Search CORE

990 research outputs found

Practical Attacks Against Graph-based Clustering

Author: Bayer Ulrich
Benczúr Miklós
Carlini Nicholas
Chen Yizheng
Chen Yizheng
Hao Shuang
Invernizzi Luca
Li Zhou
Nadji Yacin
Nelms Terry
Nelms Terry
Papernot Nicolas
Perdisci Roberto
Polo Chau Duen Horng
Rahbarinia Babak
Rndic Nedim
Sivakorn Suphannee
Smutz Charles
Sun Jimeng
Wagner David
Publication venue: 'Association for Computing Machinery (ACM)'
Publication date: 29/08/2017
Field of study

Graph modeling allows numerous security problems to be tackled in a general way, however, little work has been done to understand their ability to withstand adversarial attacks. We design and evaluate two novel graph attacks against a state-of-the-art network-level, graph-based detection system. Our work highlights areas in adversarial machine learning that have not yet been addressed, specifically: graph-based clustering techniques, and a global feature space where realistic attackers without perfect knowledge must be accounted for (by the defenders) in order to be practical. Even though less informed attackers can evade graph clustering with low cost, we show that some practical defenses are possible.Comment: ACM CCS 201

arXiv.org e-Print Archive

Crossref

Proceedings of the 1st Computer Science Student Workshop: Koc University Istinye Campus, Istanbul, Turkey, February 21, 2010

Author
Publication venue: Sabancı University
Publication date: 01/01/2010
Field of study

Sabanci University Research Database

Integrating Multiple Data Views for Improved Malware Analysis

Author: Anderson Blake
Publication venue: UNM Digital Repository
Publication date: 01/05/2014
Field of study

Malicious software (malware) has become a prominent fixture in computing. There have been many methods developed over the years to combat the spread of malware, but these methods have inevitably been met with countermeasures. For instance, signature-based malware detection gave rise to polymorphic viruses. This arms race\u27 will undoubtedly continue for the foreseeable future as the incentives to develop novel malware continue to outweigh the costs. In this dissertation, I describe analysis frameworks for three important problems related to malware: classification, clustering, and phylogenetic reconstruction. The important component of my methods is that they all take into account multiple views of malware. Typically, analysis has been performed in either the static domain (e.g. the byte information of the executable) or the dynamic domain (e.g. system call traces). This dissertation develops frameworks that can easily incorporate well-studied views from both domains, as well as any new views that may become popular in the future. The only restriction that must be met is that a positive semidefinite similarity (kernel) matrix must be defined on the view, a restriction that is easily met in practice. While the classification problem can be solved with well known multiple kernel learning techniques, the clustering and phylogenetic problems required the development of novel machine learning methods, which I present in this dissertation. It is important to note that although these methods were developed in the context of the malware problem, they are applicable to a wide variety of domains