Abstract:Mostanomaly detection systems rely on machine learning algorithms to derive a modelof normality that is later used to detect suspicious events. Some worksconducted over the last years have pointed out that such algorithms aregenerally susceptible to deception, notably in the form of attacks carefullyconstructed to evade detection. Various learning schemes have been proposed toovercome this weakness. One such system is KIDS (Keyed IDS), introduced atDIMVA’10. KIDS’ core idea is akin to the functioning of some cryptographicprimitives, namely to introduce a secret element (the key) into the scheme sothat some operations are infeasible without knowing it. In KIDS the learnedmodel and the computation of the anomaly score are both key-dependent, a factwhich presumably prevents an attacker from creating evasion attacks. In thiswork System that recovering the key is extremely simple provided that theattacker can interact with KIDS and get feedback about probing requests. Systemrealistic attacks for two different adversarial settings and show thatrecovering the key requires only a small amount of queries, which indicatesthat KIDS does not meet the claimed security properties. Systems revisit KIDS’central idea and provide heuristic arguments about its suitability andlimitations.
Keywords: Access File, Request for key,Upload files & generates Key.