4,668 research outputs found
Adversarial behaviours knowledge area
The technological advancements witnessed by our society in recent decades have brought
improvements in our quality of life, but they have also created a number of opportunities for
attackers to cause harm. Before the Internet revolution, most crime and malicious activity
generally required a victim and a perpetrator to come into physical contact, and this limited
the reach that malicious parties had. Technology has removed the need for physical contact
to perform many types of crime, and now attackers can reach victims anywhere in the world, as long as they are connected to the Internet. This has revolutionised the characteristics of crime and warfare, allowing operations that would not have been possible before. In this document, we provide an overview of the malicious operations that are happening on the Internet today. We first provide a taxonomy of malicious activities based on the attackerâs motivations and capabilities, and then move on to the technological and human elements that adversaries require to run a successful operation. We then discuss a number of frameworks that have been proposed to model malicious operations. Since adversarial behaviours are not a purely technical topic, we draw from research in a number of fields (computer science, criminology, war studies). While doing this, we discuss how these frameworks can be used by researchers and practitioners to develop effective mitigations against malicious online operations.Published versio
Adversarial Machine Learning in Network Intrusion Detection Systems
Adversarial examples are inputs to a machine learning system intentionally
crafted by an attacker to fool the model into producing an incorrect output.
These examples have achieved a great deal of success in several domains such as
image recognition, speech recognition and spam detection. In this paper, we
study the nature of the adversarial problem in Network Intrusion Detection
Systems (NIDS). We focus on the attack perspective, which includes techniques
to generate adversarial examples capable of evading a variety of machine
learning models. More specifically, we explore the use of evolutionary
computation (particle swarm optimization and genetic algorithm) and deep
learning (generative adversarial networks) as tools for adversarial example
generation. To assess the performance of these algorithms in evading a NIDS, we
apply them to two publicly available data sets, namely the NSL-KDD and
UNSW-NB15, and we contrast them to a baseline perturbation method: Monte Carlo
simulation. The results show that our adversarial example generation techniques
cause high misclassification rates in eleven different machine learning models,
along with a voting classifier. Our work highlights the vulnerability of
machine learning based NIDS in the face of adversarial perturbation.Comment: 25 pages, 6 figures, 4 table
Efficient Energy Distribution in a Smart Grid using Multi-Player Games
Algorithms and models based on game theory have nowadays become prominent
techniques for the design of digital controllers for critical systems. Indeed,
such techniques enable automatic synthesis: given a model of the environment
and a property that the controller must enforce, those techniques automatically
produce a correct controller, when it exists. In the present paper, we consider
a class of concurrent, weighted, multi-player games that are well-suited to
model and study the interactions of several agents who are competing for some
measurable resources like energy. We prove that a subclass of those games
always admit a Nash equilibrium, i.e. a situation in which all players play in
such a way that they have no incentive to deviate. Moreover, the strategies
yielding those Nash equilibria have a special structure: when one of the agents
deviate from the equilibrium, all the others form a coalition that will enforce
a retaliation mechanism that punishes the deviant agent. We apply those results
to a real-life case study in which several smart houses that produce their own
energy with solar panels, and can share this energy among them in micro-grid,
must distribute the use of this energy along the day in order to avoid
consuming electricity that must be bought from the global grid. We demonstrate
that our theory allows one to synthesise an efficient controller for these
houses: using penalties to be paid in the utility bill as an incentive, we
force the houses to follow a pre-computed schedule that maximises the
proportion of the locally produced energy that is consumed.Comment: In Proceedings Cassting'16/SynCoP'16, arXiv:1608.0017
Ensuring the resilience of wireless sensor networks to malicious data injections through measurements inspection
Malicious data injections pose a severe threat to the systems based on \emph{Wireless Sensor Networks} (WSNs) since they give the attacker control over the measurements, and on the system's status and response in turn. Malicious measurements are particularly threatening when used to spoof or mask events of interest, thus eliciting or preventing desirable responses. Spoofing and masking attacks are particularly difficult to detect since they depict plausible behaviours, especially if multiple sensors have been compromised and \emph{collude} to inject a coherent set of malicious measurements.
