when a tree falls using diversity in ensemble classifiers
play

When a Tree Falls: Using Diversity in Ensemble Classifiers to - PowerPoint PPT Presentation

Jan 04, 2023 •493 likes •814 views

When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors Charles Smutz Angelos Stavrou George Mason University Motivation Machine learning used ubiquitously to improve information security

  1. When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors Charles Smutz Angelos Stavrou George Mason University

  2. Motivation • Machine learning used ubiquitously to improve information security ▫ SPAM ▫ Malware: PEs, PDFs, Android applications, etc ▫ Account misuse, fraud • Many studies have shown that machine learning based systems are vulnerable to evasion attacks ▫ Serious doubt about reliability of machine learning in adversarial environments

  3. Problem • If new observations differ greatly from training set, classifier is forced to extrapolate • Classifiers often rely on features that can be mimicked ▫ Features coincidental to malware ▫ Many types of malware/misuse ▫ Feature extractor abuse • Proactively addressing all possible mimicry approaches not feasible

  4. Approach • Detect when classifiers provide poor predictions ▫ Including evasion attacks • Relies on diversity in ensemble classifiers

  5. Background • PDFrate: PDF malware detector using structural and metadata features, Random Forest classifier ▫ pdfrate.com: scan with multiple classifiers – Contagio: 10k sample publicly known set – University: 100k sample training set • PDFrate evasion attacks ▫ Mimicus: Comprehensive mimicry of features (F), classifier (C), and training set (T) using replica ▫ Reverse Mimicry: Scenarios that hide malicious footprint: PDFembed, EXEembed, JSinject • Drebin: Andriod application malware detector using values from manifest and disassembly

  6. Mutual Agreement Analysis • When ensemble voting disagrees, prediction is unreliable • High level of agreement on most observations Uncertain Malicious Malicious Benign Benign 0% 0% 100% Ensemble 100% Ensemble Vote Score Vote Score

  7. Mutual Agreement A = | v – 0.5 | * 2 v: ensemble vote ratio A: Mutual Agreement • Ratio between 0 and 1 (or 0% and 100%) • Proxy for Confidence on individual observations • Threshold is tunable, 50% used in evaluations

  8. Mutual Agreement • Disagreement caused by extrapolation noise

  9. Mutual Agreement Operation • Mutual agreement trivially calculated at classification time • Identifies unreliable predictions ▫ Identifies detector subversion as it occurs • Uncertain observations require distinct, potentially more expensive detection mechanism • Separates weak mimicry from strong mimicry attacks

  10. Evaluation • Degree to which mutual agreement analysis allows separation of correct predictions from misclassification, including mimicry attacks ▫ PDFrate Operational Data ▫ PDFrate Evasion: Mimicus and Reverse Mimicry ▫ Drebin Novel Android Malware Families • Gradient Descent Attacks and Evasion Resistant Support Vector Machine Ensemble

  11. Operational Data • 100,000 PDFs (243 malicious) scanned by network sensor (web and email) Benign Malicious

  12. Operational Data

  13. Operational Localization (Retraining) • Update training set with portions of 10,000 documents taken from same operational source

  14. Mimicus Results

  15. F_mimicry FT_mimicry FC_mimicry FTC_mimicry

  16. Mimicus Results

  17. Reverse Mimicry Results

  18. JSinject EXEembed PDFembed

  19. Reverse Mimicry Results

  20. Drebin Android Malware Detector • Modified from original linear SVM to use Random Forests Benign Malicious

  21. Drebin Unknown Family Detection • Malware Unknown Family A samples labeled by family • Each family withheld from training set, included in evaluation

  22. Drebin Classifier Comparison

  23. Mimicus GD-KDE Attacks • Gradient Decent and Kernel Density Estimation ▫ Exploits known decision boundary of SVM • Extremely effective against SVM based replica of PDFrate ▫ Average score of 8.9% • Classifier score spectrum is not enough

