Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
when a tree falls using diversity in ensemble classifiers

When a Tree Falls: Using Diversity in Ensemble Classifiers to - PowerPoint PPT Presentation

Jan 04, 2023 •493 likes •814 views

When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors Charles Smutz Angelos Stavrou George Mason University Motivation Machine learning used ubiquitously to improve information security

  1. When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors Charles Smutz Angelos Stavrou George Mason University

  2. Motivation • Machine learning used ubiquitously to improve information security ▫ SPAM ▫ Malware: PEs, PDFs, Android applications, etc ▫ Account misuse, fraud • Many studies have shown that machine learning based systems are vulnerable to evasion attacks ▫ Serious doubt about reliability of machine learning in adversarial environments

  3. Problem • If new observations differ greatly from training set, classifier is forced to extrapolate • Classifiers often rely on features that can be mimicked ▫ Features coincidental to malware ▫ Many types of malware/misuse ▫ Feature extractor abuse • Proactively addressing all possible mimicry approaches not feasible

  4. Approach • Detect when classifiers provide poor predictions ▫ Including evasion attacks • Relies on diversity in ensemble classifiers

  5. Background • PDFrate: PDF malware detector using structural and metadata features, Random Forest classifier ▫ pdfrate.com: scan with multiple classifiers – Contagio: 10k sample publicly known set – University: 100k sample training set • PDFrate evasion attacks ▫ Mimicus: Comprehensive mimicry of features (F), classifier (C), and training set (T) using replica ▫ Reverse Mimicry: Scenarios that hide malicious footprint: PDFembed, EXEembed, JSinject • Drebin: Andriod application malware detector using values from manifest and disassembly

  6. Mutual Agreement Analysis • When ensemble voting disagrees, prediction is unreliable • High level of agreement on most observations Uncertain Malicious Malicious Benign Benign 0% 0% 100% Ensemble 100% Ensemble Vote Score Vote Score

  7. Mutual Agreement A = | v – 0.5 | * 2 v: ensemble vote ratio A: Mutual Agreement • Ratio between 0 and 1 (or 0% and 100%) • Proxy for Confidence on individual observations • Threshold is tunable, 50% used in evaluations

  8. Mutual Agreement • Disagreement caused by extrapolation noise

  9. Mutual Agreement Operation • Mutual agreement trivially calculated at classification time • Identifies unreliable predictions ▫ Identifies detector subversion as it occurs • Uncertain observations require distinct, potentially more expensive detection mechanism • Separates weak mimicry from strong mimicry attacks

  10. Evaluation • Degree to which mutual agreement analysis allows separation of correct predictions from misclassification, including mimicry attacks ▫ PDFrate Operational Data ▫ PDFrate Evasion: Mimicus and Reverse Mimicry ▫ Drebin Novel Android Malware Families • Gradient Descent Attacks and Evasion Resistant Support Vector Machine Ensemble

  11. Operational Data • 100,000 PDFs (243 malicious) scanned by network sensor (web and email) Benign Malicious

  12. Operational Data

  13. Operational Localization (Retraining) • Update training set with portions of 10,000 documents taken from same operational source

  14. Mimicus Results

  15. F_mimicry FT_mimicry FC_mimicry FTC_mimicry

  16. Mimicus Results

  17. Reverse Mimicry Results

  18. JSinject EXEembed PDFembed

  19. Reverse Mimicry Results

  20. Drebin Android Malware Detector • Modified from original linear SVM to use Random Forests Benign Malicious

  21. Drebin Unknown Family Detection • Malware Unknown Family A samples labeled by family • Each family withheld from training set, included in evaluation

  22. Drebin Classifier Comparison

  23. Mimicus GD-KDE Attacks • Gradient Decent and Kernel Density Estimation ▫ Exploits known decision boundary of SVM • Extremely effective against SVM based replica of PDFrate ▫ Average score of 8.9% • Classifier score spectrum is not enough

  24. Evasion Resistant SVM Ensemble • Construct Ensemble of multiple SVM • Bagging of training data ▫ Does not improve evasion resistance • Feature Bagging (random sampling of features) ▫ Critical for evasion resistance • Ensemble SVM not susceptible to GD-KDE attacks

