DATE: Wednesday, September 29, 2010
TIME: 12:00 pm - 1:00 pm
PLACE: Gates 8102

Nina Taft
Intel Research Berkeley

TITLE: ANTIDOTE: Understanding and Defending against the Poisoning of Anomaly Detectors

The use of machine learning techniques to improve network design has gained much popularity in the last few years. When these techniques are applied to security problems, a fundamental problem arises; they are susceptible to adversaries who poison the learning phase of such techniques. When adversaries purposefully inject erroneous data into the network during the data-collection and profile-building phase of anomaly detectors, then the detectors learn the wrong model of what is "normal". Subsequently their ability to detect "abnormal" activities is compromised and attackers can circumvent the defense. In this talk, we'll discuss both poisoning techniques and defenses against poisoning, in the context of a particular anomaly detector – namely the PCA-subspace method that is used to identify anomalies in backbone networks. We first present three poisoning schemes, and show how attackers can substantially increase their chance of successfully evading detection with only moderate amounts of chaff. Moreover such poisoning throws off the balance between false positives and false negatives.  To combat these poisoning activities, we design an antidote by proposing an alternate PCA-based detector that incorporates ideas from the field of robust statistics. We'll show how our techniques significantly reduce the effectiveness of poisoning for a variety of poisoning scenarios. We also illustrate that they restore a good balance between false positives and false negatives for the vast majority of the end-to-end flows.

Nina Taft is currently a senior research scientist and a manager at Intel Labs Berkeley.  Nina has worked in a number of areas including monitoring and measurement, traffic characterization, anomaly detection and botnet discovery, end-host troubleshooting and recently has started working on technology for victims of natural disasters. She conducted a large body of research in the area of traffic matrix estimation. Before joining Intel, Nina worked at Sprint for 5 years where she focused on measuring and analysing Internet backbone traffic.  Prior to Sprint, Nina worked at SRI International where she focused on congestion control and QoS routing in ATM networks. She received her PhD degree from the University of Berkeley in 1994. Nina has been heavily involved in professional community activities for many years. She was the PC co-chair for SIGCOMM 2007, served as an associate editor for the IEEE Transactions on Networking (ToN) journal, and was a member of the ACM Internet Measurement Conference steering committee for 4 years. 

Visitor Host: Srini Seshan
Coordinator: Angela Miller (

SDI / LCS Seminar Questions?
Karen Lindenfelser, 86716, or visit