575 research outputs found
Obfuscation of Malicious Behaviors for Thwarting Masquerade Detection Systems Based on Locality Features
In recent years, dynamic user verification has become one of the basic pillars for insider threat detection. From these threats, the research presented in this paper focuses on masquerader attacks, a category of insiders characterized by being intentionally conducted by persons outside the organization that somehow were able to impersonate legitimate users. Consequently, it is assumed that masqueraders are unaware of the protected environment within the targeted organization, so it is expected that they move in a more erratic manner than legitimate users along the compromised systems. This feature makes them susceptible to being discovered by dynamic user verification methods based on user profiling and anomaly-based intrusion detection. However, these approaches are susceptible to evasion through the imitation of the normal legitimate usage of the protected system (mimicry), which is being widely exploited by intruders. In order to contribute to their understanding, as well as anticipating their evolution, the conducted research focuses on the study of mimicry from the standpoint of an uncharted terrain: the masquerade detection based on analyzing locality traits. With this purpose, the problem is widely stated, and a pair of novel obfuscation methods are introduced: locality-based mimicry by action pruning and locality-based mimicry by noise generation. Their modus operandi, effectiveness, and impact are evaluated by a collection of well-known classifiers typically implemented for masquerade detection. The simplicity and effectiveness demonstrated suggest that they entail attack vectors that should be taken into consideration for the proper hardening of real organizations
Recommended from our members
Reviewable Automated Decision-Making: A Framework for Accountable Algorithmic Systems
This paper introduces reviewability as a framework for improving the
accountability of automated and algorithmic decision-making (ADM) involving
machine learning. We draw on an understanding of ADM as a socio-technical
process involving both human and technical elements, beginning before a
decision is made and extending beyond the decision itself. While explanations
and other model-centric mechanisms may assist some accountability concerns,
they often provide insufficient information of these broader ADM processes for
regulatory oversight and assessments of legal compliance. Reviewability
involves breaking down the ADM process into technical and organisational
elements to provide a systematic framework for determining the contextually
appropriate record-keeping mechanisms to facilitate meaningful review - both of
individual decisions and of the process as a whole. We argue that a
reviewability framework, drawing on administrative law's approach to reviewing
human decision-making, offers a practical way forward towards more a more
holistic and legally-relevant form of accountability for ADM
Process Mining Handbook
This is an open access book. This book comprises all the single courses given as part of the First Summer School on Process Mining, PMSS 2022, which was held in Aachen, Germany, during July 4-8, 2022. This volume contains 17 chapters organized into the following topical sections: Introduction; process discovery; conformance checking; data preprocessing; process enhancement and monitoring; assorted process mining topics; industrial perspective and applications; and closing
Computer Vision Applications for Autonomous Aerial Vehicles
Undoubtedly, unmanned aerial vehicles (UAVs) have experienced a great leap forward over the last decade. It is not surprising anymore to see a UAV being used to accomplish a certain task, which was previously carried out by humans or a former technology. The proliferation of special vision sensors, such as depth cameras, lidar sensors and thermal cameras, and major breakthroughs in computer vision and machine learning fields accelerated the advance of UAV research and technology. However, due to certain unique challenges imposed by UAVs, such as limited payload capacity, unreliable communication link with the ground stations and data safety, UAVs are compelled to perform many tasks on their onboard embedded processing units, which makes it difficult to readily implement the most advanced algorithms on UAVs. This thesis focuses on computer vision and machine learning applications for UAVs equipped with onboard embedded platforms, and presents algorithms that utilize data from multiple modalities. The presented work covers a broad spectrum of algorithms and applications for UAVs, such as indoor UAV perception, 3D understanding with deep learning, UAV localization, and structural inspection with UAVs.
Visual guidance and scene understanding without relying on pre-installed tags or markers is the desired approach for fully autonomous navigation of UAVs in conjunction with the global positioning systems (GPS), or especially when GPS information is either unavailable or unreliable. Thus, semantic and geometric understanding of the surroundings become vital to utilize vision as guidance in the autonomous navigation pipelines. In this context, first, robust altitude measurement, safe landing zone detection and doorway detection methods are presented for autonomous UAVs operating indoors. These approaches are implemented on Google Project Tango platform, which is an embedded platform equipped with various sensors including a depth camera. Next, a modified capsule network for 3D object classification is presented with weight optimization so that the network can be fit and run on memory-constrained platforms. Then, a semantic segmentation method for 3D point clouds is developed for a more general visual perception on a UAV equipped with a 3D vision sensor.