  25. Conclusions • Mutual agreement provides per observation confidence estimate • no additional computation • Feature bagging is critical to creating diversity required for mutual agreement analysis • Strong (and private) training set improves evasion resistance • Operators can detect most classifier failures ▫ Perform complimentary detection, update classifier • Mutual agreement analysis raises bar for mimicry attacks

  26. Charles Smutz, Angelos Stavrou csmutz@gmu.edu, astavrou@gmu.edu http://pdfrate.com

  27. EvadeML Results

  28. Contagio All University All University Best Contagio Best

  29. EvadeML Results

  30. Mutual Agreement Threshold Tuning

Recommend

Nonlinear Classifiers II 2 Nonlinear Classifiers: Introduction Classifiers Supervised

Nonlinear Classifiers II 2 Nonlinear Classifiers: Introduction Classifiers Supervised

1 Nonlinear Classifiers II 2 Nonlinear Classifiers: Introduction Classifiers Supervised Classifiers XOR problem Linear Classifiers Perceptron Least Squares Methods Linear Support Vector Machine Nonlinear

361 views • 20 slides
Boosting (ensemble) Module 4 - Ensemble classifiers - Objectives module 4: boosting (ensemble

Boosting (ensemble) Module 4 - Ensemble classifiers - Objectives module 4: boosting (ensemble

Boosting (ensemble) Module 4 - Ensemble classifiers - Objectives module 4: boosting (ensemble models) LEARNING PERFORMANCE REPRESENTATION DATA PROBLEM RAW DATA CLUSTERING EVALUATION FEATURES UCI datasets unigrams 20newsgroups SUPERVISED

930 views • 34 slides
Falls in t he Elderly Dr J ane Youde Falls in t he Elderly Falls in t he Elderly Falls

Falls in t he Elderly Dr J ane Youde Falls in t he Elderly Falls in t he Elderly Falls

Falls in t he Elderly Dr J ane Youde Falls in t he Elderly Falls in t he Elderly Falls in the elderly are best avoided David Barker 2003 Conc ept s Why best prevented? Why do older people fall? Can we stop falls? Aim

848 views • 56 slides
Cognitive Modeling Unseen Examples 2 Bayes Classifiers Lecture 14: Naive Bayes Classifiers

Cognitive Modeling Unseen Examples 2 Bayes Classifiers Lecture 14: Naive Bayes Classifiers

Decision Making as Classification Decision Making as Classification Bayes Classifiers Bayes Classifiers Naive Bayes Classifiers Naive Bayes Classifiers 1 Decision Making as Classification Decision Making Frequencies and Probabilities

269 views • 5 slides
Steganalysis by Ensemble Classifiers with Boosting by Regression, and Post-Selection of Features

Steganalysis by Ensemble Classifiers with Boosting by Regression, and Post-Selection of Features

Steganalysis by Ensemble Classifiers - Marc Chaumont - ICIP2012 Steganalysis by Ensemble Classifiers with Boosting by Regression, and Post-Selection of Features Marc Chaumont, Sarra Kouider LIRMM, Montpellier, France October 2, 2012 IEEE

377 views • 26 slides
Are Hybrid Physical Designs Important? 1 B+ tree 2 C O L B+ tree 3 ? C O L C O L B+ tree

Are Hybrid Physical Designs Important? 1 B+ tree 2 C O L B+ tree 3 ? C O L C O L B+ tree

Columnstore and B+ tree Are Hybrid Physical Designs Important? 1 B+ tree 2 C O L B+ tree 3 ? C O L C O L B+ tree B+ tree B+ tree & Columnstore on same table = Hybrid design 4 ? C O L C O L B+ tree B+ tree Are Hybrid

1.09k views • 79 slides
Corporate Falls Prevention 2014 Falls Prevention Program Goals: Decrease incidence of falls

Corporate Falls Prevention 2014 Falls Prevention Program Goals: Decrease incidence of falls

Corporate Falls Prevention 2014 Falls Prevention Program Goals: Decrease incidence of falls Decrease severity of falls Improve patient safety Modules can be found on My Learning Edge to complete Target State Ensure all

