6 Diogo Barradas - EuroSys Doctoral Workshop 2018

  7. Covert Channels through Multimedia Protocol Tunneling Facet DeltaShaper Unidirectional (A/V) Bidirectional (V) Video Transmission Arbitrary Data Transmission 7 7 Diogo Barradas - EuroSys Doctoral Workshop 2018

  8. Adversaries can Learn from Encrypted Traffic Traffic analysis can detect unusual patterns in (encrypted) network flows ● Covert data must be carefully modulated to evade detection ● Security => Unobservability ○ Encrypted Traffic Analysis 8 Diogo Barradas - EuroSys Doctoral Workshop 2018

  9. Existing Unobservability Claims are Questionable Ad hoc covert channel evaluation ● Similarity-based classifiers only ○ ○ Unobservability measured against independently built classifiers Lack of theoretical reasoning in covert channel design ● Covert data embedding is guided through black-box experimentation ○ 9 Diogo Barradas - EuroSys Doctoral Workshop 2018

  10. Research Questions Are state-of-the-art covert channels observable? ● Can we better assess the unobservability of current tools? ● Can we accurately characterize covert data carrier protocols? ● Is it possible to provide theoretical bounds to unobservability? ● 10 Diogo Barradas - EuroSys Doctoral Workshop 2018

  11. Research Questions Are state-of-the-art covert channels observable? ● Can we better assess the unobservability of current tools? ● Can we accurately characterize covert data carrier protocols? ● Is it possible to provide theoretical bounds to unobservability? ● 11 Diogo Barradas - EuroSys Doctoral Workshop 2018

  12. Similarity-Based Detection Unobservability claims are dependent on the classifier ● Similarity-based classifiers cannot accurately detect covert traffic ● ROC AUC: ○ System / Classifier Chi-Square Earth Mover’s Distance Facet 0.83 0.58 DeltaShaper 0.74 0.57 Diogo Barradas - EuroSys Doctoral Workshop 2018

  13. Similarity-Based Detection Unobservability claims are dependent on the classifier ● Similarity-based classifiers cannot accurately detect covert traffic ● ROC AUC: ○ System / Classifier Chi-Square Earth Mover’s Distance Facet 0.83 0.58 DeltaShaper 0.74 0.57 Diogo Barradas - EuroSys Doctoral Workshop 2018

  14. Decision Tree-Based Detection Largely undermine previous unobservability claims ● ○ Facet: ROC AUC = 0.99 (vs 0.83) DeltaShaper: ROC AUC = 0.95 (vs 0.74) ○ Provide us insight on useful features for identifying covert channels ● Diogo Barradas - EuroSys Doctoral Workshop 2018

  15. Takeaways Ensuring unobservability is desirable for covert channels ● Past unobservability assessments are flawed ● Goal: build a rigorous framework for the assessment of unobservability ● Thank You! https://web.ist.utl.pt/diogo.barradas 15 Diogo Barradas - EuroSys Doctoral Workshop 2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Fairness and bias in Machine Learning A quick review on tools to detect biases in machine

Fairness and bias in Machine Learning A quick review on tools to detect biases in machine

QCon 2019 Fairness and bias in Machine Learning A quick review on tools to detect biases in machine learning model Thierry Silbermann, Tech Lead Data Science at Nubank thierry.silbermann@nubank.com.br Data collection Todays

870 views • 45 slides
Learning to Detect Faces A Large-Scale Application of Machine Learning ( This m aterial is not in

Learning to Detect Faces A Large-Scale Application of Machine Learning ( This m aterial is not in

Learning to Detect Faces A Large-Scale Application of Machine Learning ( This m aterial is not in the text: for further inform ation see the paper by P. Viola and M. Jones, I nternational Journal of Com puter Vision, 2 0 0 4 Viola-Jones Face

419 views • 26 slides
TAXONOMY AND CHALLENGES IN MACHINE LEARNING-BASED APPROACHES TO DETECT ATTACKS IN THE INTERNET

TAXONOMY AND CHALLENGES IN MACHINE LEARNING-BASED APPROACHES TO DETECT ATTACKS IN THE INTERNET

The 15th International Conference on Availability, Reliability and Security (ARES 2020) August 25 to August 28, 2020 in Dublin, Ireland ID-86 workshop paper (IoT-SECFOR) TAXONOMY AND CHALLENGES IN MACHINE LEARNING-BASED APPROACHES TO DETECT

