when a tree falls using diversity in ensemble classifiers
play

When a Tree Falls: Using Diversity in Ensemble Classifiers to - PowerPoint PPT Presentation

Jan 04, 2023 •493 likes •814 views

When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors Charles Smutz Angelos Stavrou George Mason University Motivation Machine learning used ubiquitously to improve information security

  1. When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors Charles Smutz Angelos Stavrou George Mason University

  2. Motivation • Machine learning used ubiquitously to improve information security ▫ SPAM ▫ Malware: PEs, PDFs, Android applications, etc ▫ Account misuse, fraud • Many studies have shown that machine learning based systems are vulnerable to evasion attacks ▫ Serious doubt about reliability of machine learning in adversarial environments

  3. Problem • If new observations differ greatly from training set, classifier is forced to extrapolate • Classifiers often rely on features that can be mimicked ▫ Features coincidental to malware ▫ Many types of malware/misuse ▫ Feature extractor abuse • Proactively addressing all possible mimicry approaches not feasible

  4. Approach • Detect when classifiers provide poor predictions ▫ Including evasion attacks • Relies on diversity in ensemble classifiers

  5. Background • PDFrate: PDF malware detector using structural and metadata features, Random Forest classifier ▫ pdfrate.com: scan with multiple classifiers – Contagio: 10k sample publicly known set – University: 100k sample training set • PDFrate evasion attacks ▫ Mimicus: Comprehensive mimicry of features (F), classifier (C), and training set (T) using replica ▫ Reverse Mimicry: Scenarios that hide malicious footprint: PDFembed, EXEembed, JSinject • Drebin: Andriod application malware detector using values from manifest and disassembly

  6. Mutual Agreement Analysis • When ensemble voting disagrees, prediction is unreliable • High level of agreement on most observations Uncertain Malicious Malicious Benign Benign 0% 0% 100% Ensemble 100% Ensemble Vote Score Vote Score

  7. Mutual Agreement A = | v – 0.5 | * 2 v: ensemble vote ratio A: Mutual Agreement • Ratio between 0 and 1 (or 0% and 100%) • Proxy for Confidence on individual observations • Threshold is tunable, 50% used in evaluations

  8. Mutual Agreement • Disagreement caused by extrapolation noise

  9. Mutual Agreement Operation • Mutual agreement trivially calculated at classification time • Identifies unreliable predictions ▫ Identifies detector subversion as it occurs • Uncertain observations require distinct, potentially more expensive detection mechanism • Separates weak mimicry from strong mimicry attacks

  10. Evaluation • Degree to which mutual agreement analysis allows separation of correct predictions from misclassification, including mimicry attacks ▫ PDFrate Operational Data ▫ PDFrate Evasion: Mimicus and Reverse Mimicry ▫ Drebin Novel Android Malware Families • Gradient Descent Attacks and Evasion Resistant Support Vector Machine Ensemble

  11. Operational Data • 100,000 PDFs (243 malicious) scanned by network sensor (web and email) Benign Malicious

  12. Operational Data

  13. Operational Localization (Retraining) • Update training set with portions of 10,000 documents taken from same operational source

  14. Mimicus Results

  15. F_mimicry FT_mimicry FC_mimicry FTC_mimicry

  16. Mimicus Results

  17. Reverse Mimicry Results

  18. JSinject EXEembed PDFembed

  19. Reverse Mimicry Results

  20. Drebin Android Malware Detector • Modified from original linear SVM to use Random Forests Benign Malicious

  21. Drebin Unknown Family Detection • Malware Unknown Family A samples labeled by family • Each family withheld from training set, included in evaluation

  22. Drebin Classifier Comparison

  23. Mimicus GD-KDE Attacks • Gradient Decent and Kernel Density Estimation ▫ Exploits known decision boundary of SVM • Extremely effective against SVM based replica of PDFrate ▫ Average score of 8.9% • Classifier score spectrum is not enough

