nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Vulnerability Detection and Analysis in Adversarial Deep Learning

verfasst von : Yi Shi, Yalin E. Sagduyu, Kemal Davaslioglu, Renato Levy

Erschienen in: Guide to Vulnerability Analysis for Computer Networks and Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Machine learning has been applied in various information systems, but its vulnerability has not been well understood yet. This chapter studies vulnerability to adversarial machine learning in information systems such as online services with interfaces that accept user data inputs and return machine learning results such as labels. Two types of attacks are considered: exploratory (or inference) attack and evasion attack. In an exploratory attack, the adversary collects labels of input data from an online classifier and applies deep learning to train a functionally equivalent classifier without knowing the inner working of the target classifier. The vulnerability includes the theft of intellectual property (quantified by the statistical similarity of the target and inferred classifiers) and the support of other attacks built upon the inference results. An example of follow-up attacks is the evasion attack, where the adversary deceives the classifier into misclassifying input data samples that are systematically selected based on the classification scores from the inferred classier. This attack is strengthened by generative adversarial networks (GANs) and adversarial perturbations producing synthetic data samples that are likely to be misclassified. The vulnerability is measured by the increase in misdetection rates. This quantitative understanding of the vulnerability in machine learning systems provides valuable insights into designing defence mechanisms against adversarial machine learning.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Defending Against Chained Cyber-Attacks by Adversarial Agents

Nächstes Kapitel SOCIO-LENS: Spotting Unsolicited Caller Through Network Analysis

Stratosphere IPS (2018). https://www.stratosphereips.org. Accessed 15 Mar 2018

Silver D, Huang A, Maddison CJ, Guez A, Sifre L, Van Den Driessche G, Schrittwieser J, Antonoglou I, Panneershelvam V, Lanctot M, et al (2016) Mastering the game of Go with deep neural networks and tree search. Nature 529(7587), 484–489

Goodfellow IJ, Shlens J, Szegedy C (2014) Explaining and harnessing adversarial examples. arXiv:1412.6572

Huang L, Joseph AD, Nelson B, Rubinstein BI, Tygar J (2011) Adversarial machine learning. In: Proceedings of the 4th ACM workshop on security and artificial intelligence. ACM, pp 43–58

Miller B, Kantchelian A, Afroz S, Bachwani R, Dauber E, Huang L, Tschantz MC, Joseph AD, Tygar JD (2014) Adversarial active learning. In: Proceedings of the 2014 workshop on artificial intelligent and security workshop. ACM, pp 3–14

Laskov P, Lippmann R (2010) Machine learning in adversarial environments. Springer, Berlin

Shi Y, Sagduyu Y, Grushin A (2017) How to steal a machine learning classifier with deep learning. In: 2017 IEEE international symposium on technologies for homeland security (HST). IEEE

Shi Y, Sagduyu YE (2017) Evasion and causative attacks with adversarial deep learning. In: MILCOM 2017-2017 IEEE military communications conference (MILCOM). IEEE, pp 243–248

Goodfellow I, Pouget-Abadie J, Mirza M, Xu B, Warde-Farley D, Ozair S, Courville A, Bengio Y (2014) Generative adversarial nets. In: Advances in neural information processing systems, pp 2672–2680

10.

Hornik K, Stinchcombe M, White H (1989) Multilayer feedforward networks are universal approximators. Neural Netw 2(5):359–366

11.

Cybenko G (1989) Approximation by superpositions of a sigmoidal function. Math Control Signals Syst 2(4):303–314

12.

LeCun Y et al (1989) Generalization and network design strategies. Connectionism in perspective, pp 143–155

13.

Hochreiter S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735–1780

14.

Rumelhart DE, Hinton GE, Williams RJ (1985) Learning internal representations by error propagation. Technical report, University of California, San Diego, La Jolla, Institute for Cognitive Science

15.

Microsoft Cognitive Toolkit (CNTK) (2018). https://docs.microsoft.com/en-us/cognitive-toolkit. Accessed 15 Mar 2018

16.

Abadi M, Agarwal A, Barham P, Brevdo E, Chen Z, Citro C, Corrado GS, Davis A, Dean J, Devin M et al (2016) Tensorflow: large-scale machine learning on heterogeneous distributed systems. arXiv:1603.04467

17.