Next, this thesis presents algorithms for structural health monitoring applications involving UAVs. First, a 3D point cloud-based, drift-free and lightweight localization method is presented for depth camera-equipped UAVs that perform bridge inspection, where GPS signal is unreliable. Next, a thermal leakage detection algorithm is presented for detecting thermal anomalies on building envelopes using aerial thermography from UAVs. Then, building on our thermal anomaly identification expertise gained on the previous task, a novel performance anomaly identification metric (AIM) is presented for more reliable performance evaluation of thermal anomaly identification methods
์ธ๊ณต์ง๋ฅ ๋ณด์
ํ์๋
ผ๋ฌธ (๋ฐ์ฌ) -- ์์ธ๋ํ๊ต ๋ํ์ : ์์ฐ๊ณผํ๋ํ ํ๋๊ณผ์ ์๋ฌผ์ ๋ณดํ์ ๊ณต, 2021. 2. ์ค์ฑ๋ก.With the development of machine learning (ML), expectations for artificial intelligence (AI) technologies have increased daily. In particular, deep neural networks have demonstrated outstanding performance in many fields. However, if a deep-learning (DL) model causes mispredictions or misclassifications, it can cause difficulty, owing to malicious external influences.
This dissertation discusses DL security and privacy issues and proposes methodologies for security and privacy attacks. First, we reviewed security attacks and defenses from two aspects. Evasion attacks use adversarial examples to disrupt the classification process, and poisoning attacks compromise training by compromising the training data. Next, we reviewed attacks on privacy that can exploit exposed training data and defenses, including differential privacy and encryption.
For adversarial DL, we study the problem of finding adversarial examples against ML-based portable document format (PDF) malware classifiers. We believe that our problem is more challenging than those against ML models for image processing, owing to the highly complex data structure of PDFs, compared with traditional image datasets, and the requirement that the infected PDF should exhibit malicious behavior without being detected. We propose an attack using generative adversarial networks that effectively generates evasive PDFs using a variational autoencoder robust against adversarial examples.
For privacy in DL, we study the problem of avoiding sensitive data being misused and propose a privacy-preserving framework for deep neural networks. Our methods are based on generative models that preserve the privacy of sensitive data while maintaining a high prediction performance. Finally, we study the security aspect in biological domains to detect maliciousness in deoxyribonucleic acid sequences and watermarks to protect intellectual properties.
In summary, the proposed DL models for security and privacy embrace a diversity of research by attempting actual attacks and defenses in various fields.์ธ๊ณต์ง๋ฅ ๋ชจ๋ธ์ ์ฌ์ฉํ๊ธฐ ์ํด์๋ ๊ฐ์ธ๋ณ ๋ฐ์ดํฐ ์์ง์ด ํ์์ ์ด๋ค. ๋ฐ๋ฉด ๊ฐ์ธ์ ๋ฏผ๊ฐํ ๋ฐ์ดํฐ๊ฐ ์ ์ถ๋๋ ๊ฒฝ์ฐ์๋ ํ๋ผ์ด๋ฒ์ ์นจํด์ ์์ง๊ฐ ์๋ค. ์ธ๊ณต์ง๋ฅ ๋ชจ๋ธ์ ์ฌ์ฉํ๋๋ฐ ์์ง๋ ๋ฐ์ดํฐ๊ฐ ์ธ๋ถ์ ์ ์ถ๋์ง ์๋๋ก ํ๊ฑฐ๋, ์ต๋ช
ํ, ๋ถํธํ ๋ฑ์ ๋ณด์ ๊ธฐ๋ฒ์ ์ธ๊ณต์ง๋ฅ ๋ชจ๋ธ์ ์ ์ฉํ๋ ๋ถ์ผ๋ฅผ Private AI๋ก ๋ถ๋ฅํ ์ ์๋ค. ๋ํ ์ธ๊ณต์ง๋ฅ ๋ชจ๋ธ์ด ๋
ธ์ถ๋ ๊ฒฝ์ฐ ์ง์ ์์ ๊ถ์ด ๋ฌด๋ ฅํ๋ ์ ์๋ ๋ฌธ์ ์ ๊ณผ, ์
์์ ์ธ ํ์ต ๋ฐ์ดํฐ๋ฅผ ์ด์ฉํ์ฌ ์ธ๊ณต์ง๋ฅ ์์คํ
์ ์ค์๋ํ ์ ์๊ณ ์ด๋ฌํ ์ธ๊ณต์ง๋ฅ ๋ชจ๋ธ ์์ฒด์ ๋ํ ์ํ์ Secure AI๋ก ๋ถ๋ฅํ ์ ์๋ค.
