Bridging statistical learning and formal reasoning for cyber attack detection

Author

Kexin Pei, Purdue University

Date of Award

4-2016

Degree Type

Thesis

Degree Name

Master of Science (MS)

Department

Computer Science

First Advisor

Dongyan Xu

Committee Chair

Dongyan Xu

Committee Member 1

Luo Si

Committee Member 2

Xiangyu Zhang

Abstract

Current cyber-infrastructures are facing increasingly stealthy attacks that implant malicious payloads under the cover of benign programs. Current attack detection approaches based on statistical learning methods may generate misleading decision boundaries when processing noisy data with such a mixture of benign and malicious behaviors. On the other hand, attack detection based on formal program analysis may lack completeness or adaptivity when modeling attack behaviors. In light of these limitations, we have developed LEAPS, an attack detection system based on supervised statistical learning to classify benign and malicious system events. Furthermore, we leverage control flow graphs inferred from the system event logs to enable automatic pruning of the training data, which leads to a more accurate classification model when applied to the testing data. Our extensive evaluation shows that, compared with pure statistical learning models, LEAPS achieves consistently higher accuracy when detecting real-world camouflaged attackswith benign program cover-up.

Recommended Citation

Pei, Kexin, "Bridging statistical learning and formal reasoning for cyber attack detection" (2016). Open Access Theses. 806.
https://docs.lib.purdue.edu/open_access_theses/806