Barreno M, Nelson B, Sears R, Joseph AD, Tygar JD (2006) Can machine learning be secure? In: Proceedings of the 2006 ACM symposium on information, computer and communications security. ACM, pp 16–25

18.

Ateniese G, Mancini LV, Spognardi A, Villani A, Vitali D, Felici G (2015) Hacking smart machines with smarter ones: how to extract meaningful data from machine learning classifiers. Int J Secur Netw 10(3):137–150

19.

Fredrikson M, Jha S, Ristenpart T (2015) Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of the 22nd ACM SIGSAC conference on computer and communications security. ACM, pp 1322–1333

20.

Tramèr F, Zhang F, Juels A, Reiter MK, Ristenpart T (2016) Stealing machine learning models via prediction APIs. In: USENIX security symposium, pp 601–618

21.

Biggio B, Corona I, Maiorca D, Nelson B, Šrndić N, Laskov P, Giacinto G, Roli F (2013) Evasion attacks against machine learning at test time. In: Joint European conference on machine learning and knowledge discovery in databases. Springer, Berlin, pp 387–402

22.

Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2016) Practical black-box attacks against deep learning systems using adversarial examples

23.

Kurakin A, Goodfellow I, Bengio S (2016) Adversarial examples in the physical world. arXiv:1607.02533

24.

Papernot N, McDaniel P, Jha S, Fredrikson M, Celik ZB, Swami A (2016) The limitations of deep learning in adversarial settings. In: 2016 IEEE European symposium on security and privacy (EuroS&P). IEEE, pp 372–387

25.

Pi L, Lu Z, Sagduyu Y, Chen S (2016) Defending active learning against adversarial inputs in automated document classification. In: 2016 IEEE global conference on signal and information processing (GlobalSIP). IEEE, pp 257–261

26.

Papernot N, McDaniel P, Goodfellow I, Jha S, Celik ZB, Swami A (2017) Practical black-box attacks against machine learning. In: Proceedings of the 2017 ACM on asia conference on computer and communications security. ACM, pp 506–519

27.

Flower Image Dataset (2018). https://www.tensorflow.org/tutorials/image_retraining. Accessed 15 Mar 2018

28.

Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2013) Intriguing properties of neural networks. arXiv:1312.6199

29.

Nguyen A, Yosinski J, Clune J (2015) Deep neural networks are easily fooled: high confidence predictions for unrecognizable images. In: Proceedings of the IEEE conference on computer vision and pattern recognition, pp 427–436

30.

Moosavi Dezfooli SM, Fawzi A, Frossard P (2016) Deepfool: a simple and accurate method to fool deep neural networks. In: Proceedings of 2016 IEEE conference on computer vision and pattern recognition (CVPR)

31.

Haykin S (2005) Cognitive radio: brain-empowered wireless communications. IEEE J Sel Areas Commun 23(2):201–220

32.

Soltani S, Sagduyu Y, Shi Y, Li J, Feldman J, Matyjas J (2015) Distributed cognitive radio network architecture, SDR implementation and emulation testbed. In: MILCOM 2015-2015 IEEE military communications conference. IEEE, pp 438–443

33.

Davaslioglu K, Sagduyu YE (2018) Generative adversarial learning for spectrum sensing. In: Accepted to IEEE international conference on communications (ICC). IEEE

34.

Shi Y, Sagduyu YE, Erpek T, Davaslioglu K, Lu Z, Li JH (2018) Adversarial deep learning for cognitive radio security: jamming attack and defense strategies. In: IEEE international communications conference workshop on promises and challenges of machine learning in communication networks. IEEE

Titel: Vulnerability Detection and Analysis in Adversarial Deep Learning
verfasst von: Yi Shi
Yalin E. Sagduyu
Kemal Davaslioglu
Renato Levy
Verlag: Springer International Publishing
Buch: Guide to Vulnerability Analysis for Computer Networks and Systems
Print ISBN: 978-3-319-92623-0

Electronic ISBN: 978-3-319-92624-7

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-92624-7_9

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"