Share Email Print
cover

Proceedings Paper

Detecting poisoning attacks on hierarchical malware classification systems
Author(s): Dan P. Guralnik; Bill Moran; Ali Pezeshki; Omur Arslan
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

Anti-virus software based on unsupervised hierarchical clustering (HC) of malware samples has been shown to be vulnerable to poisoning attacks. In this kind of attack, a malicious player degrades anti-virus performance by submitting to the database samples specifically designed to collapse the classification hierarchy utilized by the anti-virus (and constructed through HC) or otherwise deform it in a way that would render it useless. Though each poisoning attack needs to be tailored to the particular HC scheme deployed, existing research seems to indicate that no particular HC method by itself is immune. We present results on applying a new notion of entropy for combinatorial dendrograms to the problem of controlling the influx of samples into the data base and deflecting poisoning attacks. In a nutshell, effective and tractable measures of change in hierarchy complexity are derived from the above, enabling on-the-fly flagging and rejection of potentially damaging samples. The information-theoretic underpinnings of these measures ensure their indifference to which particular poisoning algorithm is being used by the attacker, rendering them particularly attractive in this setting.

Paper Details

Date Published: 1 May 2017
PDF: 17 pages
Proc. SPIE 10185, Cyber Sensing 2017, 101850E (1 May 2017); doi: 10.1117/12.2266556
Show Author Affiliations
Dan P. Guralnik, Univ. of Pennsylvania (United States)
Bill Moran, RMIT Univ. (Australia)
Ali Pezeshki, Colorado State Univ. (United States)
Omur Arslan, Univ. of Pennsylvania (United States)


Published in SPIE Proceedings Vol. 10185:
Cyber Sensing 2017
Igor V. Ternovskiy; Peter Chin, Editor(s)

© SPIE. Terms of Use
Back to Top