Denial of Information Attacks in Event Processing

Automated Denial of Information Attacks. It is a common assumption in event processing that the events are “clean”, i.e., they come from well-behaved and trustworthy sources. This assumption does not hold in all major open communications media for several reasons. First, adversaries may spread massive noise data, e.g., in email spam. Second, adversaries may inject potentially interesting, but obfuscating data that distracts the user’s attention, e.g., in honeypot web spam pages. Third, adversaries may introduce purposefully misleading information, e.g., in phishing attacks. We call these intentional and automated attempts to generate and spread noise, obfuscating, and misleading information denial of information (DOI) attacks [3][6]. With the continuous advances in information technology, the quality and quantity of automatically generated DOI attacks have been increasing exponentially. In the public information area, observed DOI attacks include spam, web spam, and blog spam. Predicted DOI attacks include spit (spam over VoIP) and social network analysis (to be described below). The automated nature of the DOI attacks makes it increasingly difficult, if not impossible, for humans to defend themselves. The main hypothesis of this short paper is that we need to create and strengthen automated defense techniques and tools to help defuse and mitigate automated DOI attacks. Arms Race between DOI Attacks and Defenses. Typical DOI attacks and defenses are engaged in an arms race. This can be illustrated with the co-evolution of spam messages and automated email filters employed by spam victims [1][4]. As spam messages became a serious problem, victims introduced keyword filters (Round One) to distinguish spam from legitimate messages. In response (Round Two), the spam producers adopted the misspelling attack (e.g., V1AGtRA), which is very effective against keyword filters because a victim's manual specification of keywords is quickly overrun by the automated random generation of misspellings. With the decline of keyword filters, Round Three began with the victims’ adoption of statistical learning filters (e.g., Naïve Bayes), which were initially very effective. In response to learning filters (Round Four), spam producers introduced camouflaged content into their spam messages, which now contain both spam content and legitimate-looking camouflage designed specifically to trick the learning filters to raise their legitimacy scores. In response to camouflaged content (Round Five), victims have begun using refined learning, a process in which learning filters are incrementally trained with camouflaged spam messages. In response (Round Six), spam producers started using software tools to randomize their camouflage content to escape refined learning filters. The last 4 rounds constitute an example of the adversarial learning research area. Potential Solutions for Adversarial Learning in DOI Defenses. Adversarial learning is a special kind of statistical learning, where the training data is under the influence of an adversary. The general problem of adversarial learning leads to an endless arms race, where game theory can be applied. Somewhat surprisingly, we have found an interesting solution [4] to the arms race between spam producers and victims by exploiting the asymmetry between spam messages and legitimate messages. We observed that typical legitimate messages do not contain “strong spam” tokens (e.g., misspellings of VIAGRA) that only appear in spam messages, whether they are camouflaged or not. Our main result is a training strategy (that works for Naive Bayes, SVM, and LogitBoost) that generates camouflage-resistant filters without retraining. The ongoing research applies similar ideas (and new ideas) to other adversarial