Proactive Intrusion Detection

Machine learning systems are deployed in many adversarial conditions like intrusion detection, where a classifier has to decide whether a sequence of actions come from a legitimate user or not. However, the attacker, being an adversarial agent, could reverse engineer the classifier and successfully masquerade as a legitimate user. In this paper, we propose the notion of a Proactive Intrusion Detection System (IDS) that can counter such attacks by incorporating feedback into the process. A proactive IDS influences the user's actions and observes them in different situations to decide whether the user is an intruder. We present a formal analysis of proactive intrusion detection and extend the adversarial relationship between the IDS and the attacker to present a game theoretic analysis. Finally, we present experimental results on real and synthetic data that confirm the predictions of the analysis.

[1]  A Charnes,et al.  Constrained Games and Linear Programming. , 1953, Proceedings of the National Academy of Sciences of the United States of America.

[2]  Kwong H. Yung,et al.  Using Feedback to Improve Masquerade Detection , 2003, ACNS.

[3]  William DuMouchel,et al.  Computer Intrusion Detection Based on Bayes Factors for Comparing Command Transition Probabilities , 1999 .

[4]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[5]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.

[6]  Rich Caruana,et al.  Predicting good probabilities with supervised learning , 2005, ICML.

[7]  Roy A. Maxion,et al.  Masquerade detection using truncated command lines , 2002, Proceedings International Conference on Dependable Systems and Networks.

[8]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[9]  R. Power CSI/FBI computer crime and security survey , 2001 .

[10]  Pedro M. Domingos,et al.  Adversarial classification , 2004, KDD.

[11]  Ana L. N. Fred,et al.  An Identity Authentication System Based On Human Computer Interaction Behaviour , 2003, PRIS.

[12]  A. Karr,et al.  Computer Intrusion: Detecting Masquerades , 2001 .

[13]  Leonid N. Vaserstein,et al.  Introduction to Linear Programming , 2018, Linear Programming and Resource Allocation Modeling.

[14]  Yehuda Vardi,et al.  A Hybrid High-Order Markov Chain Model for Computer Intrusion Detection , 2001 .

[15]  Martin P. Loeb,et al.  CSI/FBI Computer Crime and Security Survey , 2004 .

[16]  Chih-Jen Lin,et al.  A Practical Guide to Support Vector Classication , 2008 .