A blog previous known as "Intrusion Detection on the Road"

A paper is out: Impact Estimation using Data Flows over Attack Graphs

2009-11-26T14:17:00.003+01:00

In October I presented a part of my work to measure the security of a network at the NordSec 2009 conference. You can find the paper here. Any feedback is welcome.

Abstract
We propose a novel approach to estimating the impact of an attack using a data model and an impact model on top of an attack graph. The data model describes how data flows between nodes in the network -- how it is copied and processed by softwares and hosts -- while the impact model models how exploitation of vulnerabilities affects the data flows with respect to the confidentiality, integrity and availability of the data. In addition, by assigning a loss value to a compromised data set, we can estimate the cost of a successful attack. We show that our algorithm not only subsumes the simple impact estimation used in the literature but also improves it by explicitly modeling loss value dependencies between network nodes. With our model, the operator will be able to use less time when comparing different security patches to a network.

Off to a new topic: JavaFX Script and bidirectional bindings

2009-11-25T21:39:00.004+01:00

I did try JavaFX/F3 two years ago and what I liked at that time was the possibility to bind variables so that updates could be propagated back and forth (bidircetional) to GUIs without having to implement a lot of listeners and call functions. However, this does not seem to work as nicely anymore (Netbeans with JavaFX kit 1.7). Only unidirectional bindings seem to work. That means that developers still need to create function to handle updates. More on the subject of bidirectional bindings can be found here and here.

(Though, I suggested on the mailing list once that JavaFX should have different levels of access to variables in order to provide encapsulation that otherwise was missing, and that was actually added! I don't know if it was on my suggestion or from somebody else since nobody commented on my email, but I gladly accept the honor of introducing that mechanism to JavaFX :-). So everything is not that bad with JavaFX...).

Nevertheless, the binding does not work as it did. Although, there is a rather undocumented keyword "inverse" that in certain circumstances can be used to create a bidirectional binding. But, in order to get around the limitations of "inverse", I have come up with the solution shown below, that at least, provides a nice separation between the bidirectional updating from GUI to model and back again. The idea is to use a binding class that mediates the updates between a "StackEntry" and the GUI using the "replace" keyword.


import javafx.scene.control.TextBox;
import javafx.stage.Stage;
import javafx.scene.Scene;


class StackEntry {
 var title: String = "first" ;
 var notes: String = "";
}

class StackEntryBinding {
 var entry:StackEntry = null on replace {
         title = entry.title;
         notes = entry.notes;
     };

 var title: String = entry.title on replace {
         println("new title={title}");
         entry.title = title;
     };
 var notes: String = entry.notes on replace {
         println("new notes={notes}");
         entry.notes = notes;
     };


}

var entry = StackEntry {};
var currentEntry:StackEntryBinding = StackEntryBinding {
 entry: bind entry;
};

def foo = currentEntry;

def input = TextBox {
           text: bind foo.title with inverse;
}

println("textBox={input.text}");

currentEntry.title = "second";

println("textBox={input.text}");

foo.title = "third";

println("currentEntry.entry.title={currentEntry.entry.title}");

input.text="fourth";

println("foo.title={foo.title}");

entry = StackEntry {};

println("currentEntry.entry.title={currentEntry.entry.title}");
println("textBox={input.text}");

Stage {
 scene:Scene {
     content: input
 }

}

// The resulting output looks like this:

new title=first
new notes=
textBox=first
new title=second
textBox=second
new title=third
currentEntry.entry.title=third
new title=fourth
foo.title=fourth
new title=first
currentEntry.entry.title=first
textBox=first

Google Chrome uses BIBA security model

2008-09-02T20:23:00.002+01:00

Google Chrome (see page 27) uses a modified version of the BIBA security model with three security levels.

A Fuzzy risk calculation approach as alternative to the CVSS computation

2008-08-15T12:51:00.001+01:00

In my previous post I asked some questions about CVSSv2. The looking around for information about CVSS I stumbled over this paper: A Fuzzy Risk Calculations Approach for a Network Vulnerability Ranking System (TM 2007-090). The author describes a fully fuzzy systems approach for ranking vulnerabilities that also can rank networks. The approach is partly based on CVSSv1 and its performance is compared to CVSSv1. It would be interesting to adjust the approach to CVSSv2. One thing that is solved in the paper is that different combinations of input values should yield different output values. This seems to a problem in the CVSSv2, see here and here.