  24. Evasion Resistant SVM Ensemble • Construct Ensemble of multiple SVM • Bagging of training data ▫ Does not improve evasion resistance • Feature Bagging (random sampling of features) ▫ Critical for evasion resistance • Ensemble SVM not susceptible to GD-KDE attacks

  25. Conclusions • Mutual agreement provides per observation confidence estimate • no additional computation • Feature bagging is critical to creating diversity required for mutual agreement analysis • Strong (and private) training set improves evasion resistance • Operators can detect most classifier failures ▫ Perform complimentary detection, update classifier • Mutual agreement analysis raises bar for mimicry attacks

  26. Charles Smutz, Angelos Stavrou csmutz@gmu.edu, astavrou@gmu.edu http://pdfrate.com

  27. EvadeML Results

  28. Contagio All University All University Best Contagio Best

  29. EvadeML Results

  30. Mutual Agreement Threshold Tuning

Recommend

Boosting (ensemble) Module 4 - Ensemble classifiers - Objectives module 4: boosting (ensemble

Boosting (ensemble) Module 4 - Ensemble classifiers - Objectives module 4: boosting (ensemble

Boosting (ensemble) Module 4 - Ensemble classifiers - Objectives module 4: boosting (ensemble models) LEARNING PERFORMANCE REPRESENTATION DATA PROBLEM RAW DATA CLUSTERING EVALUATION FEATURES UCI datasets unigrams 20newsgroups SUPERVISED

926 views • 34 slides
Steganalysis by Ensemble Classifiers with Boosting by Regression, and Post-Selection of Features

Steganalysis by Ensemble Classifiers with Boosting by Regression, and Post-Selection of Features

Steganalysis by Ensemble Classifiers - Marc Chaumont - ICIP2012 Steganalysis by Ensemble Classifiers with Boosting by Regression, and Post-Selection of Features Marc Chaumont, Sarra Kouider LIRMM, Montpellier, France October 2, 2012 IEEE

376 views • 26 slides
Pruning an ensemble of classifiers via reinforcement learning Authors : Ioannis Partalas,

Pruning an ensemble of classifiers via reinforcement learning Authors : Ioannis Partalas,

Pruning an ensemble of classifiers via reinforcement learning Authors : Ioannis Partalas, Grigorios Tsoumakas, Ioannis Vlahavas Journal : Neurocomputing 72 (2009) 1900-1909 Presentation : Jose Manuel Lopez Guede Introduction I Ensemble: a

399 views • 39 slides
COS424 Scribe Notes Lecture 14: Ensembles Donghun Lee April 8, 2010 1 Ensembles A set of

COS424 Scribe Notes Lecture 14: Ensembles Donghun Lee April 8, 2010 1 Ensembles A set of

COS424 Scribe Notes Lecture 14: Ensembles Donghun Lee April 8, 2010 1 Ensembles A set of classifiers can combine their outputs to make an ensemble of the classifiers. Two require- ments of such an ensemble to work: accuracy: classifiers

286 views • 4 slides
Outline Utilizing Diversity and Performance Introduction Measures for Ensemble Creation

Outline Utilizing Diversity and Performance Introduction Measures for Ensemble Creation

2009-03-24 Outline Utilizing Diversity and Performance Introduction Measures for Ensemble Creation Data Mining Predictive Modelling Ensembles Diversity Information Fusion Problem Statement Research and

654 views • 7 slides
An ensemble of weak classifiers for pattern recognition in motion capture clouds of points J.L.

An ensemble of weak classifiers for pattern recognition in motion capture clouds of points J.L.

