The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.03 - May-June (2015 vol.12)
pp: 312-325
Juan E. Tapiador , Department of Computer Science , Universidad Carlos III de Madrid, 28911 Leganes, Spain
Agustin Orfila , Department of Computer Science , Universidad Carlos III de Madrid, 28911 Leganes, Spain
Arturo Ribagorda , Department of Computer Science , Universidad Carlos III de Madrid, 28911 Leganes, Spain
Benjamin Ramos , Department of Computer Science , Universidad Carlos III de Madrid, 28911 Leganes, Spain
ABSTRACT
Most anomaly detection systems rely on machine learning algorithms to derive a model of normality that is later used to detect suspicious events. Some works conducted over the last years have pointed out that such algorithms are generally susceptible to deception, notably in the form of attacks carefully constructed to evade detection. Various learning schemes have been proposed to overcome this weakness. One such system is Keyed IDS (KIDS), introduced at DIMVA “10. KIDS” core idea is akin to the functioning of some cryptographic primitives, namely to introduce a secret element (the key) into the scheme so that some operations are infeasible without knowing it. In KIDS the learned model and the computation of the anomaly score are both key-dependent, a fact which presumably prevents an attacker from creating evasion attacks. In this work we show that recovering the key is extremely simple provided that the attacker can interact with KIDS and get feedback about probing requests. We present realistic attacks for two different adversarial settings and show that recovering the key requires only a small amount of queries, which indicates that KIDS does not meet the claimed security properties. We finally revisit KIDS' central idea and provide heuristic arguments about its suitability and limitations.
INDEX TERMS
Payloads, Training, Computational modeling, Intrusion detection, Machine learning algorithms, Feature extraction,secure machine learning, Adversarial classification, anomaly detection, intrusion detection systems
CITATION
Juan E. Tapiador, Agustin Orfila, Arturo Ribagorda, Benjamin Ramos, "Key-Recovery Attacks on KIDS, a Keyed Anomaly Detection System", IEEE Transactions on Dependable and Secure Computing, vol.12, no. 3, pp. 312-325, May-June 2015, doi:10.1109/TDSC.2013.39
43 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool