Virtual Event: Sometimes, You Aren't What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems
Sometimes, You Aren’t What You Do: Mimicry Attacks against Provenance Graph Host Intrusion Detection Systems
Ph.D. student in the Computer Science Department at the University of Illinois Urbana-Champaign will discuss how mimicry attacks continue to appear against provenance graph host intrusion detection systems.
Abstract: Reliable methods for host-layer intrusion detection remained an open problem within computer security. Recent research has recast intrusion detection as a provenance graph anomaly detection problem thanks to concurrent advancements in machine learning and causal graph auditing. While these approaches show promise, their robustness against an adaptive adversary has yet to be proven. In particular, it is unclear if mimicry attacks, which plagued past approaches to host intrusion detection, have a similar effect on modern graph-based methods.
In this work, we reveal that systematic design choices have allowed mimicry attacks to continue to abound in provenance graph host intrusion detection systems (Prov-IDS).
Against a corpus of exemplar Prov-IDS, we develop evasion tactics that allow attackers to hide within benign process behaviors. Evaluating against public datasets, we demonstrate that an attacker can consistently evade detection (100% success rate) without modifying the underlying attack behaviors. We go on to show that our approach is feasible in live attack scenarios and outperforms domain-general adversarial sample techniques. Through open-sourcing our code and datasets, this work will serve as a benchmark for the evaluation of future Prov-IDS.
Bio: Akul Goyal is a Ph.D. student in the Computer Science Department at the University of Illinois at Urbana-Champaign. He is currently being advised by Professor Adam Bates. Akul’s research interests are focused on data provenance and anomaly detection. In the past, Akul has worked with Professor Yang Liu in noise-resistant machine learning and Professor Sesh Comandur in combinatorial graph counting algorithms. Akul obtained his MS and BS at the University of California Santa Cruz in 2019.
This event is part of the Spring 2023 Guest Speakers Series.