MLCapsule: Guarded Offline Deployment of Machine Learning as a Service

With the widespread use of machine learning (ML) techniques, ML as a service has become increasingly popular. In this setting, an ML model resides on a server and users can query it with their data via an API. However, if the user's input is sensitive, sending it to the server is undesirable and sometimes even legally not possible. Equally, the service provider does not want to share the model by sending it to the client for protecting its intellectual property and pay-per-query business model. In this paper, we propose MLCapsule, a guarded offline deployment of machine learning as a service. MLCapsule executes the model locally on the user's side and therefore the data never leaves the client. Meanwhile, MLCapsule offers the service provider the same level of control and security of its model as the commonly used server-side execution. In addition, MLCapsule is applicable to offline applications that require local execution. Beyond protecting against direct model access, we couple the secure offline deployment with defenses against advanced attacks on machine learning models such as model stealing, reverse engineering, and membership inference

Digital watermarking and novel security devices

EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Adaptive Traffic Fingerprinting for Darknet Threat Intelligence

Darknet technology such as Tor has been used by various threat actors for organising illegal activities and data exfiltration. As such, there is a case for organisations to block such traffic, or to try and identify when it is used and for what purposes. However, anonymity in cyberspace has always been a domain of conflicting interests. While it gives enough power to nefarious actors to masquerade their illegal activities, it is also the cornerstone to facilitate freedom of speech and privacy. We present a proof of concept for a novel algorithm that could form the fundamental pillar of a darknet-capable Cyber Threat Intelligence platform. The solution can reduce anonymity of users of Tor, and considers the existing visibility of network traffic before optionally initiating targeted or widespread BGP interception. In combination with server HTTP response manipulation, the algorithm attempts to reduce the candidate data set to eliminate client-side traffic that is most unlikely to be responsible for server-side connections of interest. Our test results show that MITM manipulated server responses lead to expected changes received by the Tor client. Using simulation data generated by shadow, we show that the detection scheme is effective with false positive rate of 0.001, while sensitivity detecting non-targets was 0.016+-0.127. Our algorithm could assist collaborating organisations willing to share their threat intelligence or cooperate during investigations.Comment: 26 page

Security issues on digital watermarking algorithms

This paper gives a general introduction to the digital watermarking procedures and their security aspects. The first issue is to clarify unifying and differentiating properties of steganography and watermarking. Then the most important aspects of digital watermarking are reviewed by studying application, requirement and design problems. We put emphasis on the importance of digital watermark as an effective technology to protect intellectual property rights and legitimate use of digital images. In the paper we provide an overview of the most popular digital watermarking methods for still images available today. The watermarking algorithms are divided into two major categories of spatial and transform domains. Because of outstanding robustness and imperceptibility the transform domain algorithms are the mainstream of research. Popular transforms of images include the DFT (Discrete Fourier Transform) ([1, 2, 3, 4, 5]), DCT (Discrete Cosine Transform) ([1, 3, 6, 5]) and DWT (Discrete Wavelet Transform) ([1, 3, 4, 7, 6, 5]). In the paper we emphasize the advantageous features of DWT such as local time-frequency and multi-scale analysis, preserving the quality of host image and ensuring high robustness of watermark. Finally, we present three algorithms which are based on the combination of DWT and some other transformations like DFT ([4]), DCT ([6]) and the Arnold transform ([7, 6]). Finally, we discuss security requirements and possible attacks on the watermarking systems

Survey on relational database watermarking techniques

Digital watermarking has been in multimedia data use over the past years. Recently it has become applicable in relational database system not only to secure copyright ownership but also to ensure data contents integrity. Further, it is used in locating tampered and modified places. However, the watermarking relational database has its own requirements, challenges, attacks and limitations. This paper, surveys recent database watermarking techniques focusing on the importance of watermarking relational database, the difference between watermarking relational database and multimedia objects, the issues in watermarking relational database, type of attacks on watermarked database, classifications, distortion introduced and the embedded information. The comparative study shows that watermarking relational database can be an effective tool for copyright protection, tampered detection, and hacker tracing while maintaining the integrity of data contents. In addition, this study explores the current issues in watermarking relational database as well as the significant differences between watermarking multimedia data and relational database contents. Finally, it provides a classification of database watermarking techniques according to the way of selecting the candidate key attributes and tuples, distortion introduced and decoding methods used