Making sense of the CVSS equations for risk analysis

2008-08-08T09:19:00.021+01:00

I am considering to use the CVSS standard to get realistic input values to a real-time risk management model I am developing in a research project. This vulnerability scoring system is meant to be easy to use and understandable. However, I have been trying to make sense of the equations of CVSSv2 without much success. This is how the equation for the base score looks like:

BaseScore =
round_to_1_decimal(((0.6*Impact)+(0.4*Exploitability)–1.5)
*f(Impact))

Impact = 10.41*
(1-(1-ConfImpact)*(1-IntegImpact)*(1-AvailImpact))

Exploitability = 20 *
      AccessVector*AccessComplexity*Authentication

f(impact)= 0 if Impact=0, 1.176 otherwise

It is not clear at all why the equation looks like this. Especially the parts marked with bold. If we look at the old version (CVSSv1) it is much easier to understand:

BaseScore = round_to_1_decimal(10 * AccessVector
                  * AccessComplexity
                  * Authentication
                  * ((ConfImpact * ConfImpactBias)
                  + (IntegImpact * IntegImpactBias)
                  + (AvailImpact * AvailImpactBias)
        ))

As can be seen CVSSv1 is much more straight forward than CVSSv2. In CVSSv1 the different parts might be interpreted as probabilities or costs.

I have a lot of questions about CVSSv2 that I would like to ask:

Most important: Can anybody tell me what the numerical values of ConfImpact, IntegImpact and AvailImpact mean? Are they probabilities, risk metrics of their own or anything else?
Why are the impact values combined with a noisy-OR instead of just being added?
Why are the values of the access vector, authentication and access complexity weighted and then added together with the impact instead of just being multiplied?
Did the people behind CVSSv2 try to adjust the weights of the CVSSv1 to fit the requirements of CVSSv2 before changing to the new equation? If not, why?
There is a lot of research in knowledge representation and elicitation, how has it influenced this work (if at all)?

Communicating risk using a logarithmic scale?

2008-08-06T09:12:00.007+01:00

According to this post, our innate sense of numbers is logarithmic and not linear. This means that a choice between a risk of 100 or 200 is comparable to a choice between a risk of 200 or 400. Maybe we should consider this when communication risk? What do you think?

Back to the FAIR discussion

2008-06-30T10:19:00.003+01:00

Previously I have tried to argue why FAIR is a valid approach. Now I think there is some research result that might be helpful to understand why FAIR works

Overcoming Bias: Average Your Guesses

In short, the article states that making two (many?) guesses is better than making one guess...

So if you have an approach (FAIR) that lets an expert make several informed guesses and combine them rigorously, then it is quite likely you will get a better estimation than only by making one single guess.

Example of a "Mesh" design, part 2

2008-04-23T10:34:00.002+01:00

Amritw has had interesting blog entries about swarm intelligence. As an example of this he points to a recent paper about project Phalanx. In this project they have developed a shield of bots to defend against DDoS from botnets. This example is a case of replication thus a sort of mesh design.

Example of a "Mesh" design

2008-04-18T20:35:00.004+01:00

I read this interesting entry On Chains, Meshes, and Defense in Depth yesterday.

A mesh design means that you use several security mechanisms for defending your system. However, you design them in such a way that the only by breaking all of them you can break into the system. There were suggestions that this was hard to achieve outside cryptography. Somebody mentioned that it is also possible in other security settings as well. However, nobody came up with any example of a mesh design outside cryptography.

So I have been thinking about this and I think replication is sort of mesh design for availability. You have to compromise all of the replicated servers in order to "break" the system. What do you think about that?

Microsoft, Symantec officials outed by major hack in Sweden

2008-02-29T13:44:00.004+01:00

Read about the intrusion at Computer Sweden:

Passwords for many of Sweden's cyber elite are now available on the Internet following a hack against The Swedish Computer Society, an organization of IT professionals. Among the victims are a former security officer at Microsoft, a Symantec security expert and the director of Sweden's largest Internet bank.