789 views • 21 slides
Falls Prevention Awareness 1 Falls Prevention Awareness One in four Americans aged 65+ falls

Falls Prevention Awareness 1 Falls Prevention Awareness One in four Americans aged 65+ falls

Falls Prevention Awareness 1 Falls Prevention Awareness One in four Americans aged 65+ falls each year. Falls are the leading cause of fatal injury and the most common cause of nonfatal trauma-related hospital admissions among

474 views • 10 slides
61A Lecture 21 Announcements Binary Trees Binary Tree Class 4 Binary Tree Class class

61A Lecture 21 Announcements Binary Trees Binary Tree Class 4 Binary Tree Class class

61A Lecture 21 Announcements Binary Trees Binary Tree Class 4 Binary Tree Class class BTree(Tree): 4 Binary Tree Class A binary tree is a tree that has class BTree(Tree): a left branch and a right branch 4 Binary Tree Class A binary

1.05k views • 93 slides
Fusion of Continuous Output Classifiers Classifiers Jacob Hays Amit Pillay James DeFelice

Fusion of Continuous Output Classifiers Classifiers Jacob Hays Amit Pillay James DeFelice

Fusion of Continuous Output Classifiers Classifiers Jacob Hays Amit Pillay James DeFelice Definitions x feature vector c number of classes L number of classifiers { 1 , 2 , ., c } Set of class

674 views • 53 slides
Occasion-level Classifiers or Event-level Classifiers? -Evidence from Child Language Acquisition

Occasion-level Classifiers or Event-level Classifiers? -Evidence from Child Language Acquisition

Occasion-level Classifiers or Event-level Classifiers? -Evidence from Child Language Acquisition Yuan Xiaohe, Zhang Xiaoqian, Luo Yingyi, Hu Jianhua Institute of Linguistics Chinese Academy of Social Sciences Verbal classifiers in Mandarin

824 views • 24 slides
CS440/ECE448 Lecture 22: Including Slides by Svetlana Lazebnik, 10/2016 Linear Classifiers

CS440/ECE448 Lecture 22: Including Slides by Svetlana Lazebnik, 10/2016 Linear Classifiers

Mark Hasegawa-Johnson, 3/2020 CS440/ECE448 Lecture 22: Including Slides by Svetlana Lazebnik, 10/2016 Linear Classifiers License: CC-BY 4.0 Linear Classifiers Classifiers Perceptron Linear classifiers in general Logistic

581 views • 45 slides
Machine Learning Nave Bayes classifiers Types of classifiers We can divide the large

Machine Learning Nave Bayes classifiers Types of classifiers We can divide the large

10-701 Machine Learning Nave Bayes classifiers Types of classifiers We can divide the large variety of classification approaches into three major types 1. Instance based classifiers - Use observation directly (no models) - e.g. K

310 views • 28 slides
Falls Prevention Service Jane Boyd Denbighshire Falls Prevention Co-ordinator Aims Goals

Falls Prevention Service Jane Boyd Denbighshire Falls Prevention Co-ordinator Aims Goals

Denbighshire Falls Prevention Service Jane Boyd Denbighshire Falls Prevention Co-ordinator Aims Goals set NW Service Models Identification Pathway development Future development Falls Co-ordinator post Anglesey Falls

358 views • 17 slides
FALLS ARE FALLING Jayne Gray Deputy Chief Nurse Deborah Watkins - Falls Lead February 2016

FALLS ARE FALLING Jayne Gray Deputy Chief Nurse Deborah Watkins - Falls Lead February 2016

Appendix 3 FALLS ARE FALLING Jayne Gray Deputy Chief Nurse Deborah Watkins - Falls Lead February 2016 THE JOURNEY SO FAR Raised the profile of falls prevention in BHRUT Presented falls in terms of per thousand bed days

261 views • 8 slides
COS424 Scribe Notes Lecture 14: Ensembles Donghun Lee April 8, 2010 1 Ensembles A set of

COS424 Scribe Notes Lecture 14: Ensembles Donghun Lee April 8, 2010 1 Ensembles A set of

