The Divergent Function of Androgen Receptor in Breast Cancer; Analysis of Steroid Mediators and Tumor Intracrinology

Recent research efforts on adversarial ML have investigated problem-space attacks, focusing on the generation of real evasive objects in domains where, unlike images, there is no clear inverse mapping to the feature space (e.g., software). However, the design, comparison, and real-world implications of problem-space attacks remain underexplored.This paper makes two major contributions. First, we propose a novel formalization for adversarial ML evasion attacks in the problem-space, which includes the definition of a comprehensive set of constraints on available transformations, preserved semantics, robustness to preprocessing, and plausibility. We shed light on the relationship between feature space and problem space, and we introduce the concept of side-effect features as the byproduct of the inverse feature-mapping problem. This enables us to define and prove necessary and sufficient conditions for the existence of problem-space attacks. We further demonstrate the expressive power of our formalization by using it to describe several attacks from related literature across different domains.Second, building on our formalization, we propose a novel problem-space attack on Android malware that overcomes past limitations. Experiments on a dataset with 170K Android apps from 2017 and 2018 show the practical feasibility of evading a state-of-the-art malware classifier along with its hardened version. Our results demonstrate that "adversarial-malware as a service" is a realistic threat, as we automatically generate thousands of realistic and inconspicuous adversarial applications at scale, where on average it takes only a few minutes to generate an adversarial app. Yet, out of the 1600+ papers on adversarial ML published in the past six years, roughly 40 focus on malware [15]-and many remain only in the feature space.Our formalization of problem-space attacks paves the way to more principled research in this domain. We responsibly release the code and dataset of our novel attack to other researchers, to encourage future work on defenses in the problem space.

show abstract

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

Marchetti

et al. 2016

View full text Add to dashboard Cite

Advanced Persistent Threats (APTs) are the most critical menaces to modern organizations and the most challenging attacks to detect. They span over long periods of time, use encrypted connections and mimic normal behaviors in order to evade detection based on traditional defensive solutions. We propose an innovative approach that is able to analyze efficiently high volumes of network traffic to reveal weak signals related to data exfiltrations and other suspect APT activities. The final result is a ranking of the most suspicious internal hosts; this rank allows security specialists to focus their analyses on a small set of hosts out of the thousands of machines that typically characterize large organizations. Experimental evaluations in a network environment consisting of about 10K hosts show the feasibility and effectiveness of the proposed approach. Our proposal based on security analytics paves the way to novel forms of automatic defense aimed at early detection of APTs in large and continuously varying networked systems

show abstract

EC2: Ensemble Clustering and Classification for Predicting Android Malware Families

Chakraborty

Pierazzi

Subrahmanian

2020

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

Enabling Fair ML Evaluations for Security

Pendlebury

Pierazzi

Jordaney

et al. 2018

View full text Add to dashboard Cite

show abstract

Detection and Threat Prioritization of Pivoting Attacks in Large Networks

Pierazzi

Colajanni

Marchetti

2020

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

Several advanced cyber attacks adopt the technique of "pivoting" through which attackers create a command propagation tunnel through two or more hosts in order to reach their final target. Identifying such malicious activities is one of the most tough research problems because of several challenges: command propagation is a rare event that cannot be detected through signatures, the huge amount of internal communications facilitates attackers evasion, timely pivoting discovery is computationally demanding. This paper describes the first pivoting detection algorithm that is based on network flows analyses, does not rely on any a-priori assumption on protocols and hosts, and leverages an original problem formalization in terms of temporal graph analytics. We also introduce a prioritization algorithm that ranks the detected paths on the basis of a threat score thus letting security analysts investigate just the most suspicious pivoting tunnels. Feasibility and effectiveness of our proposal are assessed through a broad set of experiments that demonstrate its higher accuracy and performance against related algorithms

show abstract

Countering Advanced Persistent Threats through security intelligence and big data analytics

Marchetti

Guido

Pierazzi

et al. 2016

View full text Add to dashboard Cite

Transcending TRANSCEND: Revisiting Malware Classification in the Presence of Concept Drift

Barbero

Pendlebury

Pierazzi

et al. 2022

View full text Add to dashboard Cite

A Probabilistic Logic of Cyber Deception

Jajodia

Park

Pierazzi

et al. 2017

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Malicious attackers often scan nodes in a network in order to identify vulnerabilities that they may exploit as they traverse the network. In this paper, we propose that the system generates a mix of true and false answers in response to scan requests. If the attacker believes that all scan results are true, then he will be on a wrong path. If he believes some scan results are faked, he would have to expend time and effort in order to separate fact from fiction. We propose a probabilistic logic of deception and show that various computations are NP-hard. We model the attacker’s state and show the effects of faked scan results. We then show how the defender can generate fake scan results in different states that minimize the damage the attacker can produce. We develop a Naive-PLD algorithm and a Fast-PLD heuristic algorithm for the defender to use and show experimentally that the latter performs well in a fraction of the run time of the former. We ran detailed experiments to assess the performance of these algorithms and further show that by running Fast-PLD off-line and storing the results, we can very efficiently answer run-time scan requests

show abstract

12 3 4

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Fabio Pierazzi

Intriguing Properties of Adversarial ML Attacks in the Problem Space

Analysis of high volumes of network traffic for Advanced Persistent Threat detection

EC2: Ensemble Clustering and Classification for Predicting Android Malware Families

Enabling Fair ML Evaluations for Security

Detection and Threat Prioritization of Pivoting Attacks in Large Networks

Countering Advanced Persistent Threats through security intelligence and big data analytics

Transcending TRANSCEND: Revisiting Malware Classification in the Presence of Concept Drift

A Probabilistic Logic of Cyber Deception

Contact Info

Product

Resources

About