Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploiting Machine Learning to Subvert Your Spam Filter

Published byLuke Nelson Modified over 6 years ago

Similar presentations

Presentation on theme: "Exploiting Machine Learning to Subvert Your Spam Filter"— Presentation transcript:

1 Exploiting Machine Learning to Subvert Your Spam Filter
Blaine Nelson / Marco Barreno / fuching Jack Chi / Anthony D. Joseph Benjamin I. P. Rubinstein / Udam Saini / Charles Sutton / J.D. Tygar / Kai Xia University of California, Berkeley April, 2008 Presented by: GyuYoung Lee

2 Introduction Do you know ? ☞ Spam Filtering System
☞ Machine learning is applied to Spam Filtering ☞ Adversary can exploit machine learning  Making Spam Filter to be useless  User give up using Spam Filter

3 Spam Filtering System Which part is most weak ? How can we attack ?
☞ Machine Learning How can we attack ? ☞ Poisoning Training Set

4 Poisoning Training Set
False Negative False Positive

5 Poisoning Effect If attacker wins at contaminating attack?
High false positives ☞ User loses so many legitimate s High false negatives ☞ User encounters so many spam s High unsure messages ☞ so many human decision required  No time saving ▣ Finally, user gives up using spam filter

6 Bayesian Spam Filtering - Concept
Three classifications Spam Ham(non-spam) Unsure Score Spam filter generate one score for ham and another for spam Strength ↓ false positives ↓ false negatives Weakness ↑ unsures (need human decision) message Spam score Ham score spam high low ham unsure

7 Bayesian Spam Filtering - Steps
Spamicity of words included in the Measure them respectively Combine them Evaluate the possibility that the can be spam

8 Bayesian Spam Filtering - Details
① Measure Spamicity of words respectively

9 Bayesian Spam Filtering - Steps
② Combine Spamicity of words

10 Bayesian Spam Filtering - Steps
③ Evaluate the possibility that the can be spam ☞ If (Pr > Threshold) then regard the as Spam

11 Attack Strategies Traditional attack : modify spam s  evade spam filter Attack in this paper : subvert the spam filter  drop legitimate s

12 Attack Styles Dictionary attack Focused attack
Include entire dictionary ☞ spam score of all tokens Legitimate ☞ marked as spam Focused attack Include only tokens in a particular target Target message ☞ marked as spam

13 Experiments – dictionary attack
We can find 1% attack s Accuracy falls significantly Filter unusable

14 Experiments – focused attack #1
Probability of guessing Guessing p increase  Attack is more Effective We can find Success of target attack  depends on prior knowledge

15 Experiments – focused attack #2
Condition Fix Guessing p to 0.5 X-axis N of msgs in the attack Y-axis % of msgs misclassified We can find Target is quickly blocked by the filter

16 Defenses – RONI RONI (Reject on Negative Impact) defense
Idea ☞ Measuring each ’s impact ☞ Removing deleterious messages from training set Method ☞ Measuring the effect of ☞ Testing performance difference with and without that Effect ☞ Perfectly identify all dictionary attacks ☞ Hard to identify focused attack s

17 Defenses – dynamic threshold
Dynamic threshold defense Method ☞ Dynamically adjusts two spots of threshold Effect ☞ Compared to SpamBayes alone, ☞ Misclassification is significantly reduced

18 Conclusion Adversary can disable SpamBayes filter Dictionary attack
Only 1% control  36% misclassification RONI can defense it effectively Dynamic threshold can mitigate it effectively Focused attackhard to defend by attack’s knowledge These Techniques can be effective Similar learning algorithms (ex) Bogo Filter Other learning system (ex) worm or intrusion detection

Download ppt "Exploiting Machine Learning to Subvert Your Spam Filter"

Similar presentations

1 Network-Level Spam Detection Nick Feamster Georgia Tech.

1 Network-Level Spam Detection Nick Feamster Georgia Tech.
Document Filtering Dr. Frank McCown Intro to Web Science Harding University This work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike.

Document Filtering Dr. Frank McCown Intro to Web Science Harding University This work is licensed under a Creative Commons Attribution-NonCommercial- ShareAlike.
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
Multisource Fusion for Opportunistic Detection and Probabilistic Assessment of Homeland Terrorist Threats Kathryn Blackmond Laskey & Tod S. Levitt presented.

Multisource Fusion for Opportunistic Detection and Probabilistic Assessment of Homeland Terrorist Threats Kathryn Blackmond Laskey & Tod S. Levitt presented.
On the Hardness of Evading Combinations of Linear Classifiers Daniel Lowd University of Oregon Joint work with David Stevens.

On the Hardness of Evading Combinations of Linear Classifiers Daniel Lowd University of Oregon Joint work with David Stevens.
Presented by: Alex Misstear Spam Filtering An Artificial Intelligence Showcase.

Presented by: Alex Misstear Spam Filtering An Artificial Intelligence Showcase.
IMF Mihály Andó IT-IS 6 November 2006. Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,

IMF Mihály Andó IT-IS 6 November Mihály Andó 2 / 11 6 November 2006 What is IMF? ­ Intelligent Message Filter ­ provides server-side message filtering,
Learning on User Behavior for Novel Worm Detection.

Learning on User Behavior for Novel Worm Detection.
Decision Tree Algorithm

Decision Tree Algorithm
1 Spam Filtering Using Bayesian Approach Presented by: Nitin Kumar.

1 Spam Filtering Using Bayesian Approach Presented by: Nitin Kumar.
Document Classification Comparison Evangel Sarwar, Josh Woolever, Rebecca Zimmerman.

Document Classification Comparison Evangel Sarwar, Josh Woolever, Rebecca Zimmerman.
Spam May 15 2006 CS239. Taxonomy E-mail (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:

Spam May CS239. Taxonomy (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:
Robust Real-Time Object Detection Paul Viola & Michael Jones.

Robust Real-Time Object Detection Paul Viola & Michael Jones.
An Effective Defense Against Email Spam Laundering Paper by: Mengjun Xie, Heng Yin, Haining Wang Presented at:CCS'06 Presentation by: Devendra Salvi.

An Effective Defense Against Spam Laundering Paper by: Mengjun Xie, Heng Yin, Haining Wang Presented at:CCS'06 Presentation by: Devendra Salvi.
Learning at Low False Positive Rate Scott Wen-tau Yih Joshua Goodman Learning for Messaging and Adversarial Problems Microsoft Research Geoff Hulten Microsoft.

Learning at Low False Positive Rate Scott Wen-tau Yih Joshua Goodman Learning for Messaging and Adversarial Problems Microsoft Research Geoff Hulten Microsoft.
Spam Filtering Techniques Arnold Perez Joseph Tilley.

Spam Filtering Techniques Arnold Perez Joseph Tilley.
Good Word Attacks on Statistical Spam Filters Daniel Lowd University of Washington (Joint work with Christopher Meek, Microsoft Research)

Good Word Attacks on Statistical Spam Filters Daniel Lowd University of Washington (Joint work with Christopher Meek, Microsoft Research)
Masquerade Detection Mark Stamp 1Masquerade Detection.

Masquerade Detection Mark Stamp 1Masquerade Detection.
Active Learning for Class Imbalance Problem

Active Learning for Class Imbalance Problem
Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Similar presentations

Ads by Google