583 views • 13 slides
Learning Theory CE-717: Machine Learning Sharif University of Technology M. Soleymani Fall 2016

Learning Theory CE-717: Machine Learning Sharif University of Technology M. Soleymani Fall 2016

Learning Theory CE-717: Machine Learning Sharif University of Technology M. Soleymani Fall 2016 Topics Feasibility of learning PAC learning VC dimension Structural Risk Minimization (SRM) 2 Feasibility of learning Does the

673 views • 66 slides
Predicting the past: A machine learning approach to detect innovative firms in times of crisis

Predicting the past: A machine learning approach to detect innovative firms in times of crisis

City REDI - University of Birmingham Introduction Data and Methodology Results Conclusion Predicting the past: A machine learning approach to detect innovative firms in times of crisis Marco Guerzoni, 1,4 Massimiliano Nuccio 2,1 , Consuelo

1.21k views • 32 slides
WIKIGENDER: A MACHINE LEARNING MODEL TO DETECT GENDER BIAS IN WIKIPEDIA Natalie Boln, Natlia

WIKIGENDER: A MACHINE LEARNING MODEL TO DETECT GENDER BIAS IN WIKIPEDIA Natalie Boln, Natlia

WIKIGENDER: A MACHINE LEARNING MODEL TO DETECT GENDER BIAS IN WIKIPEDIA Natalie Boln, Natlia Gulln, Sofia Kypraiou, Irene Petlacalco WIKIGENDER: METHODOLOGY Dataset Overviews from Wikipedia biographies: only 17% of them refer to women

455 views • 3 slides
Feasibility study on machine learning algorithm in nuclear reactor core diagnosis Hanjoo Kim a ,

Feasibility study on machine learning algorithm in nuclear reactor core diagnosis Hanjoo Kim a ,

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Feasibility study on machine learning algorithm in nuclear reactor core diagnosis Hanjoo Kim a , Dongmin Yun a , Ho Cheol Shin b , Sang Rae Moon b , Deokjung Lee a*

542 views • 4 slides
Learning to Detect Phishing Emails Ian Fette Norman Sadeh Anthony Tomasic (School of CS, CMU)

Learning to Detect Phishing Emails Ian Fette Norman Sadeh Anthony Tomasic (School of CS, CMU)

Learning to Detect Phishing Emails Ian Fette Norman Sadeh Anthony Tomasic (School of CS, CMU) Presented by: Ashique Mahmood Dept of Computer & Information Sciences University of Delaware CI SC 879 - Machine Learning for Solving Systems

1.22k views • 22 slides
Assessing the Feasibility and Appropriateness of Community- based TB/HIV Counseling and Testing

Assessing the Feasibility and Appropriateness of Community- based TB/HIV Counseling and Testing

Assessing the Feasibility and Appropriateness of Community- based TB/HIV Counseling and Testing in the Philippines: an implementation research TYRONE REDEN L. SY Ilmu Kesehatan Masyarakat Faculty of Medicine, Universitas Gadjah Mada

555 views • 23 slides
(Machine) Learning To Detect Fraudsters Hany Elemary Sarah LeBlanc CREDIT CARD FRAUD

(Machine) Learning To Detect Fraudsters Hany Elemary Sarah LeBlanc CREDIT CARD FRAUD

(Machine) Learning To Detect Fraudsters Hany Elemary Sarah LeBlanc CREDIT CARD FRAUD TRANSACTION APPLICATION CARD NOT FOUND 2 FRAUD DETECTION MODEL PLOT Not Fraud Fraud Application Count False Negatives False Positives 0 0.2 0.4

357 views • 24 slides
An Exercise in An Exercise in Machine Learning Machine Learning

An Exercise in An Exercise in Machine Learning Machine Learning

An Exercise in An Exercise in Machine Learning Machine Learning http://www.cs.iastate.edu/~cs573x/bbsilab.html Machine Learning Software Preparing Data Building Classifiers Interpreting Results Machine Learning Software

496 views • 26 slides
Assessing the Feasibility of an ESOP Presented by: Alexander L. Mounts Krieg DeVault LLP One

Assessing the Feasibility of an ESOP Presented by: Alexander L. Mounts Krieg DeVault LLP One

