‘Security Theater’: On the Vulnerability of Classifiers to Exploratory Attacks

Sethi, Tegjyot Singh; Kantardzic, Mehmed; Ryu, Joung Woo

doi:10.1007/978-3-319-57463-9_4

Cited by 8 publications

(16 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e researchers [81,83,84] proposed different techniques to detect adversarial examples in the input and to create different benign and adversarial examples. As we mentioned earlier, the target of the attacker is to add more noise to formulate [47] Changes the discriminant results Resource consuming [50][51][52] Misclassifies positive sample Integrity attack [53] False negative passes through the system Easily detected [54][55][56] Availability attack [57] False positive results in blocking records Time and resource consuming [58][59][60] Privacy violation attack [61] Easily exploit the training dataset Its performance is not reliable as it based on iterations [62][63][64] Targeted attack [65] Misclassified to any arbitrary class It does not provide assurance about the generated samples [66][67][68] Indiscriminate attack [69] Good trade-off Perturbation is high [70,71] Highly efficient 10 Mobile Information Systems effective adversarial examples. According to [83], it is not easy to detect such adaptive attacks, and some detection techniques effectively work while some ineffective.…”

Section: Detecting Adversarial Examplesmentioning

confidence: 99%

A Review of Deep Learning Security and Privacy Defensive Techniques

Tariq

Memon

Ahmed

et al. 2020

Mobile Information Systems

View full text Add to dashboard Cite

In recent past years, Deep Learning presented an excellent performance in different areas like image recognition, pattern matching, and even in cybersecurity. The Deep Learning has numerous advantages including fast solving complex problems, huge automation, maximum application of unstructured data, ability to give high quality of results, reduction of high costs, no need for data labeling, and identification of complex interactions, but it also has limitations like opaqueness, computationally intensive, need for abundant data, and more complex algorithms. In our daily life, we used many applications that use Deep Learning models to make decisions based on predictions, and if Deep Learning models became the cause of misprediction due to internal/external malicious effects, it may create difficulties in our real life. Furthermore, the Deep Learning training models often have sensitive information of the users and those models should not be vulnerable and expose security and privacy. The algorithms of Deep Learning and machine learning are still vulnerable to different types of security threats and risks. Therefore, it is necessary to call the attention of the industry in respect of security threats and related countermeasures techniques for Deep Learning, which motivated the authors to perform a comprehensive survey of Deep Learning security and privacy security challenges and countermeasures in this paper. We also discussed the open challenges and current issues.

show abstract

Section: Detecting Adversarial Examplesmentioning

confidence: 99%

A Review of Deep Learning Security and Privacy Defensive Techniques

Tariq

Memon

Ahmed

et al. 2020

Mobile Information Systems

View full text Add to dashboard Cite

show abstract

“…Machine learning systems deployed in the real world are vulnerable to exploratory attacks, which aim to degrade the learned model over time. Exploratory attacks are launched by an adversary by first learning about the characteristics of the system through carefully crafted probes and then morphing suspicious samples to cause evasion at test time (Biggio et al, ; Biggio, Fumera, & Roli, , ; Papernot, McDaniel, & Goodfellow, ; Sethi et al, ; Tramèr et al, ). Such attacks are commonplace and difficult to avoid, as they rely on the same black box access to the systems that a benign user is entitled to.…”

Section: Related Work On Security Of Machine Learningmentioning

confidence: 99%

“…By measuring adversarial cost in terms of the number of features which need evasion, the efficacy of feature‐bagged models was demonstrated (Lowd & Meek, ), as robust models by design will require a majority of the features to be modified for a successful evasion. This reasoning is not valid for the case of an indiscriminate exploratory attack, where an adversary is interested in generating any sample which evades C without any predefined set of attack samples (Sethi et al, ). In this setting, the impact of feature‐bagged ensemble is similar to that of a simple model as seen from the evasion probability and adversarial certainty computations of Table .…”

Section: Adversarial Uncertainty—on the Ability To React To Attacks Imentioning

confidence: 99%

“…One such black box, data-driven and algorithmic attack strategy, was proposed by Sethi et al (2017). The work by Sethi et al (2017) proposed the anchor points (AP) attack strategy, which uses an exploration-exploitation framework to perform evasion on classifiers, as shown in Figure 4. In these attacks, the adversary starts with exploration of the deployed classifier model (green) by using crafted probing samples.…”

Section: Exploratory Attacks On Classification-based Systemsmentioning

confidence: 99%

“…However, the increased exuberance in the application of machine learning has led to the overlooking of its security vulnerabilities. Recent works on adversarial machine learning (Papernot, McDaniel, Jha, et al, , ; Sethi, Kantardzic, & Ryu, ; Tramèr, Zhang, Juels, Reiter, & Ristenpart, ) have demonstrated that deployed classification systems are vulnerable to adversarial perturbations at test time, which cause the models to degrade over time. Such attacks on the integrity of machine learning systems are termed as exploratory attacks (Barreno, Nelson, Sears, Joseph, & Tygar, ), as they are caused at test time by an adversary learning and evading the characteristics of the deployed classifier model.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A dynamic‐adversarial mining approach to the security of machine learning

Sethi

Kantardzic

Lyu

et al. 2018

WIREs Data Min & Knowl

Self Cite

View full text Add to dashboard Cite

Operating in a dynamic real‐world environment requires a forward thinking and adversarial aware design for classifiers beyond fitting the model to the training data. In such scenarios, it is necessary to make classifiers such that they are: (a) harder to evade, (b) easier to detect changes in the data distribution over time, and (c) be able to retrain and recover from model degradation. While most works in the security of machine learning have concentrated on the evasion resistance problem (a), there is little work in the areas of reacting to attacks (b) and (c). Additionally, while streaming data research concentrates on the ability to react to changes to the data distribution, they often take an adversarial agnostic view of the security problem. This makes them vulnerable to adversarial activity, which is aimed toward evading the concept drift detection mechanism itself. In this paper, we analyze the security of machine learning from a dynamic and adversarial aware perspective. The existing techniques of restrictive one‐class classifier models, complex learning‐based ensemble models, and randomization‐based ensemble models are shown to be myopic as they approach security as a static task. These methodologies are ill suited for a dynamic environment, as they leak excessive information to an adversary who can subsequently launch attacks which are indistinguishable from the benign data. Based on empirical vulnerability analysis against a sophisticated adversary, a novel feature importance hiding approach for classifier design is proposed. The proposed design ensures that future attacks on classifiers can be detected and recovered from. The proposed work provides motivation, by serving as a blueprint, for future work in the area of dynamic‐adversarial mining, which combines lessons learned from streaming data mining, adversarial learning, and cybersecurity. This article is categorized under: Technologies > Machine Learning Technologies > Classification Fundamental Concepts of Data and Knowledge > Motivation and Emergence of Data Mining

show abstract

Towards Building Active Defense Systems for Software Applications

Perumal

Veeramachaneni

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

‘Security Theater’: On the Vulnerability of Classifiers to Exploratory Attacks

Cited by 8 publications

References 23 publications

A Review of Deep Learning Security and Privacy Defensive Techniques

A Review of Deep Learning Security and Privacy Defensive Techniques

A dynamic‐adversarial mining approach to the security of machine learning

Towards Building Active Defense Systems for Software Applications

Contact Info

Product

Resources

About