machine learning
play

machine learning JOE GARDINER (@THECYBERJOE) Who am I? Final year - PowerPoint PPT Presentation

Nov 22, 2022 •748 likes •1.41k views

Tricking binary trees: The (in)security of machine learning JOE GARDINER (@THECYBERJOE) Who am I? Final year PhD student at Lancaster University President Lancaster University Ethical Hacking Group (LUHack) Joining University of

  1. Tricking binary trees: The (in)security of machine learning JOE GARDINER (@THECYBERJOE)

  2. Who am I? • Final year PhD student at Lancaster University • President Lancaster University Ethical Hacking Group (LUHack) • Joining University of Bristol in September • Twitter: @TheCyberJoe • Slides will be available on www.josephgardiner.com after talk

  3. Background • Centre for the Protection of National Infrastructure (CPNI) iData project • Report on malware command and control • Available at c2report.org • Looked at a lot of detection systems • Most use machine learning in some way • And simple algorithms • Got me thinking… Is this bad?

  4. Background • Looked into attacks against machine learning • Wrote a survey • Published in ACM Computing Surveys • “On the Security of Machine Learning in Malware C&C Detection: A Survey”, J Gardiner and S Nagaraja 2016

  5. Agenda • Why do we use machine learning? • What is machine learning? • Attacker models • The attacks • Issues of attacks • Defences • Questions

  6. Why do we use machine learning?

  7. Why machine learning? • Signature based detection methods are no longer sufficient • Thousands of new malware samples daily (polymorphism) • Signature databases to cover all samples would be too large • Too much data for humans to investigate manually • Machine learning can go some way to alleviate problem

  8. Typical detection system

  9. Typical detection system

  10. Typical detection system

  11. Typical detection system

  12. Typical detection system

  13. Typical detection system

  14. Typical detection system

  15. Typical detection system

  16. Typical detection system ML goes here

  17. Example • Domain generation algorithm (DGA) • Malware technique for computing domain names for contacting C&C server • Used in many famous malware variants, e.g .Conficker, Torpig • Example: • Generates domains such as intgmxdeadnxuyla and axwscwsslmiagfah

  18. Example • DGA domains are usually structured, and easily recognisable • E.g Torpig on the right. Last 3 letters are current month, 2 nd and 5 th letters are h and x, length is always 9 characters. • Relatively easy to build a signature to recognise domain • A classifier could also learn how to identify these domains • As domains are different to regular domains, they can be clustered together using a clustering algorithm

  19. What is machine learning anyway? IT’S JUST IF STATEMENTS RIGHT?

  20. What is it? • Artificial intelligence • “Learn” about data, in order to make decisions about new data • Split into two types: • Supervised • Unsupervised

  21. Features • Individual property of thing being observed • Collection of features used by algorithm is “feature set” • For example, a network packet could be represented as • Src IP • Dst IP • Protocol • Length • Contents tokens • Could only have a few, potentially thousands

  22. Types of machine learning - supervised • Have labelled “training data” • Train system to match input data points to output labels • Often referred to as “classification” • Example algorithms: • Decision trees • Linear regression • Bayes • Support Vector Machines (SVM)

  23. Random forest classifier • Supervised learning • Generate multiple decision trees • Each uses a subset of the features/training data • Pass data point through all trees • Majority vote to assign label 3 As 1 B -> Assign A

  24. Support vector machines (SVM) • Supervised learning • Produces a hyperplane separating points of two classes • New points are classified by seeing which side they fall of hyperplane

  25. Types of machine learning - unsupervised • Operates on unlabelled data, attempting to find structure • Try and separate data points of different classes • Primary example is clustering • Algorithms such as k-means, x-means, hierarchical etc • Harder to evaluate • No labels!

  26. K-means clustering • Unsupervised learning • Simple algorithm • Generate k random points (centroids), and assign all data points to nearest centroid • Move centroids to mean of assigned points • Repeat until centroid stop moving • X-means variants also finds best value for k

  27. Hierarchical clustering • Unsupervised learning • Builds a hierarchy of cluster • Usually represented as dendrogram • Each data point starts as own cluster • Each layer represents merging of two closest clusters from layer below • Number of clusters is decided by which level you read at

  28. How do we measure performance • True positive rate • Number of malicious points labelled as malicious (high is good) • False positive rate • Number of benign (good) point labelled as malicious (low is good) • True negative rate • Number of benign points labelled as benign (high is good) • False negative rate • Number of malicious point labelled as benign (low is good)

