Students: Spring 2023, unless noted otherwise, sessions will be virtual on Zoom.
LEAPS: Detecting Camouflaged Attacks with Statistical Learning Guided by Program Analysis
Sep 23, 2015Download: MP4 Video Size: 66.8MB
Watch on YouTube
AbstractCurrently cyberinfrastructures are facing increasingly
stealthy attacks that implant malicious payloads under the
cover of benign programs. Existing attack detection approaches
based on statistical learning methods may generate misleading
decision boundaries when processing noisy data with such a
mixture of benign and malicious behaviors. On the other hand,
attack detection based on formal program analysis may lack
completeness or adaptivity when modeling attack behaviors.
In light of these limitations, we have developed LEAPS, an
attack detection system based on supervised statistical learning
to classify benign and malicious system events. Furthermore,
we leverage control flow graphs inferred from the system event
logs to enable automatic pruning of the training data, which
leads to a more accurate classification model when applied to
the testing data. Our extensive evaluation shows that, compared
with pure statistical learning models, LEAPS achieves consistently
higher accuracy when detecting real-world camouflaged attacks
with benign program cover-up.
About the Speaker
Kexin Pei is a second year master student at Department of Computer Science, Purdue University.
His research interests include data mining and security,
focusing on solving security problems using program analysis and machine learning techniques.