Introduction Related work Problem statement Methods Experimental results Conclusions and further work An ensemble of weak classifiers for pattern recognition in motion capture clouds of points J.L. Jimnez Bascones 1 , 2 , Manuel Graa 2 1

563 views • 35 slides
Tree of life Microbial Diversity Nutritional diversity Soil bacteria Schizomycetes

Tree of life Microbial Diversity Nutritional diversity Soil bacteria Schizomycetes

Tree of life Microbial Diversity Nutritional diversity Soil bacteria Schizomycetes Myxobacteria Genus Orders Myxococcus Pseudomonas Chondrococcus Eubacteria Archangium Polyangium Actinomycetes Cytophaga

544 views • 36 slides
Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu

Improving Adversarial Robustness via Promoting Ensemble Diversity Tianyu Pang, Kun Xu, Chao Du, Ning Chen and Jun Zhu Department of Computer Science and Technology Tsinghua University TSAIL ICML | 2019 Adversarial

864 views • 14 slides
Tour-Based Mode Choice Modeling: Using An Ensemble of (Un-) Conditional Data-Mining Classifiers

Tour-Based Mode Choice Modeling: Using An Ensemble of (Un-) Conditional Data-Mining Classifiers

Tour-Based Mode Choice Modeling: Using An Ensemble of (Un-) Conditional Data-Mining Classifiers James P. Biagioni Piotr M. Szczurek Peter C. Nelson, Ph.D. Abolfazl Mohammadian, Ph.D. Agenda Background Data-Mining (Un-) Conditional

319 views • 29 slides
Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks

Toward Adversarial Robustness by Diversity in an Ensemble of Specialized Deep Neural Networks presented at Canadian AI 2020 Mahdieh Abbasi 1 , Arezoo Rajabi 2 , Christian Gagn 1,3 , and Rakesh B. Bobba 2 1. IID, Universit Laval, Qubec,

728 views • 20 slides
Falls in t he Elderly Dr J ane Youde Falls in t he Elderly Falls in t he Elderly Falls

Falls in t he Elderly Dr J ane Youde Falls in t he Elderly Falls in t he Elderly Falls

Falls in t he Elderly Dr J ane Youde Falls in t he Elderly Falls in t he Elderly Falls in the elderly are best avoided David Barker 2003 Conc ept s Why best prevented? Why do older people fall? Can we stop falls? Aim

841 views • 56 slides
Nonlinear Classifiers II 2 Nonlinear Classifiers: Introduction Classifiers Supervised

Nonlinear Classifiers II 2 Nonlinear Classifiers: Introduction Classifiers Supervised

1 Nonlinear Classifiers II 2 Nonlinear Classifiers: Introduction Classifiers Supervised Classifiers XOR problem Linear Classifiers Perceptron Least Squares Methods Linear Support Vector Machine Nonlinear

355 views • 20 slides
Ensemble Learning INFO-4604, Applied Machine Learning University of Colorado Boulder November

Ensemble Learning INFO-4604, Applied Machine Learning University of Colorado Boulder November

Ensemble Learning INFO-4604, Applied Machine Learning University of Colorado Boulder November 28, 2017 Prof. Michael Paul Ensemble Learning General idea: Combine multiple classifiers (usually with different strengths) to build a bigger,

2.05k views • 19 slides
Genetic diversity of marginal tree populations: from genomics to phenotypic variation 13 June 2016

Genetic diversity of marginal tree populations: from genomics to phenotypic variation 13 June 2016

COST Action FP1202: Strengthening conservation: a key issue for adaptation of marginal/ peripheral populations of forest trees to climate change in Europe (MaP-FGR) TRAINING SCHOOL Genetic diversity of marginal tree populations: from genomics

286 views • 10 slides
goto conference Alex Grt, 11.04.2013 Agenda How did I get here? Agenda If a tree falls in a

goto conference Alex Grt, 11.04.2013 Agenda How did I get here? Agenda If a tree falls in a

goto conference Alex Grt, 11.04.2013 Agenda How did I get here? Agenda If a tree falls in a forest but nobody hears it did it still make a sound? A team is Agile and no one knows is there still a clash of cultures? What does Agile

729 views • 40 slides
Chapter 7: Ensemble Learning and Random Forest Dr. Xudong Liu Assistant Professor School of

