Exploiting Machine Learning to Subvert Your Spam Filter

Using statistical machine learning for making security decisions introduces new vulnerabilities in large scale systems. This paper shows how an adversary can exploit statistical machine learning, as used in the SpamBayes spam filter, to render it useless--even if the adversary's access is limited to only 1% of the training messages. We further demonstrate a new class of focused attacks that successfully prevent victims from receiving specific email messages. Finally, we introduce two new types of defenses against these attacks.

[1]  Shyhtsun Felix Wu,et al.  On Attacking Statistical Spam Filters , 2004, CEAS.

[2]  Blaine Nelson,et al.  Can machine learning be secure? , 2006, ASIACCS '06.

[3]  Christopher Meek,et al.  Good Word Attacks on Statistical Spam Filters , 2005, CEAS.

[4]  James Newsome,et al.  Polygraph: automatically generating signatures for polymorphic worms , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[5]  Gordon V. Cormack,et al.  Spam Corpus Creation for TREC , 2005, CEAS.

[6]  Aloysius K. Mok,et al.  Allergy Attack Against Automatic Signature Generation , 2006, RAID.

[7]  B. Karp,et al.  Autograph: Toward Automated, Distributed Worm Signature Detection , 2004, USENIX Security Symposium.

[8]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[9]  Yiming Yang,et al.  Introducing the Enron Corpus , 2004, CEAS.

[10]  Gary Robinson,et al.  A statistical approach to the spam problem , 2003 .

[11]  Tony A. Meyer,et al.  SpamBayes: Effective open-source, Bayesian based, email classification system , 2004, CEAS.

[12]  Pedro M. Domingos,et al.  Adversarial classification , 2004, KDD.

[13]  James Newsome,et al.  Paragraph: Thwarting Signature Learning by Training Maliciously , 2006, RAID.

[14]  Ming Li,et al.  Learning in the presence of malicious errors , 1993, STOC '88.

[15]  Christopher Krügel,et al.  Exploiting Redundancy in Natural Language to Penetrate Bayesian Spam Filters , 2007, WOOT.

[16]  Aloysius K. Mok,et al.  Advanced Allergy Attacks: Does a Corpus Really Help? , 2007, RAID.