Previous work has tackled the problem through \emph{measurements inspection}, which analyses the inter-measurements correlations induced by the physical phenomena. However, these techniques consider simplistic attacks and are not robust to collusion. Moreover, they assume highly predictable patterns in the measurements distribution, which are invalidated by the unpredictability of events.
We design a set of techniques that effectively \emph{detect} malicious data injections in the presence of sophisticated collusion strategies, when one or more events manifest.
Moreover, we build a methodology to \emph{characterise} the likely compromised sensors.
We also design \emph{diagnosis} criteria that allow us to distinguish anomalies arising from malicious interference and faults.
In contrast with previous work, we test the robustness of our methodology with automated and sophisticated attacks, where the attacker aims to evade detection. We conclude that our approach outperforms state-of-the-art approaches. Moreover, we estimate quantitatively the WSN degree of resilience and provide a methodology to give a WSN owner an assured degree of resilience by automatically designing the WSN deployment.
To deal also with the extreme scenario where the attacker has compromised most of the WSN, we propose a combination with \emph{software attestation techniques}, which are more reliable when malicious data is originated by a compromised software, but also more expensive, and achieve an excellent trade-off between cost and resilience.Open Acces
Impact of Low-bitwidth Quantization on the Adversarial Robustness for Embedded Neural Networks
As the will to deploy neural networks models on embedded systems grows, and
considering the related memory footprint and energy consumption issues, finding
lighter solutions to store neural networks such as weight quantization and more
efficient inference methods become major research topics. Parallel to that,
adversarial machine learning has risen recently with an impressive and
significant attention, unveiling some critical flaws of machine learning
models, especially neural networks. In particular, perturbed inputs called
adversarial examples have been shown to fool a model into making incorrect
predictions. In this article, we investigate the adversarial robustness of
quantized neural networks under different threat models for a classical
supervised image classification task. We show that quantization does not offer
any robust protection, results in severe form of gradient masking and advance
some hypotheses to explain it. However, we experimentally observe poor
transferability capacities which we explain by quantization value shift
phenomenon and gradient misalignment and explore how these results can be
exploited with an ensemble-based defense
Explaining Explanations in AI
Recent work on interpretability in machine learning and AI has focused on the building of simplified models that approximate the true criteria used to make decisions. These models are a useful pedagogical device for teaching trained professionals how to predict what decisions will be made by the complex system, and most importantly how the system might break. However, when considering any such model itâs important to remember Boxâs maxim that "All models are wrong but some are useful." We focus on the distinction between these models and explanations in philosophy and sociology. These models can be understood as a "do it yourself kit" for explanations, allowing a practitioner to directly answer "what if questions" or generate contrastive explanations without external assistance. Although a valuable ability, giving these models as explanations appears more difficult than necessary, and other forms of explanation may not have the same trade-offs. We contrast the different schools of thought on what makes an explanation, and suggest that machine learning might benefit from viewing the problem more broadly
Characterological formulations of persons in neighbourhood complaint sequences
This article shows how speakers mobilise characterological formulations of others and,
particularly, âtypesâ of persons, in social action. We extend previous work in discursive
psychology, in which notions of self or othersâ identity have been well-studied as categorial
practices, by focusing specifically on the occasioned use of â[descriptor] personâ
formulations which index the characteristics of people. Drawing on a British corpus of 315
telephone calls about neighbour problems (e.g., noise, verbal abuse) to environmental health
and mediation services, we show that callers build in-situ descriptions of self and neighbour
for the practical activity of complaining or defending against accusations - as types of people
that are, for instance, reasonable (e.g., âIâm an extremely tolerant personâ) in contrast to their
neighboursâ shortcomings (e.g., âHeâs a rather obnoxious personâ). Our findings demonstrate
that psychological predicates of self and other, indexed through characterological
formulations, are recipient designed (i.e., formulated to display an orientation to co-present
others) in ways that shape the institutional relevance for service provision. We conclude that,
like many other aspects of the psychological thesaurus, âcharacter typesâ are not just the
preserve of psychologists, but a routine resource for ordinary social interaction
- âŠ