Networking Security Using Machine Learning

Research Statement

Automatically detecting and extracting patterns in network traffic can provide great insight and important solutions to problems in network security. How can we automatically detect and extract meaningful patterns in the sea of irregular network traffic for detecting various attacks? How can we do so in the presence of intelligent attackers performing evasion attacks to fool any automatic learner? What are the fundamental limits in this domain? This project aims to explore answers to these questions.

Overview

Machine Learning for Fingerprint Generation.
- FiG: Automatic Fingerprint Generation.
  Juan Caballero,Shobha Venkataraman, Pongsin Poosankam, Min Gyung Kang, Dawn Song and Avrim Blum. In Proceedings of NDSS, Feb 2007.
Machine Learning for Worm Signature Generation.
- Thwarting Signature Learning by Training Maliciously.
  James Newsome, Brad Karp, and Dawn Song. In Proceedings of the 9th International Symposium On Recent Advances In Intrusion Detection (RAID 2006), September 2006.
- Polygraph: Automatic Signature Generation for Polymorphic Worms
  James Newsome, Brad Karp, Dawn Song. In IEEE Security and Privacy Symposium, May 2005.
Machine Learning for Network Anomaly Detection.
- Black-box Anomaly Detection---Is it Utopian?
  Shobha Venkataraman, Juan Caballero, Dawn Song, Avrim Blum, Jennifer Yates. In Proceedings of HotNets, Nov 2006.
Machine Learning for Stepping Stone Detection.
- Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds
  Avrim Blum, Dawn Song, and Shobha Venkataraman. In Conference of Recent Advance in Intrusion Detection (RAID) 2004.
Machine Learning for Timing Attacks.
- Timing Analysis of Keystrokes and SSH Timing Attacks
  D. Song, D. Wagner, and X. Tian. In 10th USENIX Security Symposium, 2001.