Chapter 7: Ensemble Learning and Random Forest Dr. Xudong Liu Assistant Professor School of

Chapter 7: Ensemble Learning and Random Forest Dr. Xudong Liu Assistant Professor School of Computing University of North Florida Monday, 9/23/2019 1 / 23 Notations 1 Voting classifiers: hard and soft 2 Bagging and pasting Random Forests 3

1.22k views • 23 slides
Falls Prevention Awareness 1 Falls Prevention Awareness One in four Americans aged 65+ falls

Falls Prevention Awareness 1 Falls Prevention Awareness One in four Americans aged 65+ falls

Falls Prevention Awareness 1 Falls Prevention Awareness One in four Americans aged 65+ falls each year. Falls are the leading cause of fatal injury and the most common cause of nonfatal trauma-related hospital admissions among

471 views • 10 slides
in improving tree and stand health Nancy Grulke PNWRS, WWETAC Craig BienzTNC Klamath Falls 1

in improving tree and stand health Nancy Grulke PNWRS, WWETAC Craig BienzTNC Klamath Falls 1

Assessing fuels treatment effectiveness in improving tree and stand health Nancy Grulke PNWRS, WWETAC Craig BienzTNC Klamath Falls 1 Photo credit:USGS Individual/clumped/open (ICO), clumpy/gappy , or variable density thinning Churchill

753 views • 25 slides
Occasion-level Classifiers or Event-level Classifiers? -Evidence from Child Language Acquisition

Occasion-level Classifiers or Event-level Classifiers? -Evidence from Child Language Acquisition

Occasion-level Classifiers or Event-level Classifiers? -Evidence from Child Language Acquisition Yuan Xiaohe, Zhang Xiaoqian, Luo Yingyi, Hu Jianhua Institute of Linguistics Chinese Academy of Social Sciences Verbal classifiers in Mandarin

823 views • 24 slides
1 Picking a Good Split Feature Entropy Goal is to have the resulting tree be as small as

1 Picking a Good Split Feature Entropy Goal is to have the resulting tree be as small as

Decision Trees Tree-based classifiers for instances represented as feature-vectors. Nodes test features, there is one branch for each value of the feature, and leaves specify the category. color color CS 391L: Machine Learning: green

438 views • 5 slides
Ensemble Methods Or, Model Combination Based on lecture by Parikshit Ram Numerous Possible

Ensemble Methods Or, Model Combination Based on lecture by Parikshit Ram Numerous Possible

CSE 6242/CX 4242 Ensemble Methods Or, Model Combination Based on lecture by Parikshit Ram Numerous Possible Classifiers! Classifier Training Cross Testing Accuracy time validation time kNN None Can be slow Slow ?? classifier

585 views • 24 slides
Decision trees and Ensemble methods Camilo Fosco CS109A Introduction to Data Science Pavlos

Decision trees and Ensemble methods Camilo Fosco CS109A Introduction to Data Science Pavlos

Advanced Section #7: Decision trees and Ensemble methods Camilo Fosco CS109A Introduction to Data Science Pavlos Protopapas and Kevin Rader 1 Outline Decision trees Metrics Tree-building algorithms Ensemble methods

710 views • 58 slides
Machine Learning Nave Bayes classifiers Types of classifiers We can divide the large

Machine Learning Nave Bayes classifiers Types of classifiers We can divide the large

10-701 Machine Learning Nave Bayes classifiers Types of classifiers We can divide the large variety of classification approaches into three major types 1. Instance based classifiers - Use observation directly (no models) - e.g. K

309 views • 28 slides
Corporate Falls Prevention 2014 Falls Prevention Program Goals: Decrease incidence of falls

Corporate Falls Prevention 2014 Falls Prevention Program Goals: Decrease incidence of falls

Corporate Falls Prevention 2014 Falls Prevention Program Goals: Decrease incidence of falls Decrease severity of falls Improve patient safety Modules can be found on My Learning Edge to complete Target State Ensure all

787 views • 21 slides

More recommend