  24. Evasion Resistant SVM Ensemble • Construct Ensemble of multiple SVM • Bagging of training data ▫ Does not improve evasion resistance • Feature Bagging (random sampling of features) ▫ Critical for evasion resistance • Ensemble SVM not susceptible to GD-KDE attacks

  25. Conclusions • Mutual agreement provides per observation confidence estimate • no additional computation • Feature bagging is critical to creating diversity required for mutual agreement analysis • Strong (and private) training set improves evasion resistance • Operators can detect most classifier failures ▫ Perform complimentary detection, update classifier • Mutual agreement analysis raises bar for mimicry attacks

  26. Charles Smutz, Angelos Stavrou csmutz@gmu.edu, astavrou@gmu.edu http://pdfrate.com

  27. EvadeML Results

  28. Contagio All University All University Best Contagio Best

  29. EvadeML Results

  30. Mutual Agreement Threshold Tuning

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Boosting (ensemble) Module 4 - Ensemble classifiers - Objectives module 4: boosting (ensemble

Boosting (ensemble) Module 4 - Ensemble classifiers - Objectives module 4: boosting (ensemble

Boosting (ensemble) Module 4 - Ensemble classifiers - Objectives module 4: boosting (ensemble models) LEARNING PERFORMANCE REPRESENTATION DATA PROBLEM RAW DATA CLUSTERING EVALUATION FEATURES UCI datasets unigrams 20newsgroups SUPERVISED

926 views • 34 slides
Steganalysis by Ensemble Classifiers with Boosting by Regression, and Post-Selection of Features

Steganalysis by Ensemble Classifiers with Boosting by Regression, and Post-Selection of Features

Steganalysis by Ensemble Classifiers - Marc Chaumont - ICIP2012 Steganalysis by Ensemble Classifiers with Boosting by Regression, and Post-Selection of Features Marc Chaumont, Sarra Kouider LIRMM, Montpellier, France October 2, 2012 IEEE

376 views • 26 slides
Pruning an ensemble of classifiers via reinforcement learning Authors : Ioannis Partalas,

Pruning an ensemble of classifiers via reinforcement learning Authors : Ioannis Partalas,

Pruning an ensemble of classifiers via reinforcement learning Authors : Ioannis Partalas, Grigorios Tsoumakas, Ioannis Vlahavas Journal : Neurocomputing 72 (2009) 1900-1909 Presentation : Jose Manuel Lopez Guede Introduction I Ensemble: a

399 views • 39 slides
COS424 Scribe Notes Lecture 14: Ensembles Donghun Lee April 8, 2010 1 Ensembles A set of

COS424 Scribe Notes Lecture 14: Ensembles Donghun Lee April 8, 2010 1 Ensembles A set of

COS424 Scribe Notes Lecture 14: Ensembles Donghun Lee April 8, 2010 1 Ensembles A set of classifiers can combine their outputs to make an ensemble of the classifiers. Two require- ments of such an ensemble to work: accuracy: classifiers

286 views • 4 slides
Outline Utilizing Diversity and Performance Introduction Measures for Ensemble Creation

Outline Utilizing Diversity and Performance Introduction Measures for Ensemble Creation

2009-03-24 Outline Utilizing Diversity and Performance Introduction Measures for Ensemble Creation Data Mining Predictive Modelling Ensembles Diversity Information Fusion Problem Statement Research and

654 views • 7 slides
An ensemble of weak classifiers for pattern recognition in motion capture clouds of points J.L.

An ensemble of weak classifiers for pattern recognition in motion capture clouds of points J.L.

