Stealthy Poisoning Attacks on PCA-Based Anomaly Detectors

Free registration required

Executive Summary

The authors consider systems that use PCA-based detectors obtained from a comprehensive view of the network's traffic to identify anomalies in backbone networks. To assess these detectors' susceptibility to adversaries wishing to evade detection, they present and evaluate short-term and long-term data poisoning schemes that trade-off between poisoning duration and the volume of traffic injected for poisoning. Stealthy Boiling Frog attacks significantly reduce chaff volume, while only moderately increasing poisoning duration. ROC curves provide a comprehensive analysis of PCA-based detection on contaminated data, and show that even small attacks can undermine this otherwise successful anomaly detector.

  • Format: PDF
  • Size: 377.3 KB