MSc Seminar – Eric Nyakundi
The School of Computer Science is pleased to announce the following seminar, Adversarial attacks against incremental SVM in anomaly intrusion detection, presented by MSc student Eric Nyakundi. The seminar will take place April 16, 2014 in Reynolds 219 at 11:00 am.
Adversarial attacks against incremental SVM in anomaly Intrusion Detection
In the recent past there has been a tremendous increase in security breaches on computer networks that target different vulnerabilities. For example, in mid-December last year, Target experienced a security breach which affected up to 40 million card accounts. There is, therefore, a need for better Intrusion Detection and Prevention Systems (IDPS). The two prevalent methods that have been applied to IDPS are misuse and anomaly detection. For day-one attacks, anomaly detection is used, and anomalous behaviour is targeted, but these are more prone to false-positives and false-negatives. In misuse detection, just as in virus detection software where digital signatures of viruses are maintained and updated regularly; audit trails are collected, and lists of “bad” payloads are then maintained to help prevent upcoming attacks. Past research in the area has used K-nearest neighbor, artificial neural networks, self-organizing maps, decision trees, genetic algorithms and fuzzy logic as classifiers. In our research we use incremental SVMs to implement the Reject On Negative Impact (RONI) strategy where, after every incremental learning step the classifier is tested on a given data set to see if the performance of the classifier improves or deteriorates. If the classifier improves or remains the same the learning step is retained otherwise the classifier rolls back to the initial state before the incremental step. SVMs have been used successfully in many real-world problems like text (and hypertext) categorization, image classification, bioinformatics (Protein classification, Cancer classification) and hand-written character recognition. In this talk we will give a brief overview of IDSs, SVMs and how we intend to use incremental SVMs for classification of IDS payloads arising from audit-trail records and how we intend to counter the problem of adversarial poisoning.
Advisor: Charlie Obimbo