Microsoft, Symantec officials outed by major hack in Sweden

Use Leopard OpenSnoop/DTrace for intrusion detection?

2008-01-17T13:48:00.001+01:00

Leopard has this interesting program that let you see what files a program opens or tries to open:

Hidden Gems In Leopard: OpenSnoop - The Apple Blog

DTRace seems to be a good thing to use to monitor for possible intrusions.

PhD Thesis: A logic-programming approach to network security analysis

2008-01-14T11:11:00.000+01:00

I have read this interesting PhD thesis called A logic-programming approach to network security analysis (2005) from Princeton University Computer Science Department. It is about modeling a network with respect to its security flaws. The model consists of logical statements written in Datalog that looks very similar to Prolog rules. The author captures the network topology, network and computer configurations and vulnerabilities in the model by analyzing a high-level security policy, the output from a scanner and firewall configurations.

From this model the author claims that he is able to do the following analysis (page 23):

checking network configurations against a high-level policy specification that captures data confidentiality and integrity,
hypothetical analysis that assumes various vulnerability situations, and
the generation of attack trees.

The most annoying security procedures

2007-11-23T20:48:00.001+01:00

According to a Swedish survey with 1200 participants, these are the three most annoying security procedures that are enforced at companies:

...change password: 43%
...the USB port is blocked: 42%
...not being able to select password: 41%

I certainly agree with the first one... it is annoying, because it is hard to remember all passwords at different places.

Security Architecture Analysis

2007-11-15T18:41:00.000+01:00

When I have been looking for work related to my research I stumbled over this survey from the Australian government: A Survey of Techniques for Security Architecture Analysis. It's quite an interesting survey. Only too bad that it is rather old from 2003. However, It contains a lot of interesting stuff and I have not found any other paper that covers as much work in this field in the same context. The abstract of the survey says (my layout and emphases):

This technical report is a survey of existing techniques which could potentially be used in the analysis of security architectures. The report has been structured to section the analysis process over three phases:
the capture of a specific architecture in a suitable representation,
discovering attacks on the captured architecture, and
then assessing and comparing different security architectures.
Each technique presented in this report has been recognised as being potentially useful for one phase of the analysis. By presenting a set of potentially useful techniques, it is hoped that designers and decisionmakers involved in the development and maintenance of security architectures will be able to develop a more complete, justified and usable methodology other than those currently being used to perform analyses.

Does anybody know of any other work that covers all the three phases above?

Computer Security Strength & Risk

2007-11-14T10:17:00.000+01:00

Previously on this blog I have related to an ongoing discussion on risk analysis with FAIR. Also related to this problem is this doctoral dissertation at Harvard university from 2004:

http://citeseer.ist.psu.edu/631841.html

In this dissertation the author suggests an economical model to measure security of a software product. By deriving an upper and lower the bound for the price for finding a new vulnerability he is able to set a value of a vulnerability and a higher value means a more secure product.

My questions are: Has anybody implemented ideas similar to this? What do you think of such an approach?

Citrix vulnerability

2007-10-08T09:17:00.001+01:00

Richard's recent post at TaoSecurity pointed me to this interesting blog entry:

CITRIX: Owning the Legitimate Backdoor | GNUCITIZEN

I have found the explanation for why it is easy to hack a citrix server at Citrix Systems Inc

Citrix’s passion is to simplify information access for everyone. As the only enterprise software company 100% focused on access, this is also our unique passion.

... Higher Productivity—Users need access to be invisible. They want easy, on-demand access from wherever they are, using any device and network.

So Citrix wants to simplify information access for everyone and make the access invisible, and Citrix does it with passion...

Poor Macbook thieves

2007-09-19T10:27:00.001+01:00

Thieves had stolen a set of Macbooks from a school in the northern Sweden according to this Swedish newspaper:

Macbooktjuvar klev rakt i fällan - IDG.se

However, what they did not know was that software from Orbicule had been installed. With this software they could among other things identify the computers new IP addresses and send pictures of the thieves from the built-in webcam. Then it was easy for the police to identify the thieves and capture them.

That is kind of an intrusion response system!

