Exploiting Machine Learning to Subvert Your Spam Filter

Slides:



Advertisements
Similar presentations
1 Network-Level Spam Detection Nick Feamster Georgia Tech.
Advertisements

Document Filtering Dr. Frank McCown Intro to Web Science Harding University This work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike.
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
Multisource Fusion for Opportunistic Detection and Probabilistic Assessment of Homeland Terrorist Threats Kathryn Blackmond Laskey & Tod S. Levitt presented.
On the Hardness of Evading Combinations of Linear Classifiers Daniel Lowd University of Oregon Joint work with David Stevens.
Presented by: Alex Misstear Spam Filtering An Artificial Intelligence Showcase.
IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,
Learning on User Behavior for Novel Worm Detection.
Decision Tree Algorithm
1 Spam Filtering Using Bayesian Approach Presented by: Nitin Kumar.
Document Classification Comparison Evangel Sarwar, Josh Woolever, Rebecca Zimmerman.
Spam May CS239. Taxonomy (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:
Robust Real-Time Object Detection Paul Viola & Michael Jones.
An Effective Defense Against Spam Laundering Paper by: Mengjun Xie, Heng Yin, Haining Wang Presented at:CCS'06 Presentation by: Devendra Salvi.
Learning at Low False Positive Rate Scott Wen-tau Yih Joshua Goodman Learning for Messaging and Adversarial Problems Microsoft Research Geoff Hulten Microsoft.
Spam Filtering Techniques Arnold Perez Joseph Tilley.
Good Word Attacks on Statistical Spam Filters Daniel Lowd University of Washington (Joint work with Christopher Meek, Microsoft Research)
Masquerade Detection Mark Stamp 1Masquerade Detection.
Active Learning for Class Imbalance Problem
Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.
Reporter: Li, Fong Ruei National Taiwan University of Science and Technology 9/19/2015Slide 1 (of 32)
Security Evaluation of Pattern Classifiers under Attack.
Distributed Denial of Service CRyptography Applications Bistro Presented by Lingxuan Hu April 15, 2004.
nd Joint Workshop between Security Research Labs in JAPAN and KOREA Profile-based Web Application Security System Kyungtae Kim High Performance.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Spam Filtering. From: "" Subject: real estate is the only way... gem oalvgkay Anyone can buy real estate with no money down Stop paying rent TODAY ! There.
Enron Corpus: A New Dataset for Classification By Bryan Klimt and Yiming Yang CEAS 2004 Presented by Will Lee.
Boosting of classifiers Ata Kaban. Motivation & beginnings Suppose we have a learning algorithm that is guaranteed with high probability to be slightly.
SCAVENGER: A JUNK MAIL CLASSIFICATION PROGRAM Rohan Malkhare Committee : Dr. Eugene Fink Dr. Dewey Rundus Dr. Alan Hevner.
Who Is Peeping at Your Passwords at Starbucks? To Catch an Evil Twin Access Point DSN 2010 Yimin Song, Texas A&M University Chao Yang, Texas A&M University.
Adapting Statistical Filtering David Kohlbrenner IT.com TJHSST.
1 A Study of Supervised Spam Detection Applied to Eight Months of Personal E- Mail Gordon Cormack and Thomas Lynam Presented by Hui Fang.
Improving Spam Detection Based on Structural Similarity By Luiz H. Gomes, Fernando D. O. Castro, Rodrigo B. Almeida, Luis M. A. Bettencourt, Virgílio A.
Introduction Use machine learning and various classifying techniques to be able to create an algorithm that can decipher between spam and ham s. .
Using Machine Learning Techniques in Stylometry Ramyaa, Congzhou He, Dr. Khaled Rasheed.
Leveraging Delivery for Spam Mitigation.
Machine Learning for Spam Filtering 1 Sai Koushik Haddunoori.
Search Worms, ACM Workshop on Recurring Malcode (WORM) 2006 N Provos, J McClain, K Wang Dhruv Sharma
Bayesian Filtering Team Glyph Debbie Bridygham Pravesvuth Uparanukraw Ronald Ko Rihui Luo Thuong Luu Team Glyph Debbie Bridygham Pravesvuth Uparanukraw.
EE515/IS523: Security 101: Think Like an Adversary Evading Anomarly Detection through Variance Injection Attacks on PCA Benjamin I.P. Rubinstein, Blaine.
A False Positive Safe Neural Network for Spam Detection Alexandru Catalin Cosoi
Spam Filtering Using Statistical Data Compression Models Andrej Bratko, Bogdan Filipič, Gordon V. Cormack, Thomas R. Lynam, Blaž Zupan Journal of Machine.
Naïve Bayes Classifier April 25 th, Classification Methods (1) Manual classification Used by Yahoo!, Looksmart, about.com, ODP Very accurate when.
Presented by Tyler Bjornestad and Rodney Weakly.  One app, all your favorite news feeds  Customizable  Client-server  Uses Bayesian algorithm to make.
DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.
An Effective Defense Against Spam Laundering Author: Mengjun Xie, Heng Yin, Haining Wang Presented At: CCS’ 06 Prepared By: Amit Shrivastava.
Spam: An Analysis of Spam Filters Joe Chiarella Jason O’Brien Advisors: Professor Wills and Professor Claypool.
Network Security Lab Jelena Mirkovic Sig NewGrad presentantion.
Learning to Detect and Classify Malicious Executables in the Wild by J
Internet Quarantine: Requirements for Containing Self-Propagating Code
Figure 5: Change in Blackjack Posterior Distributions over Time.
Machine Learning for Computer Security
Instant Design Challenge
Session 7: Face Detection (cont.)
Decision Trees (suggested time: 30 min)
Analyzing Behavioral Features for Classification
Source: Procedia Computer Science(2015)70:
KDD 2004: Adversarial Classification
Cost-Sensitive Learning
Poisoning Attacks with Back-Gradient Optimization
Asymmetric Gradient Boosting with Application to Spam Filtering
Data Mining Classification: Alternative Techniques
Retrieval of audio testimonials via voice search
Cost-Sensitive Learning
Detecting Targeted Attacks Using Shadow Honeypots
Ensembles.
DDoS Attack and Its Defense
Text Mining Application Programming Chapter 9 Text Categorization
Introduction to Internet Worm
Spam control Old emphasis: detect spam
Presentation transcript:

Exploiting Machine Learning to Subvert Your Spam Filter Blaine Nelson / Marco Barreno / fuching Jack Chi / Anthony D. Joseph Benjamin I. P. Rubinstein / Udam Saini / Charles Sutton / J.D. Tygar / Kai Xia University of California, Berkeley April, 2008 Presented by: GyuYoung Lee

Introduction Do you know ? ☞ Spam Filtering System ☞ Machine learning is applied to Spam Filtering ☞ Adversary can exploit machine learning  Making Spam Filter to be useless  User give up using Spam Filter

Spam Filtering System Which part is most weak ? How can we attack ? ☞ Machine Learning How can we attack ? ☞ Poisoning Training Set

Poisoning Training Set False Negative False Positive

Poisoning Effect If attacker wins at contaminating attack? High false positives ☞ User loses so many legitimate e-mails High false negatives ☞ User encounters so many spam e-mails High unsure messages ☞ so many human decision required  No time saving ▣ Finally, user gives up using spam filter

Bayesian Spam Filtering - Concept Three classifications Spam Ham(non-spam) Unsure Score Spam filter generate one score for ham and another for spam Strength ↓ false positives ↓ false negatives Weakness ↑ unsures (need human decision) message Spam score Ham score spam high low ham unsure

Bayesian Spam Filtering - Steps Spamicity of words included in the e-mail Measure them respectively Combine them Evaluate the possibility that the e-mail can be spam

Bayesian Spam Filtering - Details ① Measure Spamicity of words respectively

Bayesian Spam Filtering - Steps ② Combine Spamicity of words

Bayesian Spam Filtering - Steps ③ Evaluate the possibility that the e-mail can be spam ☞ If (Pr > Threshold) then regard the e-mail as Spam

Attack Strategies Traditional attack : modify spam emails  evade spam filter Attack in this paper : subvert the spam filter  drop legitimate emails

Attack Styles Dictionary attack Focused attack Include entire dictionary ☞ spam score of all tokens Legitimate email ☞ marked as spam Focused attack Include only tokens in a particular target e-mail Target message ☞ marked as spam

Experiments – dictionary attack We can find 1% attack emails Accuracy falls significantly Filter unusable

Experiments – focused attack #1 Probability of guessing Guessing p increase  Attack is more Effective We can find Success of target attack  depends on prior knowledge

Experiments – focused attack #2 Condition Fix Guessing p to 0.5 X-axis N of msgs in the attack Y-axis % of msgs misclassified We can find Target e-mail is quickly blocked by the filter

Defenses – RONI RONI (Reject on Negative Impact) defense Idea ☞ Measuring each email’s impact ☞ Removing deleterious messages from training set Method ☞ Measuring the effect of email ☞ Testing performance difference with and without that e-mail Effect ☞ Perfectly identify all dictionary attacks ☞ Hard to identify focused attack emails

Defenses – dynamic threshold Dynamic threshold defense Method ☞ Dynamically adjusts two spots of threshold Effect ☞ Compared to SpamBayes alone, ☞ Misclassification is significantly reduced

Conclusion Adversary can disable SpamBayes filter Dictionary attack Only 1% control  36% misclassification RONI can defense it effectively Dynamic threshold can mitigate it effectively Focused attackhard to defend by attack’s knowledge These Techniques can be effective Similar learning algorithms (ex) Bogo Filter Other learning system (ex) worm or intrusion detection

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.