  30. Assumptions • Separation • There should be little to no overlap between malicious and legitimate traffic behavior. • Hierarchical clustering and Birch classification can easily deal with this • Linearity • Data points exist in linear space. Legitimate traffic Malware traffic Malware traffic

  31. Attacker models

  32. What does the attacker want to do? • Two main goals: • Evade detection • Cause their attack point to be mislabelled as benign • Increase false negative rate • Denial-of-service • Increase number of false positives to prevent system use • E.g. a DNS detector at a large organisation with 1 billion requests per day • FP rate of 0.01% = 100000 alerts per day • Admins will turn it off

  33. Barreno model for classifying attacks Description Influence Causative Alter training process through influence over training data Exploratory Use probing or offline analysis to discover information Specificity Targeted Focus on a particular set of points Indiscriminate No specific target, flexible goal e.g. increase false positives Security Violation Integrity Result in attack points labelled as normal (false negatives) Availability Increase false positives and false negatives so system becomes unusable Marco Barreno, Blaine Nelson, Russell Sears, Anthony D. Joseph, and J. D. Tygar. 2006. Can Machine Learning Be Secure? (2006)

  34. Attacker knowledge Nedim Srndic and Pavel Laskov. Practical Evasion of a Learning-Based Classifier: A Case Study. (2014)

  35. Attacker capability According to Biggio et al (for classifiers) 1. The attacker influence in terms of causative or exploratory. 2. Whether (and to what extent) the attack affects the class priors. 3. The amount of and which samples (training and testing) can be controlled in each class. 4. Which features, and to what extent, can be modified by the adversary Also applicable to clustering (with the exemption of (2) B. Biggio, G. Fumera, and F. Roli. Security Evaluation of Pattern Classifiers under Attack. IEEE Transactions on Knowledge and Data Engineering (2014).

  36. Some terminology • Learner • The target machine learning algorithm • Production learner • Instance of learner in use by the target • Surrogate learner • A local copy of the target learner, with the accuracy depending on the attacker knowledge. May not be exact same algorithm as target learner, and may use an estimated dataset for training/testing

  37. The attacks

  38. Mimicry attack • Exploratory integrity attack • Targeted or indiscriminate • Attempt to change attack point so that it resembles benign point • Demonstrated against random forest, SVM, bayes, neural networks • Theoretically applicable to most classifier variants • Limited by attackers ability to modify feature values

  39. PDFRate • (Now defunct) website that analysed PDF files • Uses random forest classifier to assign a score indicating maliciousness

  40. Attacking PDFRate • Mimicry attack • Pick a legitimate PDF file and change features in malicious file to match • Goal is to reduce score outputted by PDFRate • Main difficulty: PDF features are interlinked • Changing one feature may affect many others • Attack files developed using offline surrogate learner Img Src: Practical Evasion of a Learning Based Classifier: A Case Study, Srndic and Laskov 2014

  41. Attacking PDFRate • Content is injected into region between CRT and trailer • Area is read by PDFRate, but ignored by PDF viewers • Can increment 33 features, and arbitrarily modify 35 • For example, if attack file has 5 obj keywords, and target 7, attack string “ obj obj ” is injected • Count_obj feature is now 7 • Author metadata field length can be reduced to 3 by adding “ /Author(abc )” • PDFRate uses last seen metadata Img Src: Practical Evasion of a Learning Based Classifier: A Case Study, Srndic and Laskov 2014

  42. Attacking PDFRate • Surrogate learner • Feature set is known (70% of features are described in original paper) • Benign and malicious PDF files taken from web • Tested with both random forest and SVM as surrogate learner • Measure effect of knowledge of target • Attack points derived with random forest surrogate can reduce score by 28-42% • Lower, but still significant, reduction when using SVM-based surrogate • Available as a library • https://github.com/srndic/mimicus

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

An Exercise in An Exercise in Machine Learning Machine Learning

An Exercise in An Exercise in Machine Learning Machine Learning

An Exercise in An Exercise in Machine Learning Machine Learning http://www.cs.iastate.edu/~cs573x/bbsilab.html Machine Learning Software Preparing Data Building Classifiers Interpreting Results Machine Learning Software

496 views • 26 slides
Machine Learning By Alex Scarlatos What is Machine Learning? Machine Learning is the process by

Machine Learning By Alex Scarlatos What is Machine Learning? Machine Learning is the process by

Machine Learning By Alex Scarlatos What is Machine Learning? Machine Learning is the process by which computers can be trained through observation, rather than being explicitly programmed. Basically, a program is given input and adjusts its

556 views • 17 slides
Machine Learning: Study of algorithms that improve their performance P at some task T

