Security Evaluation of Support Vector Machines in Adversarial Environments

Support Vector Machines (SVMs) are among the most popular classification techniques adopted in security applications like malware detection, intrusion detection, and spam filtering. However, if SVMs are to be incorporated in real-world security systems, they must be able to cope with attack patterns that can either mislead the learning algorithm (poisoning), evade detection (evasion), or gain information about their internal parameters (privacy breaches). The main contributions of this chapter are twofold. First, we introduce a formal general framework for the empirical evaluation of the security of machine-learning systems. Second, according to our framework, we demonstrate the feasibility of evasion, poisoning and privacy attacks against SVMs in real-world security problems. For each attack technique, we evaluate its impact and discuss whether (and how) it can be countered through an adversary-aware design of SVMs. Our experiments are easily reproducible thanks to open-source code that we have made available, together with all the employed datasets, on a public repository.Comment: 47 pages, 9 figures; chapter accepted into book 'Support Vector Machine Applications

Effectiveness evaluation of data mining based IDS

Proceeding of: 6th Industrial Conference on Data Mining, ICDM 2006, Leipzig, Germany, July 14-15, 2006.Data mining has been widely applied to the problem of Intrusion Detection in computer networks. However, the misconception of the underlying problem has led to out of context results. This paper shows that factors such as the probability of intrusion and the costs of responding to detected intrusions must be taken into account in order to compare the effectiveness of machine learning algorithms over the intrusion detection domain. Furthermore, we show the advantages of combining different detection techniques. Results regarding the well known 1999 KDD dataset are shown.Publicad

IDS Based on Bio-inspired Models

Unsupervised projection approaches can support Intrusion Detection Systems for computer network security. The involved technologies assist a network manager in detecting anomalies and potential threats by an intuitive display of the progression of network traffic. Projection methods operate as smart compression tools and map raw, high-dimensional traffic data into 2-D or 3-D spaces for subsequent graphical display. The paper compares three projection methods, namely, Cooperative Maximum Likelihood Hebbian Learning, Auto-Associative Back-Propagation networks and Principal Component Analysis. Empirical tests on anomalous situations related to the Simple Network Management Protocol (SNMP) confirm the validity of the projection-based approach. One of these anomalous situations (the SNMP community search) is faced by these projection models for the first time. This work also highlights the importance of the time-information dependence in the identification of anomalous situations in the case of the applied methods

Inhibitor of Kappa B Epsilon (IκBε) Is a Non-Redundant Regulator of c-Rel-Dependent Gene Expression in Murine T and B Cells

Inhibitors of kappa B (IκBs) -α, -β and -ε effect selective regulation of specific nuclear factor of kappa B (NF-κB) dimers according to cell lineage, differentiation state or stimulus, in a manner that is not yet precisely defined. Lymphocyte antigen receptor ligation leads to degradation of all three IκBs but activation only of subsets of NF-κB-dependent genes, including those regulated by c-Rel, such as anti-apoptotic CD40 and BAFF-R on B cells, and interleukin-2 (IL-2) in T cells. We report that pre-culture of a mouse T cell line with tumour necrosis factor-α (TNF) inhibits IL-2 gene expression at the level of transcription through suppressive effects on NF-κB, AP-1 and NFAT transcription factor expression and function. Selective upregulation of IκBε and suppressed nuclear translocation of c-Rel were very marked in TNF-treated, compared to control cells, whether activated via T cell receptor (TCR) pathway or TNF receptor. IκBε associated with newly synthesised c-Rel in activated cells and, in contrast to IκBα and -β, showed enhanced association with p65/c-Rel in TNF-treated cells relative to controls. Studies in IκBε-deficient mice revealed that basal nuclear expression and nuclear translocation of c-Rel at early time-points of receptor ligation were higher in IκBε−/− T and B cells, compared to wild-type. IκBε−/− mice exhibited increased lymph node cellularity and enhanced basal thymidine incorporation by lymphoid cells ex vivo. IκBε−/− T cell blasts were primed for IL-2 expression, relative to wild-type. IκBε−/− splenic B cells showed enhanced survival ex vivo, compared to wild-type, and survival correlated with basal expression of CD40 and induced expression of CD40 and BAFF-R. Enhanced basal nuclear translocation of c-Rel, and upregulation of BAFF-R and CD40 occurred despite increased IκBα expression in IκBε−/− B cells. The data imply that regulation of these c-Rel-dependent lymphoid responses is a non-redundant function of IκBε