Psychological warfare

2007-09-19T09:50:00.001+01:00

From Anton Chuvakin Blog I read the following blog entry Why Security Is Useless. This is probably true, but that also makes me think: "well, then the only reasonable thing is to give up security". This resembles psychological warfare. As the Borg in Star Trek says: "resistance is futile"

Sweden the third most used country for cyber crime

2007-09-18T17:46:00.001+01:00

Sweden has according to a Swedish newspaper a lot of servers that are used for crime acts. Third position this year, last year we has the second position...

Kriminella avancerar på nätet

Chockhöjning av nya virus...

Well, I hope this might increase the funding for computer security at large and specifically intrusion detection.

The misuse of intrusion detection

2007-09-13T20:17:00.001+01:00

The same methods used for intrusion detection can also be used for detecting anything. The EU Justice Commissioner Franco Frattini wants to forbid searches for terror words such as "bomb" and "kill" and "terrorism". You might start to wonder what EU is going to become.

EU-topp vill förbjuda terrorord
EU vill blockera farliga sökord - IDG.se
Web search for bomb recipes should be blocked: EU

EU proposes anti-terror measures

Richard on risk analysis and FAIR again

2007-08-31T09:56:00.000+01:00

Richard at TaoSecurity is addressing FAIR again. This time I have come up with what I think is a pretty good argument in defense of FAIR. I wrote a comment at Richard's post but I cite it below as well:

Richard,

I think you are right in some aspects, that is: since with FAIR you do not usually have real data to make probability estimates and then you will not get as good risk estimate as you might wish.

However, in FAIR and similar frameworks you get help to elicit expert knowledge and transform it into a risk estimation. And the validity of this risk estimation is of course related to the validity of the expert knowledge: If you put garbage in, you get garbage out.

But, I think you are wrong when you are saying that the input to FAIR is arbitrary. Of course, if used incorrectly, the input can be arbitrary.

My question is: why would anybody that seriously wants to use FAIR make "arbitrary" input? Why not make "guesses" that are the best according to your knowledge? Then, based on the input and its modeling assumptions, FAIR will output the best possible risk estimation (at least if you believe in Bayesian statistics and decision theory..).

This means that you cannot make any better risk estimation based on the knowledge you have given as input without changing the FAIR model or adding more input.

So if you have to make decision that is the best according to you knowledge, then FAIR might work well.

What do you think?

FAIR is defended

2007-08-28T09:20:00.001+01:00

Alex at http://www.riskanalys.is/ defends FAIR here and here.

In defence of FAIR, I think it should be possible to show that by making more fine grained decisions and then combine them, you get less errors than making a single monolithic decision. However I cannot come up with a good model that shows this. Maybe it is already done? Does anybody know?

Riska analysis

2007-08-27T11:05:00.001+01:00

There is a an interesting debate going on about the usefulness of risk analysis. Richard Bejtlich is a strong opponent to using risk analysis for making decisions in computer security. You can read a blog entry about FAIR which is a risk analysis framework that I happen to have know a little bit about: TaoSecurity: Thoughts on FAIR.

I think Richard's arguments against risk analysis are quite convincing but I also think that a detailed analysis as prescribed by FAIR is better than a shallow one. I will come back to the reason later.

Visualization

2007-06-25T10:01:00.000+01:00

Anton Chuvakin points to this funny link about visualization. Especially the statement:
"Chart-based encryption -- data goes in, no information comes out" is funny. This is worth keeping in mind when thinking about what to visualize in a security setting. In my work we want to visualize potential intrusion activities and attacks at a network level. We want to give the user a situational picture ("Lägesbild " in Swedish) of the activities at different nodes in the network. In order to do that, we have to use visualization to communicate in an understandable way.

IDS is dead, long live the IDS!

2007-05-20T20:04:00.001+01:00

Richard at TaoSecurity has as usual some insightful remarks on the death of the IDS

TaoSecurity: It's Only a Flesh Wound

His remarks are quit interesting to me since my research is most on the intrusion detection and alert analysis part. Not that much about active response or prevention.