Machine Learning: Study of algorithms that improve their performance P at some task T

Machine Learning 10-601 Tom M. Mitchell Machine Learning Department Carnegie Mellon University January 12, 2015 Today: Readings: What is machine learning? The Discipline of ML Decision tree learning Mitchell, Chapter 3

872 views • 29 slides
Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning

Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning

GCT634/AI613: Musical Applications of Machine Learning (Fall 2020) Traditional Machine Learning: Unsupervised Learning Juhan Nam Traditional Machine Learning Pipeline in Classification Tasks A set of hand-designed audio features are selected

398 views • 26 slides
CS 335 Machine Learning What is Machine Learning? Dan Sheldon Spring 2019 What is Machine

CS 335 Machine Learning What is Machine Learning? Dan Sheldon Spring 2019 What is Machine

1/22/19 CS 335 Machine Learning What is Machine Learning? Dan Sheldon Spring 2019 What is Machine Learning? A Simple Task: Recognize Obama How do you program a computer to Recognize faces? Recommend movies? Decide which web

581 views • 5 slides
Machine Learning Machine Learning: algorithms that use experience to improve their

Machine Learning Machine Learning: algorithms that use experience to improve their

Machine Learning Machine Learning: algorithms that use experience to improve their performance We use machine learning in situations where it is very challenging (or impossible) to define the rules by hand: e.g. face detection

1.04k views • 28 slides
Introduction to Machine Learning COMPSCI 371D Machine Learning COMPSCI 371D Machine

Introduction to Machine Learning COMPSCI 371D Machine Learning COMPSCI 371D Machine

Introduction to Machine Learning COMPSCI 371D Machine Learning COMPSCI 371D Machine Learning Introduction to Machine Learning 1 / 12 Outline 1 Nearest Neighbor Prediction 2 Complexity Considerations 3 The Voronoi Diagram 4 Overfitting

564 views • 12 slides
1 Why Study Machine Learning? Why Study Machine Learning? Cognitive Science The Time is Ripe

1 Why Study Machine Learning? Why Study Machine Learning? Cognitive Science The Time is Ripe

What is Learning? Herbert Simon: Learning is any process by which a system improves performance from CS 391L: Machine Learning experience. Introduction What is the task? Classification Problem solving / planning /

603 views • 6 slides
MACHINE LEARNING, STATISTICAL LEARNING AND PARALLEL COMPUTING INTRODUCTION VS MACHINE LEARNING

MACHINE LEARNING, STATISTICAL LEARNING AND PARALLEL COMPUTING INTRODUCTION VS MACHINE LEARNING

JACOPO DI IORIO, MATTEO FONTANA, DANIELE OCCHIUTO, CLAUDIA VOLPETTI MACHINE LEARNING, STATISTICAL LEARNING AND PARALLEL COMPUTING INTRODUCTION VS MACHINE LEARNING STATISTICAL LEARNING Separate evolutions, but with shared methodologies MERGE

565 views • 55 slides
Apache PredictionIO End-to-End Machine Learning Server with Apache Spark What is Machine

Apache PredictionIO End-to-End Machine Learning Server with Apache Spark What is Machine

Apache PredictionIO End-to-End Machine Learning Server with Apache Spark What is Machine Learning? What is Machine Learning? Examples of machine learning applications: Facial recognition software E-mail spam detectors Automated

302 views • 17 slides
Machine Learning 11 AI Slides (6e) c Lin Zuoquan@PKU 1998-2020 11 1 11 Machine Learning

Machine Learning 11 AI Slides (6e) c Lin Zuoquan@PKU 1998-2020 11 1 11 Machine Learning

Machine Learning 11 AI Slides (6e) c Lin Zuoquan@PKU 1998-2020 11 1 11 Machine Learning 11.1 Learning agents 11.2 Inductive learning 11.3 Deep learning 11.4 Statistical learning 11.5 Reinforcement learning 11.6 Transfer learning

1.7k views • 159 slides
Deep Learning: Intro Juhan Nam Review of Traditional Machine Learning The traditional machine

Deep Learning: Intro Juhan Nam Review of Traditional Machine Learning The traditional machine

GCT634/AI613: Musical Applications of Machine Learning (Fall 2020) Deep Learning: Intro Juhan Nam Review of Traditional Machine Learning The traditional machine learning pipeline Temporal Frame-level Unsupervised Classifier Summary

613 views • 27 slides
Machine Learning for Auto Optimization What is Machine Learning? Definition: Machine

Machine Learning for Auto Optimization What is Machine Learning? Definition: Machine

Machine Learning for Auto Optimization What is Machine Learning? Definition: Machine learning refers to any system where the performance of a machine in performing a task improves by gaining more experience in performing that task .

