Attacking Machine Learning models as part of a cyber kill chain
This addresses the need for more secure processes in ML-based security solutions, but it is incremental as it builds on existing adversarial ML work.
The paper tackles the problem of securing machine learning models in network security by proposing a cyber kill-chain for attacking them, demonstrating a proof of concept to highlight vulnerabilities.
Machine learning is gaining popularity in the network security domain as many more network-enabled devices get connected, as malicious activities become stealthier, and as new technologies like Software Defined Networking emerge. Compromising machine learning model is a desirable goal. In fact, spammers have been quite successful getting through machine learning enabled spam filters for years. While previous works have been done on adversarial machine learning, none has been considered within a defense-in-depth environment, in which correct classification alone may not be good enough. For the first time, this paper proposes a cyber kill-chain for attacking machine learning models together with a proof of concept. The intention is to provide a high level attack model that inspire more secure processes in research/design/implementation of machine learning based security solutions.