Key-Recovery Attacks on KIDS, a Keyed Anomaly Detection System

Most anomaly detection systems rely on machine learning algorithms to derive a model of normality that is later used to detect suspicious events. Some works conducted over the last years have pointed out that such algorithms are generally susceptible to deception, notably in the form of attacks carefully constructed to evade detection. Various learning schemes have been proposed to overcome this weakness. One such system is Keyed IDS (KIDS), introduced at DIMVA “10. KIDS” core idea is akin to the functioning of some cryptographic primitives, namely to introduce a secret element (the key) into the scheme so that some operations are infeasible without knowing it. In KIDS the learned model and the computation of the anomaly score are both key-dependent, a fact which presumably prevents an attacker from creating evasion attacks. In this work we show that recovering the key is extremely simple provided that the attacker can interact with KIDS and get feedback about probing requests. We present realistic attacks for two different adversarial settings and show that recovering the key requires only a small amount of queries, which indicates that KIDS does not meet the claimed security properties. We finally revisit KIDS' central idea and provide heuristic arguments about its suitability and limitations.

[1]  Salvatore J. Stolfo,et al.  On the infeasibility of modeling polymorphic shellcode - Re-thinking the role of learning in intrusi , 2010 .

[2]  Yan Zhou,et al.  Combating Good Word Attacks on Statistical Spam Filters with Multiple Instance Learning , 2007, 19th IEEE International Conference on Tools with Artificial Intelligence(ICTAI 2007).

[3]  Wenke Lee,et al.  McPAD: A multiple classifier system for accurate payload-based anomaly detection , 2009, Comput. Networks.

[4]  Blaine Nelson,et al.  Can machine learning be secure? , 2006, ASIACCS '06.

[5]  Manolis Tsiknakis,et al.  Knowledge Discovery Scientific Workflows in Clinico-Genomics , 2007 .

[6]  Pedro M. Domingos,et al.  Adversarial classification , 2004, KDD.

[7]  Ling Huang,et al.  Near-Optimal Evasion of Convex-Inducing Classifiers , 2010, AISTATS.

[8]  Salvatore J. Stolfo,et al.  Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[9]  Blaine Nelson,et al.  Support Vector Machines Under Adversarial Label Noise , 2011, ACML.

[10]  Sasa Mrdovic,et al.  KIDS - Keyed Intrusion Detection System , 2010, DIMVA.

[11]  Ling Huang,et al.  Query Strategies for Evading Convex-Inducing Classifiers , 2010, J. Mach. Learn. Res..

[12]  Ling Huang,et al.  Classifier Evasion: Models and Open Problems , 2010, PSDML.

[13]  Christopher Meek,et al.  Adversarial learning , 2005, KDD '05.

[14]  Fabio Roli,et al.  Adversarial Pattern Classification Using Multiple Classifiers and Randomisation , 2008, SSPR/SPR.

[15]  Aleksander Kolcz,et al.  Feature Weighting for Improved Classifier Robustness , 2009, CEAS 2009.

[16]  Konrad Rieck Computer Security and Machine Learning: Worst Enemies or Best Friends? , 2011, 2011 First SysSec Workshop.

[17]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.

[18]  Blaine Nelson,et al.  The security of machine learning , 2010, Machine Learning.

[19]  Carrie Gates,et al.  Challenging the anomaly detection paradigm: a provocative discussion , 2006, NSPW '06.

[20]  Wenke Lee,et al.  Polymorphic Blending Attacks , 2006, USENIX Security Symposium.

[21]  John A. Clark,et al.  Masquerade mimicry attack detection: A randomised approach , 2011, Comput. Secur..

[22]  Salvatore J. Stolfo,et al.  On the infeasibility of modeling polymorphic shellcode , 2009, Machine Learning.

[23]  Wenke Lee,et al.  Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic , 2005 .

[24]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Worm Detection and Signature Generation , 2005, RAID.