SecViz | Security Visualization

2007-04-20T20:51:00.001+01:00

This seems to be an interesting blog about visualization for security

SecViz | Security Visualization

TaoSecurity: Fight to Your Strengths

2007-04-18T17:12:00.001+01:00

In an interesting blog entry by Richard Bejtlich, TaoSecurity: Fight to Your Strengths, he suggests that sometimes security through obscurity might be suitable. He uses an example where he lets OpenSSH use another port than the default port and thus he gets less number of attacks against sshd. I have added a question at his blog that would be interesting to investigate:

Would it be possible to let a firewall or inline IDS automatically block incoming ssh traffic to the default port and then make ssh communication going out using the default port appear to be using a different port?

The idea would be to automatically make a temporarily obfuscation until it is possible to switch port on the server. In this way it might be possible to not interfere with the running service but still stop automated attacks. Is there anybody out there who can tell me if this would work in reality?

About: Open-Source Security Tools Abound

2007-04-16T13:17:00.001+01:00

An interesting article about open source security tools that also commercial actors should investigate:

Linux/Open Source - Open-Source Security Tools Abound

Other paper: Remodeling and Simulation of Intrusion Detection Evaluation Dataset

2007-04-10T12:12:00.000+01:00

In proceedings of the 2006 International Conference on Security & Managment (SAM'06) I have found this paper: Remodeling and Simulation of Intrusion Detection Evaluation Dataset
In the paper, the authors describe how they simulate network traffic (both innocent and malicious traffic) for testing intrusion detection systems.

They want to improve on the MIT LL dataset that is widely thought to have major drawbacks. The drawbacks make it less useful for testing intrusion detection systems.

The paper's main contribution is to create personalized simulations of users' web browsing behavior while MIT's dataset had only rough distribution of the overall behavior. They model real users' behavior as probabilistic transition diagrams for sessions of browsing that are complemented with daily connection distributions, daily connection cumulative densities and session length distributions. Then browsing traffic is generated from the collection user models either with a one to one mapping from a user model to a simulated user or by generating more simulated users than there are user models

Email traffic is simulated using a public corpus of emails while the MIT dataset used a combination of filtered real emails and automatically generated emails. The emails are clustered into four classes but it is not clear what the classes are used for. It is neither clear if the class in the cluster relates to the classes created from the source and destination addresses mentioned earlier. As well, it is not quite clear how the emails are used in the simulation.

Then they claim to have a larger set of attacks than in the MIT datset, such as DDoS, probes, WWW attacks, RPC, etc.

Finally they show that their simulated web browser behavior more resembles their reference network than the MIT dataset simulation that lacks certain characteristics.

Comment: I would like to be able to use the generated traffic as basis for my research - too bad there is no link to a public data set.

"Signatures are usually based on vulnerabilities rather than exploits"

2007-04-03T09:49:00.001+01:00

This is interesting, when I started to read about signature-based intrusion detection systems, I thought that signatures were created by using patterns from the exploit. However, as I noticed in a previous entry and learned from the post below (that I found via TaoSecurity), this is not the case.

Errata Security: ANI 0day vs. intrusion detection providers

signatures are usually based on vulnerabilities rather than exploits

This means that learning systems, like Polygraph, that generates signatures from exploits are not automating the signature generation properly. Though, they are able to block worms exploiting unknown vulnerabilities.

Mohit's security blog: IPS algorithms...

2007-03-30T14:06:00.000+01:00

Mohit's security blog: IPS algorithms...

See what I wrote in previous blog entry.

Background reading: Polygraph - Automatically Generating Signatures for Polymorphic Worms

2007-03-30T11:05:00.000+01:00

The next paper from RAID 2006 I will comment is about manipulating Polygraph. Thus it seemed natural that I looked at the original publication Polygraph: Automatic Signature Generation for Polymorphic Worms (2005).

Polygraph is a program that automatically generates signatures for Polymorphic worms; that are worms that change (obfuscate) their appearance from time to time between attacks. Existing worm blocking solutions (before 2005) assumes that worms have the same content from time to time. Thus it is easy to automatically generate signatures (simple single strings of bytes) that filter out worms. However, this assumption does not apply for polymorphic worms.