๋ณธ ๋
ผ๋ฌธ์์๋ ํ์ต ๋ฐ์ดํฐ์ ๋ํ ๊ณต๊ฒฉ์ ๊ธฐ๋ฐ์ผ๋ก ์ ๊ฒฝ๋ง์ ๊ฒฐ์ ์ฌ๋ก๋ฅผ ๋ณด์ฌ์ค๋ค. ๊ธฐ์กด์ AEs ์ฐ๊ตฌ๋ค์ ์ด๋ฏธ์ง๋ฅผ ๊ธฐ๋ฐ์ผ๋ก ๋ง์ ์ฐ๊ตฌ๊ฐ ์งํ๋์๋ค. ๋ณด๋ค ๋ณต์กํ heterogenousํ PDF ๋ฐ์ดํฐ๋ก ์ฐ๊ตฌ๋ฅผ ํ์ฅํ์ฌ generative ๊ธฐ๋ฐ์ ๋ชจ๋ธ์ ์ ์ํ์ฌ ๊ณต๊ฒฉ ์ํ์ ์์ฑํ์๋ค. ๋ค์์ผ๋ก ์ด์ ํจํด์ ๋ณด์ด๋ ์ํ์ ๊ฒ์ถํ ์ ์๋ DNA steganalysis ๋ฐฉ์ด ๋ชจ๋ธ์ ์ ์ํ๋ค. ๋ง์ง๋ง์ผ๋ก ๊ฐ์ธ ์ ๋ณด ๋ณดํธ๋ฅผ ์ํด generative ๋ชจ๋ธ ๊ธฐ๋ฐ์ ์ต๋ช
ํ ๊ธฐ๋ฒ๋ค์ ์ ์ํ๋ค.
์์ฝํ๋ฉด ๋ณธ ๋
ผ๋ฌธ์ ์ธ๊ณต์ง๋ฅ ๋ชจ๋ธ์ ํ์ฉํ ๊ณต๊ฒฉ ๋ฐ ๋ฐฉ์ด ์๊ณ ๋ฆฌ์ฆ๊ณผ ์ ๊ฒฝ๋ง์ ํ์ฉํ๋๋ฐ ๋ฐ์๋๋ ํ๋ผ์ด๋ฒ์ ์ด์๋ฅผ ํด๊ฒฐํ ์ ์๋ ๊ธฐ๊ณํ์ต ์๊ณ ๋ฆฌ์ฆ์ ๊ธฐ๋ฐํ ์ผ๋ จ์ ๋ฐฉ๋ฒ๋ก ์ ์ ์ํ๋ค.Abstract i
List of Figures vi
List of Tables xiii
1 Introduction 1
2 Background 6
2.1 Deep Learning: a brief overview . . . . . . . . . . . . . . . . . . . 6
2.2 Security Attacks on Deep Learning Models . . . . . . . . . . . . . 10
2.2.1 Evasion Attacks . . . . . . . . . . . . . . . . . . . . . . . 12
2.2.2 Poisoning Attack . . . . . . . . . . . . . . . . . . . . . . . 20
2.3 Defense Techniques Against Deep Learning Models . . . . . . . . . 26
2.3.1 Defense Techniques against Evasion Attacks . . . . . . . . 27
2.3.2 Defense against Poisoning Attacks . . . . . . . . . . . . . . 36
2.4 Privacy issues on Deep Learning Models . . . . . . . . . . . . . . . 38
2.4.1 Attacks on Privacy . . . . . . . . . . . . . . . . . . . . . . 39
2.4.2 Defenses Against Attacks on Privacy . . . . . . . . . . . . 40
3 Attacks on Deep Learning Models 47
3.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.1.1 Threat Model . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.1.2 Portable Document Format (PDF) . . . . . . . . . . . . . . 55
3.1.3 PDF Malware Classifiers . . . . . . . . . . . . . . . . . . . 57
3.1.4 Evasion Attacks . . . . . . . . . . . . . . . . . . . . . . . 58
3.2 Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.2.1 Feature Extraction . . . . . . . . . . . . . . . . . . . . . . 60
3.2.2 Feature Selection Process . . . . . . . . . . . . . . . . . . 61
3.2.3 Seed Selection for Mutation . . . . . . . . . . . . . . . . . 62
3.2.4 Evading Model . . . . . . . . . . . . . . . . . . . . . . . . 63
3.2.5 Model architecture . . . . . . . . . . . . . . . . . . . . . . 67
3.2.6 PDF Repacking and Verification . . . . . . . . . . . . . . . 67
3.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
3.3.1 Datasets and Model Training . . . . . . . . . . . . . . . . . 68
3.3.2 Target Classifiers . . . . . . . . . . . . . . . . . . . . . . . 71
3.3.3 CVEs for Various Types of PDF Malware . . . . . . . . . . 72
3.3.4 Malicious Signature . . . . . . . . . . . . . . . . . . . . . 72
3.3.5 AntiVirus Engines (VirusTotal) . . . . . . . . . . . . . . . 76
3.3.6 Feature Mutation Result for Contagio . . . . . . . . . . . . 76
3.3.7 Feature Mutation Result for CVEs . . . . . . . . . . . . . . 78
3.3.8 Malicious Signature Verification . . . . . . . . . . . . . . . 78
3.3.9 Evasion Speed . . . . . . . . . . . . . . . . . . . . . . . . 80
3.3.10 AntiVirus Engines (VirusTotal) Result . . . . . . . . . . . . 82
3.4 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
4 Defense on Deep Learning Models 88
4.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
4.1.1 Message-Hiding Regions . . . . . . . . . . . . . . . . . . . 91
4.1.2 DNA Steganography . . . . . . . . . . . . . . . . . . . . . 92
4.1.3 Example of Message Hiding . . . . . . . . . . . . . . . . . 94
4.1.4 DNA Steganalysis . . . . . . . . . . . . . . . . . . . . . . 95
4.2 Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
4.2.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
4.2.2 Proposed Model Architecture . . . . . . . . . . . . . . . . 103
4.3 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
4.3.1 Experiment Setup . . . . . . . . . . . . . . . . . . . . . . . 105
4.3.2 Environment . . . . . . . . . . . . . . . . . . . . . . . . . 106
4.3.3 Dataset . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
4.3.4 Model Training . . . . . . . . . . . . . . . . . . . . . . . . 107
4.3.5 Message Hiding Procedure . . . . . . . . . . . . . . . . . . 108
4.3.6 Evaluation Procedure . . . . . . . . . . . . . . . . . . . . . 109
4.3.7 Performance Comparison . . . . . . . . . . . . . . . . . . . 109
