Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Game-Theoretic Neyman-Pearson Detection to Combat Strategic Evasion

Yinan Hu, Juntao Chen, Quanyan Zhu

TL;DR

This work captures the conflicting relationship between a strategic evasive attacker and an evasion-aware NP detector and shows that the evasion-aware NP detectors outperform the non-strategic ones by allowing them to take advantage of the attacker’s messages to adaptively modify their decision rules to enhance their success rate in detecting anomalies.

Abstract

The security in networked systems depends greatly on recognizing and identifying adversarial behaviors. Traditional detection methods focus on specific categories of attacks and have become inadequate for increasingly stealthy and deceptive attacks that are designed to bypass detection strategically. This work aims to develop a holistic theory to countermeasure such evasive attacks. We focus on extending a fundamental class of statistical-based detection methods based on Neyman-Pearson's (NP) hypothesis testing formulation. We propose game-theoretic frameworks to capture the conflicting relationship between a strategic evasive attacker and an evasion-aware NP detector. By analyzing both the equilibrium behaviors of the attacker and the NP detector, we characterize their performance using Equilibrium Receiver-Operational-Characteristic (EROC) curves. We show that the evasion-aware NP detectors outperform the passive ones in the way that the former can act strategically against the attacker's behavior and adaptively modify their decision rules based on the received messages. In addition, we extend our framework to a sequential setting where the user sends out identically distributed messages. We corroborate the analytical results with a case study of anomaly detection.

Game-Theoretic Neyman-Pearson Detection to Combat Strategic Evasion

TL;DR

This work captures the conflicting relationship between a strategic evasive attacker and an evasion-aware NP detector and shows that the evasion-aware NP detectors outperform the non-strategic ones by allowing them to take advantage of the attacker’s messages to adaptively modify their decision rules to enhance their success rate in detecting anomalies.

Abstract

The security in networked systems depends greatly on recognizing and identifying adversarial behaviors. Traditional detection methods focus on specific categories of attacks and have become inadequate for increasingly stealthy and deceptive attacks that are designed to bypass detection strategically. This work aims to develop a holistic theory to countermeasure such evasive attacks. We focus on extending a fundamental class of statistical-based detection methods based on Neyman-Pearson's (NP) hypothesis testing formulation. We propose game-theoretic frameworks to capture the conflicting relationship between a strategic evasive attacker and an evasion-aware NP detector. By analyzing both the equilibrium behaviors of the attacker and the NP detector, we characterize their performance using Equilibrium Receiver-Operational-Characteristic (EROC) curves. We show that the evasion-aware NP detectors outperform the passive ones in the way that the former can act strategically against the attacker's behavior and adaptively modify their decision rules based on the received messages. In addition, we extend our framework to a sequential setting where the user sends out identically distributed messages. We corroborate the analytical results with a case study of anomaly detection.
Paper Structure (26 sections, 8 theorems, 54 equations, 7 figures)

This paper contains 26 sections, 8 theorems, 54 equations, 7 figures.

Table of Contents

  1. Introduction
  2. Related Works
  3. Problem Formulation of Passive Detectors
  4. The Threat Model
  5. Detector's Decision Rule
  6. The optimal strategy of a passive detector
  7. The attacker's equilibrium strategies
  8. The Formulation of a Proactive Detector
  9. The Signaling Game Formulation
  10. Equilibrium Analysis
  11. Detector's Optimal Decision Rule
  12. Attacker's Equilibrium Strategies
  13. Detection Rate Only: When $\lambda = 0$
  14. The KL Divergence Only: $\lambda\rightarrow\infty$
  15. General Case: $0<\lambda <\infty$
  16. ...and 11 more sections

Key Result

Lemma 1

Let $\langle M,\mathcal{M} \rangle$ be a Polish probability space endowed with atomless measures $F_0,F_1\in\Delta(M)$. Then, for any atomless probability measures $\hat{\Sigma}_0,\hat{\Sigma}_1\in \Delta(M)$, there exist measurable isomorphisms $\mu_0,\mu_1: M\rightarrow M$ such that In other words, the measures $\Sigma_0,\Sigma_1$ are push-forward measures folland1999real_analysis of the measur

Figures (7)

  • Figure 1: The adversarial detection with an attacker in the middle. The nature first draws a message $m'\in M$ based on a randomly chosen hypothesis from either the null $H_0$ or the alternative $H_1$ hypothesis. It can be interpreted as the scenario where a user of known type (e.g., normal or abnormal) is drawn from a prior distribution. An attacker observes the type or the hypothesis $i\in\{0,1\}$ and the associated message $m'$. The attacker chooses a strategy $\mu_i$ to distort the message and send $m=\mu_i(m')$ to the detector with the goal to mislead the detection result. The detector relies on her knowledge and designs a passive or proactive detection strategy to optimize her detection performance.
  • Figure 2: The game tree of the signaling game $\mathcal{G}_2$ capturing the interactions between the attacker and the proactive detector. The attacker observes the type (i.e., $H_0$ or $H_1$), receives a sample from the user, and sends strategically distorted message $m$ to the detector. Finally, the detector makes a decision $i\in\{0,1\}$ based on the manipulated message and the posterior belief. The payoffs for each outcome of the game are depicted at the bottom of the game tree.
  • Figure 3: An illustration of attacker's optimal strategies $\sigma^*_1,\sigma^*_0$ (red, dashed lines) in comparison with the original distributions $f_1,f_0$ (blue, solid lines). The vanilla distributions $f_1,f_0$ are binom$(10,0.8)$ and binom$(10,0.4)$. We choose $\lambda=0.4$. The red arrows indicate the region of rejection under the attacker's manipulation $M_1$, while the blue arrows indicate the uncorrupted region of rejection $\hat{M}_1$.
  • Figure 4: In (a)(b) we depict the attacker's equilibrium strategies \ref{['eq:signal_equil_0']}, \ref{['eq:signal_equil_1']} against an evasion-aware IDS; in (c)(d) we illustrate the attacker's equilibrium strategies against a robust IDS fauss2016robust_band_hypo_testing.
  • Figure 5: EROC curves of a non-adversarial IDS, a non-strategic IDS, an evasion-aware IDS, and a robust IDS at equilibrium strategies. The true distributions under each hypothesis are both Bernoulli distributions specified in \ref{['hypo:binom']} with parameters $\theta_1 = 0.966$ and $\theta_0 = 0.292$. The parameter $\lambda=0.2$.
  • ...and 2 more figures

Theorems & Definitions (14)

  • Lemma 1
  • Theorem 1
  • Definition 1: The game of a proactive detector
  • Lemma 2
  • Proposition 1
  • Proposition 2
  • Proposition 3
  • Proposition 4
  • proof
  • Definition 2: History of action profiles
  • ...and 4 more