Moving target defense for adaptive adversaries | IEEE Conference Publication | IEEE Xplore

Moving target defense for adaptive adversaries


Abstract:

Machine learning (ML) plays a central role in the solution of many security problems, for example enabling malicious and innocent activities to be rapidly and accurately ...Show More

Abstract:

Machine learning (ML) plays a central role in the solution of many security problems, for example enabling malicious and innocent activities to be rapidly and accurately distinguished and appropriate actions to be taken. Unfortunately, a standard assumption in ML - that the training and test data are identically distributed - is typically violated in security applications, leading to degraded algorithm performance and reduced security. Previous research has attempted to address this challenge by developing ML algorithms which are either robust to differences between training and test data or are able to predict and account for these differences. This paper adopts a different approach, developing a class of moving target (MT) defenses that are difficult for adversaries to reverse-engineer, which in turn decreases the adversaries' ability to generate training/test data differences that benefit them. We leverage the coevolutionary relationship between attackers and defenders to derive a simple, flexible MT defense strategy which is optimal or nearly optimal for a broad range of security problems. Case studies involving two distinct cyber defense applications demonstrate that the proposed MT algorithm outperforms standard static methods, offering effective defense against intelligent, adaptive adversaries.
Date of Conference: 04-07 June 2013
Date Added to IEEE Xplore: 15 August 2013
ISBN Information:
Conference Location: Seattle, WA, USA
Related Articles are not available for this document.

I. Introduction

Machine learning (ML) methods play a central role in the solution of many security problems, including cyber defense, transportation security, counterterrorism, and crime prevention [e.g. [1]-[3]. For instance, ML techniques enable malicious and innocent activities to be rapidly and accurately distinguished, and appropriate actions to be taken, even when the patterns associated with these activities are buried in large, heterogeneous datasets. Roughly speaking, ML algorithms automatically learn relationships between observed variables from examples presented in the form of training data; the learned relationships are then used to generate predictions in new situations, i.e., for the test data [4]. ML's capacity to learn from examples, scale to large datasets, and adapt to new conditions make this an attractive approach to predictive analytics in general and for security informatics in particular.

Contact IEEE to Subscribe

References

References is not available for this document.