Introduction Related work Problem statement Methods Experimental results Conclusions and further work An ensemble of weak classifiers for pattern recognition in motion capture clouds of points J.L. Jimnez Bascones 1 , 2 , Manuel Graa 2 1

563 views • 35 slides
Tree of life Microbial Diversity Nutritional diversity Soil bacteria Schizomycetes

Tree of life Microbial Diversity Nutritional diversity Soil bacteria Schizomycetes

Tree of life Microbial Diversity Nutritional diversity Soil bacteria Schizomycetes Myxobacteria Genus Orders Myxococcus Pseudomonas Chondrococcus Eubacteria Archangium Polyangium Actinomycetes Cytophaga

544 views • 36 slides
Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu Pang, Kun Xu, Chao Du, Ning Chen and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL ICML | 2019 Adversarial

864 views • 14 slides
Tour-Based Mode Choice Modeling: Using An Ensemble of (Un-) Conditional Data-Mining Classifiers

Tour-Based Mode Choice Modeling: Using An Ensemble of (Un-) Conditional Data-Mining Classifiers

Tour-Based Mode Choice Modeling: Using An Ensemble of (Un-) Conditional Data-Mining Classifiers James P. Biagioni Piotr M. Szczurek Peter C. Nelson, Ph.D. Abolfazl Mohammadian, Ph.D. Agenda Background Data-Mining (Un-) Conditional

319 views • 29 slides
Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks presented at Canadian AI 2020 Mahdieh Abbasi 1 , Arezoo Rajabi 2 , Christian Gagn 1,3 , and Rakesh B. Bobba 2 1. IID, Universit Laval, Qubec,

728 views • 20 slides
Falls in t he Elderly Dr J ane Youde Falls in t he Elderly Falls in t he Elderly Falls

Falls in t he Elderly Dr J ane Youde Falls in t he Elderly Falls in t he Elderly Falls

Falls in t he Elderly Dr J ane Youde Falls in t he Elderly Falls in t he Elderly Falls in the elderly are best avoided David Barker 2003 Conc ept s Why best prevented? Why do older people fall? Can we stop falls? Aim

841 views • 56 slides
Nonlinear Classifiers II 2 Nonlinear Classifiers: Introduction Classifiers Supervised

Nonlinear Classifiers II 2 Nonlinear Classifiers: Introduction Classifiers Supervised

1 Nonlinear Classifiers II 2 Nonlinear Classifiers: Introduction Classifiers Supervised Classifiers XOR problem Linear Classifiers Perceptron Least Squares Methods Linear Support Vector Machine Nonlinear

355 views • 20 slides
Ensemble Learning INFO-4604, Applied Machine Learning University of Colorado Boulder November

Ensemble Learning INFO-4604, Applied Machine Learning University of Colorado Boulder November

Ensemble Learning INFO-4604, Applied Machine Learning University of Colorado Boulder November 28, 2017 Prof. Michael Paul Ensemble Learning General idea: Combine multiple classifiers (usually with different strengths) to build a bigger,

2.05k views • 19 slides
Genetic diversity of marginal tree populations: from genomics to phenotypic variation 13 June 2016

Genetic diversity of marginal tree populations: from genomics to phenotypic variation 13 June 2016

COST Action FP1202: Strengthening conservation: a key issue for adaptation of marginal/ peripheral populations of forest trees to climate change in Europe (MaP-FGR) TRAINING SCHOOL Genetic diversity of marginal tree populations: from genomics

286 views • 10 slides
goto conference Alex Grt, 11.04.2013 Agenda How did I get here? Agenda If a tree falls in a

goto conference Alex Grt, 11.04.2013 Agenda How did I get here? Agenda If a tree falls in a

goto conference Alex Grt, 11.04.2013 Agenda How did I get here? Agenda If a tree falls in a forest but nobody hears it did it still make a sound? A team is Agile and no one knows is there still a clash of cultures? What does Agile

729 views • 40 slides
Chapter 7: Ensemble Learning and Random Forest Dr. Xudong Liu Assistant Professor School of

Chapter 7: Ensemble Learning and Random Forest Dr. Xudong Liu Assistant Professor School of

Chapter 7: Ensemble Learning and Random Forest Dr. Xudong Liu Assistant Professor School of Computing University of North Florida Monday, 9/23/2019 1 / 23 Notations 1 Voting classifiers: hard and soft 2 Bagging and pasting Random Forests 3