COS424 Scribe Notes Lecture 14: Ensembles Donghun Lee April 8, 2010 1 Ensembles A set of classifiers can combine their outputs to make an ensemble of the classifiers. Two require- ments of such an ensemble to work: accuracy: classifiers

286 views • 4 slides
Getting Started with the SENCER-SALG SENCER Summer Institute 2018 Stephen Carroll Evaluation of

Getting Started with the SENCER-SALG SENCER Summer Institute 2018 Stephen Carroll Evaluation of

Getting Started with the SENCER-SALG SENCER Summer Institute 2018 Stephen Carroll Evaluation of Teaching/Learning At nearly 80% of US colleges and universities, SETs (Student Evaluations of Teaching) are the primary means of evaluating

503 views • 20 slides
Reading Apprenticeship ACROSS THE DISCIPLINES Welcome! Link to webinar for attendees:https://

Reading Apprenticeship ACROSS THE DISCIPLINES Welcome! Link to webinar for attendees:https://

Reading Apprenticeship ACROSS THE DISCIPLINES Welcome! Link to webinar for attendees:https:// wested.webex.com/wested/j.php? MTID=mff9740dbba7d0029ed693e9 e389428cf Meeting Number: 595 532 315 Call-in toll-free number: 877-413-2826

1.06k views • 37 slides
CS 126: Software Design Studio Prof. G Carl Evans 1 What is this class about? My goals for

CS 126: Software Design Studio Prof. G Carl Evans 1 What is this class about? My goals for

CS 126: Software Design Studio Prof. G Carl Evans 1 What is this class about? My goals for this class: 1. Improve your programming productivity by >= 3x 2. Build your self-sufficiency as a programmer 3. Introduce you to modern computing

368 views • 18 slides
The Simple View of funded by the Department for Education through the Dyslexia SpLD Trust.

The Simple View of funded by the Department for Education through the Dyslexia SpLD Trust.

18/12/2015 This free training session has been The Simple View of funded by the Department for Education through the Dyslexia SpLD Trust. Reading some strategies The Graduated Approach The Simple View Of Reading As a formula, The simple

197 views • 5 slides
Mock Objects Maurcio F. Aniche M.F.Aniche@tudelft.nl Thats how it is in OO systems A

Mock Objects Maurcio F. Aniche M.F.Aniche@tudelft.nl Thats how it is in OO systems A

Mock Objects Maurcio F. Aniche M.F.Aniche@tudelft.nl Thats how it is in OO systems A does too much! A Thats how it is in OO systems A does too much again! A C Thats how it is in OO systems etc B A DB C What

191 views • 18 slides
Online Monitoring developments Dorota, Robert and Voica LArSoft modules for OnlineMonitoring

Online Monitoring developments Dorota, Robert and Voica LArSoft modules for OnlineMonitoring

Online Monitoring developments Dorota, Robert and Voica LArSoft modules for OnlineMonitoring working on LArSoft dunetpc/dune/Protodune: git branch: feature_vradescu/OnlineMonitor 1. Module: RawEeventDisplay saves in root the event displays per

348 views • 10 slides
Learning as Loss Minimization Machine Learning 1 Learning as loss minimization The setup

Learning as Loss Minimization Machine Learning 1 Learning as loss minimization The setup

Learning as Loss Minimization Machine Learning 1 Learning as loss minimization The setup Examples x drawn from a fixed, unknown distribution D Hidden oracle classifier f labels examples We wish to find a hypothesis h that mimics f

300 views • 25 slides
Jackstraws : Picking Command and Control Connections from Bot Traffic egoire Jacob 1 , Ralf Hund 2

Jackstraws : Picking Command and Control Connections from Bot Traffic egoire Jacob 1 , Ralf Hund 2

Jackstraws : Picking Command and Control Connections from Bot Traffic egoire Jacob 1 , Ralf Hund 2 , Christopher Kruegel 1 , Thorsten Holz 2 Gr 1 University of California, Santa Barbara / 2 Ruhr-University Bochum Fri Aug 12 2011 G. Jacob

398 views • 20 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.