The use of machine learning techniques to improve network design has gained much popularity in the last few years. When these techniques are applied to security problems, a fundamental problem arises; they are susceptible to adversaries who poison the learning phase of such techniques. When adversaries purposefully inject erroneous data into the network during the data-collection and profile-building phase of anomaly detectors, then the detectors learn the wrong model of what is "normal". Subsequently their ability to detect "abnormal" activities is compromised and attackers can circumvent the defense. In this talk, we'll discuss both poisoning techniques and defenses against poisoning, in the context of a particular anomaly detector - namely the PCA-subspace method that is used to identify anomalies in backbone networks. We first present four poisoning schemes, and show how attackers can substantially increase their chance of successfully evading detection with only moderate amounts of chaff. Moreover such poisoning throws off the balance between false positives and false negatives. To combat these poisoning activities, we design alternate PCA-based detectors that incorporate ideas from the field of robust statistics. We'll show how our techniques significantly reduce the effectiveness of poisoning for a variety of poisoning scenarios. We also illustrate that they restore a good balance between false positives and false negatives for the vast majority of the end-to-end flows.

Nina Taft is currently a senior research scientist at Intel Research Berkeley. Over the years, her research has focused on the application of mathematical techniques (such as optimization, data mining, etc) to networking problems (such as ISP traffic engineering and Internet security). At Intel she leads research projects focused on anomaly detection for intrusion detection systems, enterprise network traffic characterization, end-host profiling, and approximation techniques for data mining algorithms. Before joining Intel, Nina worked at Sprint for 5 years where she focused on measuring and analyzing Internet backbone traffic. Her research applied traffic analysis to ISP network design problems, such as traffic matrix estimation, traffic forecasting, routing under failures, and capacity planning. Prior to Sprint, Nina worked at SRI International where she focused on congestion control and QoS routing in ATM networks. She received her PhD degree from the University of California at Berkeley in 1994. Nina has been heavily involved in professional community activities for many years. She was the PC co-chair for SIGCOMM 2007, served as an associate editor for the IEEE Transactions on Networking (ToN) journal, and was a member of the ACM Internet Measurement Conference steering committee for 4 years. She has published over 50 technical papers, and holds 11 patents.