1.22k views • 23 slides
Getting Started with the SENCER-SALG SENCER Summer Institute 2018 Stephen Carroll Evaluation of

Getting Started with the SENCER-SALG SENCER Summer Institute 2018 Stephen Carroll Evaluation of

Getting Started with the SENCER-SALG SENCER Summer Institute 2018 Stephen Carroll Evaluation of Teaching/Learning At nearly 80% of US colleges and universities, SETs (Student Evaluations of Teaching) are the primary means of evaluating

496 views • 20 slides
Reading Apprenticeship ACROSS THE DISCIPLINES Welcome! Link to webinar for attendees:https://

Reading Apprenticeship ACROSS THE DISCIPLINES Welcome! Link to webinar for attendees:https://

Reading Apprenticeship ACROSS THE DISCIPLINES Welcome! Link to webinar for attendees:https:// wested.webex.com/wested/j.php? MTID=mff9740dbba7d0029ed693e9 e389428cf Meeting Number: 595 532 315 Call-in toll-free number: 877-413-2826

1.06k views • 37 slides
CS 126: Software Design Studio Prof. G Carl Evans 1 What is this class about? My goals for

CS 126: Software Design Studio Prof. G Carl Evans 1 What is this class about? My goals for

CS 126: Software Design Studio Prof. G Carl Evans 1 What is this class about? My goals for this class: 1. Improve your programming productivity by >= 3x 2. Build your self-sufficiency as a programmer 3. Introduce you to modern computing

364 views • 18 slides
The Simple View of funded by the Department for Education through the Dyslexia SpLD Trust.

The Simple View of funded by the Department for Education through the Dyslexia SpLD Trust.

18/12/2015 This free training session has been The Simple View of funded by the Department for Education through the Dyslexia SpLD Trust. Reading some strategies The Graduated Approach The Simple View Of Reading As a formula, The simple

194 views • 5 slides
Mock Objects Maurcio F. Aniche M.F.Aniche@tudelft.nl Thats how it is in OO systems A

Mock Objects Maurcio F. Aniche M.F.Aniche@tudelft.nl Thats how it is in OO systems A

Mock Objects Maurcio F. Aniche M.F.Aniche@tudelft.nl Thats how it is in OO systems A does too much! A Thats how it is in OO systems A does too much again! A C Thats how it is in OO systems etc B A DB C What

190 views • 18 slides
Online Monitoring developments Dorota, Robert and Voica LArSoft modules for OnlineMonitoring

Online Monitoring developments Dorota, Robert and Voica LArSoft modules for OnlineMonitoring

Online Monitoring developments Dorota, Robert and Voica LArSoft modules for OnlineMonitoring working on LArSoft dunetpc/dune/Protodune: git branch: feature_vradescu/OnlineMonitor 1. Module: RawEeventDisplay saves in root the event displays per

346 views • 10 slides
Learning as Loss Minimization Machine Learning 1 Learning as loss minimization The setup

Learning as Loss Minimization Machine Learning 1 Learning as loss minimization The setup

Learning as Loss Minimization Machine Learning 1 Learning as loss minimization The setup Examples x drawn from a fixed, unknown distribution D Hidden oracle classifier f labels examples We wish to find a hypothesis h that mimics f

294 views • 25 slides
Jackstraws : Picking Command and Control Connections from Bot Traffic egoire Jacob 1 , Ralf Hund 2

Jackstraws : Picking Command and Control Connections from Bot Traffic egoire Jacob 1 , Ralf Hund 2

Jackstraws : Picking Command and Control Connections from Bot Traffic egoire Jacob 1 , Ralf Hund 2 , Christopher Kruegel 1 , Thorsten Holz 2 Gr 1 University of California, Santa Barbara / 2 Ruhr-University Bochum Fri Aug 12 2011 G. Jacob

396 views • 20 slides

More recommend