Antidote

Rubinstein, Benjamin I. P.; Nelson, Brent D.; Huang, Ling; Joseph, Anthony D.; Lau, Shing-hon; Rao, Satish; Taft, Nina; Tygar, J. D.

doi:10.1145/1644893.1644895

Cited by 243 publications

(15 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As ML models need to be updated to recognize new threats, adversaries may aim to poison the ML model by injecting misleading training data. Rubinstein et al [37] and Biggio et al [38] demonstrated such poisoning attacks against anomaly detectors and support vector machines (SVM). Specifically for mobile malware detection systems, Chen et al [39] discussed how to automate poisoning attacks and defenses.…”

Section: Attacks On Machine Learning Models and Deep Neural Networkmentioning

confidence: 99%

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Preuveneers

Joosen

2021

JCP

View full text Add to dashboard Cite

Cyber threat intelligence (CTI) sharing is the collaborative effort of sharing information about cyber attacks to help organizations gain a better understanding of threats and proactively defend their systems and networks from cyber attacks. The challenge that we address is the fact that traditional indicators of compromise (IoC) may not always capture the breath or essence of a cyber security threat or attack campaign, possibly leading to false alert fatigue and missed detections with security analysts. To tackle this concern, we designed and evaluated a CTI solution that complements the attribute and tagging based sharing of indicators of compromise with machine learning (ML) models for collaborative threat detection. We implemented our solution on top of MISP, TheHive, and Cortex—three state-of-practice open source CTI sharing and incident response platforms—to incrementally improve the accuracy of these ML models, i.e., reduce the false positives and false negatives with shared counter-evidence, as well as ascertain the robustness of these models against ML attacks. However, the ML models can be attacked as well by adversaries that aim to evade detection. To protect the models and to maintain confidentiality and trust in the shared threat intelligence, we extend our previous research to offer fine-grained access to CP-ABE encrypted machine learning models and related artifacts to authorized parties. Our evaluation demonstrates the practical feasibility of the ML model based threat intelligence sharing, including the ability of accounting for indicators of adversarial ML threats.

show abstract

Section: Attacks On Machine Learning Models and Deep Neural Networkmentioning

confidence: 99%

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Preuveneers

Joosen

2021

JCP

View full text Add to dashboard Cite

show abstract

“…When frequently updating an ML model to account for new threats, malicious adversaries can launch causative/data poisoning attacks to inject misleading training data intentionally so that an ML model becomes ineffective. For example, various poisoning attacks on specific ML algorithms [17,18] were able to bypass intrusion detection systems. More recently, Chen et al [19] demonstrated how to automate poisoning attacks against malware detection systems.…”

Section: Machine Learning In Adversarial Settingsmentioning

confidence: 99%

Chained Anomaly Detection Models for Federated Learning: An Intrusion Detection Case Study

et al. 2018

View full text Add to dashboard Cite

The adoption of machine learning and deep learning is on the rise in the cybersecurity domain where these AI methods help strengthen traditional system monitoring and threat detection solutions. However, adversaries too are becoming more effective in concealing malicious behavior amongst large amounts of benign behavior data. To address the increasing time-to-detection of these stealthy attacks, interconnected and federated learning systems can improve the detection of malicious behavior by joining forces and pooling together monitoring data. The major challenge that we address in this work is that in a federated learning setup, an adversary has many more opportunities to poison one of the local machine learning models with malicious training samples, thereby influencing the outcome of the federated learning and evading detection. We present a solution where contributing parties in federated learning can be held accountable and have their model updates audited. We describe a permissioned blockchain-based federated learning method where incremental updates to an anomaly detection machine learning model are chained together on the distributed ledger. By integrating federated learning with blockchain technology, our solution supports the auditing of machine learning models without the necessity to centralize the training data. Experiments with a realistic intrusion detection use case and an autoencoder for anomaly detection illustrate that the increased complexity caused by blockchain technology has a limited performance impact on the federated learning, varying between 5 and 15%, while providing full transparency over the distributed training process of the neural network. Furthermore, our blockchain-based federated learning solution can be generalized and applied to more sophisticated neural network architectures and other use cases.

show abstract

“…Meanwhile, dynamic threshold defense recommended dynamically adjusting threshold values in SpamBayes. Although this approach increased accuracy with legitimate emails, it had difficulty to correctly label spam emails. Facing poisoning attacks against principal component analysis (PCA) subspace anomaly detection method in backbone network, Rubinstein et al (2009) proposed a robust PCA based defense approach. It maximized Median Absolute Deviation (MAD) instead of variance to compute principal components, and used a robust threshold value based on Laplace distribution instead of Gaussian.…”

Section: Robust and Secure Learning Strategiesmentioning

confidence: 99%

Adversarial machine learning for cybersecurity and computer vision: Current developments and challenges

2020

WIREs Computational Stats

View full text Add to dashboard Cite

We provide a comprehensive overview of adversarial machine learning focusing on two application domains, i.e., cybersecurity and computer vision. Research in adversarial machine learning addresses a significant threat to the wide application of machine learning techniques -they are vulnerable to carefully crafted attacks from malicious adversaries. For example, deep neural networks fail to correctly classify adversarial images, which are generated by adding imperceptible perturbations to clean images. We first discuss three main categories of attacks against machine learning techniques -poisoning attacks, evasion attacks, and privacy attacks. Then the corresponding defense approaches are introduced along with the weakness and limitations of the existing defense approaches. We notice adversarial samples in cybersecurity and computer vision are fundamentally different. While adversarial samples in cybersecurity often have different properties/distributions compared with training data, adversarial images in computer vision are created with minor input perturbations. This further complicates the development of robust learning techniques, because a robust learning technique must withstand different types of attacks.

show abstract

Antidote

Cited by 243 publications

References 32 publications

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Sharing Machine Learning Models as Indicators of Compromise for Cyber Threat Intelligence

Chained Anomaly Detection Models for Federated Learning: An Intrusion Detection Case Study

Adversarial machine learning for cybersecurity and computer vision: Current developments and challenges

Contact Info

Product

Resources

About