394 views • 27 slides
MACHINE LEARNING kernels 1 MACHINE LEARNING 2012 MACHINE LEARNING Kernels: Intuition How

MACHINE LEARNING kernels 1 MACHINE LEARNING 2012 MACHINE LEARNING Kernels: Intuition How

MACHINE LEARNING 2012 MACHINE LEARNING MACHINE LEARNING kernels 1 MACHINE LEARNING 2012 MACHINE LEARNING Kernels: Intuition How to separate the red class from the grey class? x 2 360 r x 1 Polar coordinates Data

1.04k views • 44 slides
BBM406 Fundamentals of Machine Learning Lecture 2: Machine Learning by Examples, Nearest

BBM406 Fundamentals of Machine Learning Lecture 2: Machine Learning by Examples, Nearest

photo:@rewardyfahmi // Unsplash BBM406 Fundamentals of Machine Learning Lecture 2: Machine Learning by Examples, Nearest Neighbor Classifier Aykut Erdem // Hacettepe University // Fall 2019 When Do We Use Machine Learning? ML is

1.33k views • 110 slides
Machine Learning Modeling and Learning 15-110 Monday 4/13 Learning Goals Given a

Machine Learning Modeling and Learning 15-110 Monday 4/13 Learning Goals Given a

Machine Learning Modeling and Learning 15-110 Monday 4/13 Learning Goals Given a dataset, identify features which may help predict information about the data Identify common types of machine learning algorithms 2 Machine

553 views • 27 slides
S ecurit e des protocoles cryptographiques : aspects logiques et calculatoires Mathieu

S ecurit e des protocoles cryptographiques : aspects logiques et calculatoires Mathieu

Introduction Symbolic analysis Constraint solving Computational justification Conclusion S ecurit e des protocoles cryptographiques : aspects logiques et calculatoires Mathieu Baudet Laboratoire Sp ecification et V erification

963 views • 58 slides
Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks

Peer-to-Peer Networks 14 Security Christian Schindelhauer Technical Faculty Computer-Networks and Telematics University of Freiburg Free-Net Ian Clarke, Oskar Sandberg, Brandon Wiley, Theodore Hong, 2000 Goal - peer-to-peer network -

746 views • 36 slides
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David

Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David

Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale sup erieure/PSL & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA David

319 views • 14 slides
Investigating the Distribution of Password Choices David Malone and Kevin Maher, Hamilton

Investigating the Distribution of Password Choices David Malone and Kevin Maher, Hamilton

Investigating the Distribution of Password Choices David Malone and Kevin Maher, Hamilton Institute, NUI Maynooth. 19 April 2012 How to Guess a Password? Passwords are everywhere. If you dont know the password, can you guess it? 1. Make a

420 views • 18 slides
Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords

Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords

Distributed Cryptography Distributed Password Public-Key Cryptography The Decision-Linear Case Strong Cryptography from Weak Secrets Building Efficient PKE and IBE from Distributed Passwords Xavier Boyen 1 Cline Chevalier 2 Georg Fuchsbauer 3

680 views • 36 slides
hashing Nov. 10, 2017 1 RECALL: Map keys (type K) values (type V) Each (key, value) pairs is

hashing Nov. 10, 2017 1 RECALL: Map keys (type K) values (type V) Each (key, value) pairs is

COMP 250 Lecture 27 hashing Nov. 10, 2017 1 RECALL: Map keys (type K) values (type V) Each (key, value) pairs is an entry. For each key, there is at most one value. 2 RECALL Special Case: keys are unique positive integers in

783 views • 36 slides
Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron

Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron

Proposal for Translating Cryptology Terms to Hebrew Yossi Markovitz initiated this list. Ron Irmai, Shraga Irmai, Adi Shamir, Moti Yung, Orr Dunkelman and Roni Roth contributed various terms and had var- ious suggestions that improved this list.

542 views • 10 slides
Empirical Comparison of PETRARCH-1 and 2 Verb Dictionaries Philip A. Schrodt Parus Analytics

Empirical Comparison of PETRARCH-1 and 2 Verb Dictionaries Philip A. Schrodt Parus Analytics

Empirical Comparison of PETRARCH-1 and 2 Verb Dictionaries Philip A. Schrodt Parus Analytics Charlottesville, Virginia, USA schrodt735@gmail.com Presented at the RIDIR Event Data Project Annual Meeting University of Texas at Dallas, 11

505 views • 27 slides

More recommend