Departmental Papers (ESE)


Anti-virus software based on unsupervised hierarchical clustering (HC) of malware samples has been shown to be vulnerable to poisoning attacks. In this kind of attack, a malicious player degrades anti-virus performance by submitting to the database samples specifically designed to collapse the classification hierarchy utilized by the anti-virus (and constructed through HC) or otherwise deform it in a way that would render it useless. Though each poisoning attack needs to be tailored to the particular HC scheme deployed, existing research seems to indicate that no particular HC method by itself is immune. We present results on applying a new notion of entropy for combinatorial dendrograms to the problem of controlling the influx of samples into the data base and deflecting poisoning attacks. In a nutshell, effective and tractable measures of change in hierarchy complexity are derived from the above, enabling on-the-fly flagging and rejection of potentially damaging samples. The information-theoretic underpinnings of these measures ensure their indifference to which particular poisoning algorithm is being used by the attacker, rendering them particularly attractive in this setting.

Sponsor Acknowledgements

Guralnik gratefully acknowledges support by the U.S. Air Force Office of Scientific Research under grant MURI FA9550-10-1-0567. Moran’s contribution to this work was funded by the U. S. Air Force Office of Scientific Research under grant No. FA9550-12-1-0418. Pezeshki wishes to acknowledge support by NSF under grant CCF-1422658. Arslan was supported by AFRL grant FA865015D1845 (subcontract 669737-1).

Document Type

Conference Paper

Subject Area

Kodlab, GRASP

Date of this Version


Publication Source

SPIE Proceedings





Copyright/Permission Statement

Copyright 2017 Society of Photo-Optical Instrumentation Engineers. One print or electronic copy may be made for personal use only. Systematic reproduction and distribution, duplication of any material in this paper for a fee or for commercial purposes, or modification of the content of the paper are prohibited.


poisoning attack, hierarchical clustering, hierarchical entropy measure

Additional Files

banana_small.mat (1 kB)
MATLAB file of the "banana" data set

hierarch_small.mat (1 kB)
MATLAB file of the "hierarchical" data set (11 kB)
Python library for discrete entropy computations (7 kB)
Python implementation of database and poisoning (2 kB)
Python script running the simulations in the paper (using libraries and (1 kB)
Python script plotting the simulation results in the paper



Date Posted: 17 May 2017