Proactive intrusion detection

Benjamin Liebald; Dan Roth; Neelay Shah; Vivek Srikumar

Proactive intrusion detection

Benjamin Liebald, Dan Roth, Neelay Shah, Vivek Srikumar

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Machine learning systems are deployed in many adversarial conditions like intrusion detection, where a classifier has to decide whether a sequence of actions come from a legitimate user or not. However, the attacker, being an adversarial agent, could reverse engineer the classifier and successfully masquerade as a legitimate user. In this paper, we propose the notion of a Proactive Intrusion Detection System (IDS) that can counter such attacks by incorporating feedback into the process. A proactive IDS influences the user's actions and observes them in different situations to decide whether the user is an intruder. We present a formal analysis of proactive intrusion detection and extend the adversarial relationship between the IDS and the attacker to present a game theoretic analysis. Finally, we present experimental results on real and synthetic data that confirm the predictions of the analysis.

Original language	English (US)
Title of host publication	AAAI-08/IAAI-08 Proceedings - 23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference
Pages	772-777
Number of pages	6
State	Published - Dec 24 2008
Event	23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference, AAAI-08/IAAI-08 - Chicago, IL, United States Duration: Jul 13 2008 → Jul 17 2008

Publication series

Name	Proceedings of the National Conference on Artificial Intelligence
Volume	2

Other

Other	23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference, AAAI-08/IAAI-08
Country/Territory	United States
City	Chicago, IL
Period	7/13/08 → 7/17/08

ASJC Scopus subject areas

Software
Artificial Intelligence

Library availability

Discover UIUC Full Text

Cite this

Proactive intrusion detection. / Liebald, Benjamin; Roth, Dan; Shah, Neelay et al.

AAAI-08/IAAI-08 Proceedings - 23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference. 2008. p. 772-777 (Proceedings of the National Conference on Artificial Intelligence; Vol. 2).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Liebald, B, Roth, D, Shah, N & Srikumar, V 2008, Proactive intrusion detection. in AAAI-08/IAAI-08 Proceedings - 23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference. Proceedings of the National Conference on Artificial Intelligence, vol. 2, pp. 772-777, 23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference, AAAI-08/IAAI-08, Chicago, IL, United States, 7/13/08.

@inproceedings{3398ad4893ae49b5a442b1a8bc0d8f3b,

title = "Proactive intrusion detection",

abstract = "Machine learning systems are deployed in many adversarial conditions like intrusion detection, where a classifier has to decide whether a sequence of actions come from a legitimate user or not. However, the attacker, being an adversarial agent, could reverse engineer the classifier and successfully masquerade as a legitimate user. In this paper, we propose the notion of a Proactive Intrusion Detection System (IDS) that can counter such attacks by incorporating feedback into the process. A proactive IDS influences the user's actions and observes them in different situations to decide whether the user is an intruder. We present a formal analysis of proactive intrusion detection and extend the adversarial relationship between the IDS and the attacker to present a game theoretic analysis. Finally, we present experimental results on real and synthetic data that confirm the predictions of the analysis.",

author = "Benjamin Liebald and Dan Roth and Neelay Shah and Vivek Srikumar",

year = "2008",

month = dec,

day = "24",

language = "English (US)",

isbn = "9781577353683",

series = "Proceedings of the National Conference on Artificial Intelligence",

pages = "772--777",

booktitle = "AAAI-08/IAAI-08 Proceedings - 23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference",

note = "23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference, AAAI-08/IAAI-08 ; Conference date: 13-07-2008 Through 17-07-2008",

}

TY - GEN

T1 - Proactive intrusion detection

AU - Liebald, Benjamin

AU - Roth, Dan

AU - Shah, Neelay

AU - Srikumar, Vivek

PY - 2008/12/24

Y1 - 2008/12/24

N2 - Machine learning systems are deployed in many adversarial conditions like intrusion detection, where a classifier has to decide whether a sequence of actions come from a legitimate user or not. However, the attacker, being an adversarial agent, could reverse engineer the classifier and successfully masquerade as a legitimate user. In this paper, we propose the notion of a Proactive Intrusion Detection System (IDS) that can counter such attacks by incorporating feedback into the process. A proactive IDS influences the user's actions and observes them in different situations to decide whether the user is an intruder. We present a formal analysis of proactive intrusion detection and extend the adversarial relationship between the IDS and the attacker to present a game theoretic analysis. Finally, we present experimental results on real and synthetic data that confirm the predictions of the analysis.

AB - Machine learning systems are deployed in many adversarial conditions like intrusion detection, where a classifier has to decide whether a sequence of actions come from a legitimate user or not. However, the attacker, being an adversarial agent, could reverse engineer the classifier and successfully masquerade as a legitimate user. In this paper, we propose the notion of a Proactive Intrusion Detection System (IDS) that can counter such attacks by incorporating feedback into the process. A proactive IDS influences the user's actions and observes them in different situations to decide whether the user is an intruder. We present a formal analysis of proactive intrusion detection and extend the adversarial relationship between the IDS and the attacker to present a game theoretic analysis. Finally, we present experimental results on real and synthetic data that confirm the predictions of the analysis.

UR - http://www.scopus.com/inward/record.url?scp=57749197356&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=57749197356&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:57749197356

SN - 9781577353683

T3 - Proceedings of the National Conference on Artificial Intelligence

SP - 772

EP - 777

BT - AAAI-08/IAAI-08 Proceedings - 23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference

T2 - 23rd AAAI Conference on Artificial Intelligence and the 20th Innovative Applications of Artificial Intelligence Conference, AAAI-08/IAAI-08

Y2 - 13 July 2008 through 17 July 2008

ER -

Proactive intrusion detection

Abstract

Publication series

Other

ASJC Scopus subject areas

Library availability

Related links

Fingerprint

Cite this