Since however, the polymorphic worms are targeting specific vulnerabilities some of the payload must be same between all worms, so Polygraph collects suspicious and innocuous payloads, classified using a simple flow classifier, and then extract content signatures from them. Instead of just extracting one single string of bytes, as in previous algorithms, Polygraph extracts sets of byte sequences.

The extracted byte sequences are used in three different ways for detecting worms :

All byte sequences must be present in payload to indicate an worm
All byte sequences must be present in correct order to indicate an worm
All byte sequences are weighed together using a Naïve Bayes Classifier:

A byte sequence has probability being in a worm or not: P(seq | worm) and P(seq | ~worm)
A score is computed for a payload being a worm were {seq} means all sequences in a payload: score = P({seq} | worm) / P({seq} | ~worm)
Then the score is compared to a threshold and if true, the payload is believed to be an worm: score > tau

To handle the case that there are more than one type of polymorphic worms among the suspicious payloads, Polygraph uses hierarchical clustering of the byte sequences of the payloads. The sequences are merged into clusters by minimizing the false positives tested of the innocuous payloads.

Comment: First of all I think this an interesting paper, since I have a background in machine learning and Bayesian learning. However, the learning algorithms could probably be improved, for instance, by applying a more fully Bayesian approach than the used Naïve Bayes Classifier.

In addition I found an interesting comment at Mohit's security blog: IPS algorithms... that is as follows:

Most signatures in good products are vulnerability based so even if you change the attack it still gets stopped.

Thus, Polygraph might not be needed! Or what should we believe?

IPS without signatures or log analysis

2007-03-14T10:27:00.001+01:00

ForeScout is a company that claims to have an Intelligent IPS that uses

an entirely unique approach to preventing network attacks from "zero-day" threats such as self-propagating malware and hackers/espionage without using signatures, anomaly detection or any form of pattern matching technology. ForeScout's solution has proven its accuracy by detecting in real-time every self-propagating threat to date and has gained the trust of 100% of our customers who use the appliances in automatic blocking mode.

In summary: Malwares are detected when probing the network for vulnerabilities. Any request to a non-existing IP address is assumed to be a certain indication of a malware, thus it should be stopped. The IPS answers each malware request with some marked information, and when the malware sends a new request with the marked information, it can be stopped before it can make an real intrusion attemp.

Comment: This seems to be a neat solution. Though, if it is true: why is research in this area still needed?

"Big Business"

2007-03-13T09:33:00.001+01:00

Yesterday the Swedish newspaper Svenska Dagbladet had a set of articles about intrusion into Swedish companies. It really seems to be "Big Business". These articles I hope triggers more Swedish research in intrusion detection.

Tao Security

2007-03-11T16:17:00.001+01:00

A good blog for learning more on intrusion detection and things around it is at blogspot fellow Richard Bejtlich's blog Tao Security. Richard's posts are full of interesting remarks about the current standard of network security and intrusion detection. I wounder if it is possible to automate some stuff of what he calls Network Security Monitoring (NSM) and thus filtering out more irrelevant alarms?

Paper 4: Allergy Attack Against Automatic Signature Generation

2007-03-09T15:37:00.000+01:00

This paper practically shows how to do what Can machine learning be secure? describes. In the paper, they show how to attack systems that uses Automatic Signature Generation (ASG). A typical ASG first detects an intrusion or attack, thereafter automatically generates a signature from the attack data and then filter out all future traffic matching the signature.

By using the fact that many ASG system does not use the same method to detect the attack and then create the signature they are able to fool the system into creating signatures for non-malicious traffic. Also, by not using the full context of an attack, such as the steps leading to the attack, ATG systems are easier fooled.

An ATG system seems to be a kind of unsupervised learning system, using anomaly detection to detect suspicious traffic. Then a signature is created from the traffic based on comparison between many suspicious traffic instances. The signature is often computed from the longest common byte sequence.

IDS and child pornography

2007-03-09T11:33:00.000+01:00

According to a Swedish newspaper has the volume of child pornography seized by the police at single crimes increased from averaging from 10.000 - 20.000 pictures two years ago till being up to millions of pictures and movies. The cheer volume blocks the police from investigating the crimes (summary in Swedish below).

