CERIAS - Center for Education and Research in Information Assurance and Security

Skip Navigation
CERIAS Logo
Purdue University - Discovery Park
Center for Education and Research in Information Assurance and Security

LEAPS: Detecting Camouflaged Attacks with Statistical Learning Guided by Program Analysis

Kexin Pei

Kexin Pei

Sep 23, 2015

Size: 0

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

Abstract

Currently cyberinfrastructures are facing increasingly
stealthy attacks that implant malicious payloads under the
cover of benign programs. Existing attack detection approaches
based on statistical learning methods may generate misleading
decision boundaries when processing noisy data with such a
mixture of benign and malicious behaviors. On the other hand,
attack detection based on formal program analysis may lack
completeness or adaptivity when modeling attack behaviors.
In light of these limitations, we have developed LEAPS, an
attack detection system based on supervised statistical learning
to classify benign and malicious system events. Furthermore,
we leverage control flow graphs inferred from the system event
logs to enable automatic pruning of the training data, which
leads to a more accurate classification model when applied to
the testing data. Our extensive evaluation shows that, compared
with pure statistical learning models, LEAPS achieves consistently
higher accuracy when detecting real-world camouflaged attacks
with benign program cover-up.

About the Speaker

Kexin Pei is a second year master student at Department of Computer Science, Purdue University.
His research interests include data mining and security,
focusing on solving security problems using program analysis and machine learning techniques.

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52, West Lafayette Campus. More information...

Disclaimer

The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.