Most anomaly detection systems rely on machine
learning algorithms to derive a model of normality that is later used to detect
suspicious events. Some works conducted over the last years have pointed out
that such algorithms are generally susceptible to deception, notably in the
form of attacks carefully constructed to evade detection. Various learning
schemes have been proposed to overcome this weakness. One such system is KIDS
(Keyed IDS), introduced at DIMVA'10. KIDS' core idea is akin to the functioning
of some cryptographic primitives, namely to introduce a secret element (the
key) into the scheme so that some operations are infeasible without knowing it.
In KIDS the learned model and the computation of the anomaly score are both
key-dependent, a fact which presumably prevents an attacker from creating
evasion attacks. In this work we show that recovering the key is extremely
simple provided that the attacker can interact with KIDS and get feedback about
probing requests. We present realistic attacks for two different adversarial
settings and show that recovering the key requires only a small amount of
queries, which indicates that KIDS does not meet the claimed security
properties. We finally revisit KIDS' central idea and provide heuristic
arguments about its suitability and limitations.
No comments:
Post a Comment