Barnporrfall blir liggande

- De stora volymerna blockerar våra resurser. Ett stort beslag för två år sedan kunde bestå av 10.000-20.000 bilder. Det tyckte vi var mycket då. I dag kan det finnas enskilda beslag där den misstänkta har lagrat flera miljoner filmer och bilder, säger Stefan Kronqvist, chef för Riskriminalens IT-brottssektion.

Maybe intrusion detection/prevension technology could be used to stop kiddie porn from being sent through a network? Though pedophiles probably encode their communication using some form of cryptography or maybe they use darknets. However, according to the following story, it might be a reasonable approach: Recent child porn busts are one result of stepped-up Internet monitoring.

OSSEC is gaining momentum

2007-03-08T22:07:00.001+01:00

OSSEC HIDS (see software link) is a project I am keeping an eye on. It seems to be gaining in popularity according to this blog:

http://www.appliedwatch.com/blog/?p=6

Follow up on: Can Machine Learning Be Secure?

2007-03-06T11:02:00.001+01:00

In the previous post I mentioned I did not understand the relative distance metric they used for analyzing the security simple learning problem. However, in the paper they refer to a Master thesis that explains the metric in more detail.

The keys to understanding are the following:

To move the decision boundary as much as possible, each data point equals the previous mean added with the radius: Xt-1 + R
This is done alpha times at each iteration: (Xt-1 + R) * at
The next mean will be Xt = [Xt-1 * (n + a1+ ... +at-1) + (Xt-1 + R) * at ]/(n + a1+ ... +at-1 +at) where n is the number of previous data points
If we simplify the expression we will get: Xt = Xt-1 + R * at /(n + a1+ ... +at)
Assuming that the attacker has complete control of the learning process then n=0 thus: Xt = Xt-1 + R * at /(a1+ ... +at)
Using Mt = (a1+ ... +at) as the effort of the attacker and by noticing that the recursion leads to: Xt = X0 + R * [1 + a2/M2+ ... +at /Mt]
Thus: (Xt - X0)/R = [1 + a2/M2+ ... +at /Mt]
Noticing that ai/Mi = (Mi - Mi-1)/Mi = 1 - Mi-1/Mi
Thus we have the relative displacement (Xt - X0)/R = 1 + a2/M2+ ... +at /Mt = 1 + 1 - M1/M2 + ... +1 - Mt-1/Mt = t - [M1/M2 + ... + Mt-1/Mt]
The relative distance (or displacement) is then for t = T as in the paper:

D({Mi}) = T − [M1/M2 + ... + MT-1/MT]

Background reading: Can Machine Learning Be Secure?

2007-03-05T13:33:00.001+01:00

The next paper from the RAID 2006 proceedings cites a paper called Can Machine Learning Be Secure? as it's source of inspiration. This is a theoretical paper while the RAID paper complements it by being experimental. Thus it seemed reasonable to read it before reading the next RAID paper.

Can Machine Learning Be Secure? That seems to be a good question. This paper analyzes how secure a learning system can be.

A learning system adjusts it's model given new data, these are some of the questions asked:

Can it be trained by an attacker to allow malicious calls?
Can it be degenerated such that it becomes useless and must be shut down?
Are there any defenses against these attacks?

The paper tries to create a taxonomy of attacks on a learning system but I don't think it is that successful. The taxonomy has three axes:

Influence: the part of the learning system that is manipulated, causative (alter the training data) or exploratory (trying to discover information about the system)
Specificity: a continuous spectrum, from achieving a specific goal, for instance to manipulate the learning system to accept a specfic malicious call, to acheiving a broader goal, for instance to manipulate the learner to reveal the existence of any possible malicious call.
Security violation: what security goal is violated, integrity (false negative) or availability (many classification errors making the system useless).

Comment: I don't think the paper gives enough reasons for this taxonomy. It is not that clear to me that these axes and scales are completely orthagonal or at least describes the space of attacks in a good way. Although I cannot, at the movement, come up with something better, I think it should be possible to think this through again and come up with something better. Maybe it is the vocabulary that is problematic; maybe by using different words, the taxonomy will be more readable.

