LEAPS: Detecting Camouflaged Attacks with Statistical Learning Guided by Program Analysis
Sep 23, 2015Size: 0
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractCurrently cyberinfrastructures are facing increasingly
stealthy attacks that implant malicious payloads under the
cover of benign programs. Existing attack detection approaches
based on statistical learning methods may generate misleading
decision boundaries when processing noisy data with such a
mixture of benign and malicious behaviors. On the other hand,
attack detection based on formal program analysis may lack
completeness or adaptivity when modeling attack behaviors.
In light of these limitations, we have developed LEAPS, an
attack detection system based on supervised statistical learning
to classify benign and malicious system events. Furthermore,
we leverage control flow graphs inferred from the system event
logs to enable automatic pruning of the training data, which
leads to a more accurate classification model when applied to
the testing data. Our extensive evaluation shows that, compared
with pure statistical learning models, LEAPS achieves consistently
higher accuracy when detecting real-world camouflaged attacks
with benign program cover-up.
About the SpeakerKexin Pei is a second year master student at Department of Computer Science, Purdue University.
His research interests include data mining and security,
focusing on solving security problems using program analysis and machine learning techniques.
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.