PASCAL - Pattern Analysis, Statistical Modelling and Computational Learning

Security Analysis of Online Centroid Anomaly Detection
Marius Kloft and Pavel Laskov
Technical Report UCB/EECS-2010-22 2010.


Security issues are crucial in a number of machine learning applications, especially in scenarios dealing with human activity rather than natural phenomena (e.g., information ranking, spam detection, malware detection, etc.). It is to be expected in such cases that learning algorithms will have to deal with manipulated data aimed at hampering decision making. Although some previous work addressed the handling of malicious data in the context of supervised learning, very little is known about the behavior of anomaly detection methods in such scenarios. In this contribution, 1 we analyze the performance of a particular method { online centroid anomaly detection { in the presence of adversarial noise. Our analysis addresses the following security-related issues: formalization of learning and attack processes, derivation of an optimal attack, analysis of its eciency and constraints. We derive bounds on the eectiveness of a poisoning attack against centroid anomaly under dierent conditions: bounded and unbounded percentage of trac, and bounded false positive rate. Our bounds show that whereas a poisoning attack can be eectively staged in the unconstrained case, it can be made arbitrarily dicult (a strict upper bound on the attacker's gain) if external constraints are properly used. Our experimental evaluation carried out on real HTTP and exploit traces conrms the tightness of our theoretical bounds and practicality of our protection mechanisms

PDF - Requires Adobe Acrobat Reader or other PDF viewer.
EPrint Type:Article
Project Keyword:Project Keyword UNSPECIFIED
Subjects:Learning/Statistics & Optimisation
ID Code:8089
Deposited By:Marius Kloft
Deposited On:18 April 2011