Then the paper lists defenses against the different attacks, such as adding prior distributions (robustness) that makes the system less sensitive to altered data, detecting attacks with intrusion detection mechanism that analyzes the training data, confusing the attacker using disinformation that hinders the attacker from learning decision boundaries and, what seems to be a special case of the former, randomization of the decision boundaries.

Comment: Bayesian learning methods seems to a be natural choice since prior distributions are in the essence of the Bayesian concept.

Last in the paper, they analyze a simple learning example for outlier detection on the bounds of the effort an attacker has to use to manipulate the learning system into wrongly classify a malicious call.

Comment: I cannot write much about this analysis since I could not understand the definition of the relative distance they use. I don't understand why they use it and what it means. Thus I do not understand the result. Is there anybody out there that can help me with this?

See follow up post on this issue.

Paper 3: Automated Discovery Of Mimicry Attacks

2007-02-28T23:19:00.001+01:00

This papers describes an approach to checking that the models of model-based anomaly detection approachs really detect malicious system calls. Especially, the approach is aimed at discovering Mimicry Attacks, that is, calls that, for instance uses a buffer overflow, to invoke malicious system call sequences disguised as none-dangerous call sequences. Previously, the discovery of mimicry attacks were done manually.

A model-based anomaly detection approach uses a model describing the "normal" and allowed behavior of a monitored system. However, model-based anonaly detection can sometimes be cheated by the use of mimicry attacks that imitates "normal" behavior and thus these attacks are not detected.

In this paper they create a model of the Operating System (OS) monitored by a model-based anomaly detection system. Then they use the OS model to create a Push Down Automaton/Push Down System of the anomaly detection system. Thereafter a model checker, given a malicious goal for an attack (for instance, to create a new user account), can automatically either find a successful attack call sequence not detected by the detection system or prove that there are no attack call sequences for that goal not detected by the modeled automaton. This means that the reliability of this approach depends heavily on that the OS model is correct.

I think this was a quite interesting paper with nice results, though I am not that familiar with model checking and formal methods.

Paper 2: Behavioral Distance Measurement Using Hidden Markov Models

2007-02-26T14:38:00.001+01:00

In this paper, the authors describes how they to use a hidden markov model (HHM) to model the execution similarities between two process performing the same work. For instance, two Apache web servers running on two different platforms, Linux and Windows. The assumption is that the two process will not have the same vulnerabilities, and thus by measuring the behavioral distance between the two process, we can detect anomalies.

Much of the paper describes the HHM and whether the overhead is small enough to make the algorithm usefull.

Something missing is the significance of the results. For instance, when comparing another distance metric algorithm called an ED-based approach, the result is that the HHM-based approach is 6.32% faster, but nothing about the variance or significance. I would recommend any researcher to choose a good statistical test so results cannot be so easily questioned. A good online handbook for such tests can be found at the NIST/SEMATECH e-Handbook of Statistical Methods.

Paper 1: A Framework For The Application Of Association Rule Mining In Large Intrusion Detection Infrastructures

2007-02-26T10:57:00.001+01:00

This paper is about using data mining in form of association rules to extract rules describing correlations between alarms from a large set of intrusion detection systems. The rules can then be used as basis for creating new rules to detect correlated intrusions.

Since the system mines for correlations between a huge amount of alarms it needs some form of data filtering. As filtering approach, the system uses graph algorithms with a graph where IP addresses are vertices and detected alarms are edges, drawn from source to destination IP addresses. Only connected components of the graph are used for mining.

Amongst the most interesting things in this article are the following:

The number of rules generated each day can be used to detect weired (anomalous) network activites.
This can also be done for each subnet of the network and thus find high risk networks.

A problem is though that the results they get are not able to repeat. I can imagine that this is often a problem in security research with sensitive data. Many of their results are like anecdotes that makes it hard to compare the results to other's work.

RAID 2006: Recent Advances in Intrusion Detection

2007-02-26T10:16:00.001+01:00

I have just started a project about intrusion detection and prevention. As background reading I have a copy of the Proceedings of RAID 2006: Recent Advances in Intrusion Detection, 9th International Symposium. My plan is to initially start blogging about selected papers I am reading from the proceedings and then continue with papers from other sources.