4.3.8 Analyzing Malicious Code in DNA Sequences . . . . . . . 112
4.4 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5 Privacy: Generative Models for Anonymizing Private Data 115
5.1 Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
5.1.1 Notations . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
5.1.2 Anonymization using GANs . . . . . . . . . . . . . . . . . 119
5.1.3 Security Principle of Anonymized GANs . . . . . . . . . . 123
5.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.2.1 Datasets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.2.2 Target Classifiers . . . . . . . . . . . . . . . . . . . . . . . 126
5.2.3 Model Training . . . . . . . . . . . . . . . . . . . . . . . . 126
5.2.4 Evaluation Process . . . . . . . . . . . . . . . . . . . . . . 126
5.2.5 Comparison to Differential Privacy . . . . . . . . . . . . . 128
5.2.6 Performance Comparison . . . . . . . . . . . . . . . . . . . 128
5.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
6 Privacy: Privacy-preserving Inference for Deep Learning Models 132
6.1 Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
6.1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 135
6.1.2 Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
6.1.3 Deep Private Generation Framework . . . . . . . . . . . . . 137
6.1.4 Security Principle . . . . . . . . . . . . . . . . . . . . . . . 141
6.1.5 Threat to the Classifier . . . . . . . . . . . . . . . . . . . . 143
6.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
6.2.1 Datasets . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
6.2.2 Experimental Process . . . . . . . . . . . . . . . . . . . . . 146
6.2.3 Target Classifiers . . . . . . . . . . . . . . . . . . . . . . . 147
6.2.4 Model Training . . . . . . . . . . . . . . . . . . . . . . . . 147
6.2.5 Model Evaluation . . . . . . . . . . . . . . . . . . . . . . . 149
6.2.6 Performance Comparison . . . . . . . . . . . . . . . . . . . 150
6.3 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
7 Conclusion 153
7.0.1 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . 154
7.0.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . 155
Bibliography 157
Abstract in Korean 195Docto
A Comprehensive Survey of Data Mining-based Fraud Detection Research
This survey paper categorises, compares, and summarises from almost all
published technical and review articles in automated fraud detection within the
last 10 years. It defines the professional fraudster, formalises the main types
and subtypes of known fraud, and presents the nature of data evidence collected
within affected industries. Within the business context of mining the data to
achieve higher cost savings, this research presents methods and techniques
together with their problems. Compared to all related reviews on fraud
detection, this survey covers much more technical articles and is the only one,
to the best of our knowledge, which proposes alternative data and solutions
from related domains.Comment: 14 page
On the Safety of Interpretable Machine Learning: A Maximum Deviation Approach
Interpretable and explainable machine learning has seen a recent surge of
interest. We focus on safety as a key motivation behind the surge and make the
relationship between interpretability and safety more quantitative. Toward
assessing safety, we introduce the concept of maximum deviation via an
optimization problem to find the largest deviation of a supervised learning
model from a reference model regarded as safe. We then show how
interpretability facilitates this safety assessment. For models including
decision trees, generalized linear and additive models, the maximum deviation
can be computed exactly and efficiently. For tree ensembles, which are not
regarded as interpretable, discrete optimization techniques can still provide
informative bounds. For a broader class of piecewise Lipschitz functions, we
leverage the multi-armed bandit literature to show that interpretability
produces tighter (regret) bounds on the maximum deviation. We present case
studies, including one on mortgage approval, to illustrate our methods and the
insights about models that may be obtained from deviation maximization.Comment: Published at NeurIPS 202
- โฆ