ESOP Nuts and Bolts: What You Need to Know About Employee Stock Ownership Plans Indianapolis, IN August 16, 2018 Assessing the Feasibility of an ESOP Presented by: Alexander L. Mounts Krieg DeVault LLP One Indiana Square, Suite 2800

484 views • 19 slides
Machine Learning By Alex Scarlatos What is Machine Learning? Machine Learning is the process by

Machine Learning By Alex Scarlatos What is Machine Learning? Machine Learning is the process by

Machine Learning By Alex Scarlatos What is Machine Learning? Machine Learning is the process by which computers can be trained through observation, rather than being explicitly programmed. Basically, a program is given input and adjusts its

556 views • 17 slides
Assessing EARS Ability to Locally Detect the 2009 H1N1 Pandemic Ron Fricker, Katie Hagen,

Assessing EARS Ability to Locally Detect the 2009 H1N1 Pandemic Ron Fricker, Katie Hagen,

Assessing EARS Ability to Locally Detect the 2009 H1N1 Pandemic Ron Fricker, Katie Hagen, Krista Hanni, Susan Barnes, and Kristy Michie 13th Biennial CDC Symposium on Statistical Methods May 25, 2011 Research Questions How well can the

628 views • 23 slides
Machine Learning: Study of algorithms that improve their performance P at some task T

Machine Learning: Study of algorithms that improve their performance P at some task T

Machine Learning 10-601 Tom M. Mitchell Machine Learning Department Carnegie Mellon University January 12, 2015 Today: Readings: What is machine learning? The Discipline of ML Decision tree learning Mitchell, Chapter 3

872 views • 29 slides
Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning

Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning

GCT634/AI613: Musical Applications of Machine Learning (Fall 2020) Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning Pipeline in Classification Tasks A set of hand-designed audio features are selected

398 views • 26 slides
COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to

COVERT CHANNELS ERIK TEWS <E.TEWS@UTWENTEL.NL> HOUSEKEEPLING Lab on May 30th seems to be problematic for Delft Lab on May 31st seems to be problematic for Twente Systems Security Covert Channels 2 14.05.2018 Prepare to vote 1

1.05k views • 50 slides
Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer

Outline Side and covert channels Transient execution CSci 5271 Introduction to Computer Security Transient execution and kernel isolation: Meltdown Day 11: Side Channels and Transient Execution Stephen McCamant Transient execution and kernel

496 views • 4 slides
Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The

Keyboards and Covert Channels G. Shah, A. Molina, M. Blaze USENIX 2006 Eric Hennenfent The Humble Keylogger Malware Malicious Hardware In-Cable Devices Malicious Keyboards Supply Chain Attacks Malicious BIOS

591 views • 14 slides
A covert channel A covert channel hiding data in in packet headers packet headers hiding data

A covert channel A covert channel hiding data in in packet headers packet headers hiding data

A covert channel A covert channel hiding data in in packet headers packet headers hiding data Craig Rowland s covert_tcp proof s covert_tcp proof- -of of- -concept program concept program Craig Rowland David Morgan Covert

251 views • 6 slides
Anomaly Detection through DNS Correlations Michael H. Warfield Senior Security Researcher and

Anomaly Detection through DNS Correlations Michael H. Warfield Senior Security Researcher and

Anomaly Detection through DNS Correlations Michael H. Warfield Senior Security Researcher and Threat Analyst IBM Security Services X-Force Why DNS? This is still a work in progress but... Why look at the DNS? It's just THERE.

496 views • 21 slides
Securing distributed systems with information flow control Nickolai Zeldovich Silas

Securing distributed systems with information flow control Nickolai Zeldovich Silas

Securing distributed systems with information flow control Nickolai Zeldovich Silas Boyd-Wickizer David Mazires Traditional web applications: lots of trusted (yellow) code HTTP User's Application User's browser front Database User's

1.16k views • 66 slides
Cloud security CS642: Computer Security Professor Ristenpart

Cloud security CS642: Computer Security Professor Ristenpart

Cloud security CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu University of Wisconsin CS 642

567 views • 43 slides
Information flow and policy In five minutes, you learn what the average college graduate

Information flow and policy In five minutes, you learn what the average college graduate

Information flow and policy In five minutes, you learn what the average college graduate remembers five years after he or she is out of school. If you want to know more about something... Ask me Man pages, manuals, papers, books

451 views • 18 slides

More recommend