2 research outputs found
Detecting and Adapting to Irregular Distribution Shifts in Bayesian Online Learning
We consider the problem of online learning in the presence of distribution
shifts that occur at an unknown rate and of unknown intensity. We derive a new
Bayesian online inference approach to simultaneously infer these distribution
shifts and adapt the model to the detected changes by integrating ideas from
change point detection, switching dynamical systems, and Bayesian online
learning. Using a binary 'change variable,' we construct an informative prior
such that--if a change is detected--the model partially erases the information
of past model updates by tempering to facilitate adaptation to the new data
distribution. Furthermore, the approach uses beam search to track multiple
change-point hypotheses and selects the most probable one in hindsight. Our
proposed method is model-agnostic, applicable in both supervised and
unsupervised learning settings, suitable for an environment of concept drifts
or covariate drifts, and yields improvements over state-of-the-art Bayesian
online learning approaches.Comment: Published version, Neural Information Processing Systems 202
When the Guard failed the Droid: A case study of Android malware
Android malware is a persistent threat to billions of users around the world.
As a countermeasure, Android malware detection systems are occasionally
implemented. However, these systems are often vulnerable to \emph{evasion
attacks}, in which an adversary manipulates malicious instances so that they
are misidentified as benign. In this paper, we launch various innovative
evasion attacks against several Android malware detection systems. The
vulnerability inherent to all of these systems is that they are part of
Androguard~\cite{desnos2011androguard}, a popular open source library used in
Android malware detection systems. Some of the detection systems decrease to a
0\% detection rate after the attack. Therefore, the use of open source
libraries in malware detection systems calls for caution.
In addition, we present a novel evaluation scheme for evasion attack
generation that exploits the weak spots of known Android malware detection
systems. In so doing, we evaluate the functionality and maliciousness of the
manipulated instances created by our evasion attacks. We found variations in
both the maliciousness and functionality tests of our manipulated apps. We show
that non-functional apps, while considered malicious, do not threaten users and
are thus useless from an attacker's point of view. We conclude that evasion
attacks must be assessed for both functionality and maliciousness to evaluate
their impact, a step which is far from commonplace today