22,369 research outputs found
Identification of Smart Jammers: Learning based Approaches Using Wavelet Representation
Smart jammer nodes can disrupt communication between a transmitter and a
receiver in a wireless network, and they leave traces that are undetectable to
classical jammer identification techniques, hidden in the time-frequency plane.
These traces cannot be effectively identified through the use of the classical
Fourier transform based time-frequency transformation (TFT) techniques with a
fixed resolution. Inspired by the adaptive resolution property provided by the
wavelet transforms, in this paper, we propose a jammer identification
methodology that includes a pre-processing step to obtain a multi-resolution
image, followed by the use of a classifier. Support vector machine (SVM) and
deep convolutional neural network (DCNN) architectures are investigated as
classifiers to automatically extract the features of the transformed signals
and to classify them. Three different jamming attacks are considered, the
barrage jamming that targets the complete transmission bandwidth, the
synchronization signal jamming attack that targets synchronization signals and
the reference signal jamming attack that targets the reference signals in an
LTE downlink transmission scenario. The performance of the proposed approach is
compared with the classical Fourier transform based TFT techniques,
demonstrating the efficacy of the proposed approach in the presence of smart
jammers
DARTS: Deceiving Autonomous Cars with Toxic Signs
Sign recognition is an integral part of autonomous cars. Any
misclassification of traffic signs can potentially lead to a multitude of
disastrous consequences, ranging from a life-threatening accident to even a
large-scale interruption of transportation services relying on autonomous cars.
In this paper, we propose and examine security attacks against sign recognition
systems for Deceiving Autonomous caRs with Toxic Signs (we call the proposed
attacks DARTS). In particular, we introduce two novel methods to create these
toxic signs. First, we propose Out-of-Distribution attacks, which expand the
scope of adversarial examples by enabling the adversary to generate these
starting from an arbitrary point in the image space compared to prior attacks
which are restricted to existing training/test data (In-Distribution). Second,
we present the Lenticular Printing attack, which relies on an optical
phenomenon to deceive the traffic sign recognition system. We extensively
evaluate the effectiveness of the proposed attacks in both virtual and
real-world settings and consider both white-box and black-box threat models.
Our results demonstrate that the proposed attacks are successful under both
settings and threat models. We further show that Out-of-Distribution attacks
can outperform In-Distribution attacks on classifiers defended using the
adversarial training defense, exposing a new attack vector for these defenses.Comment: Submitted to ACM CCS 2018; Extended version of [1801.02780] Rogue
Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logo
Audio-replay attack detection countermeasures
This paper presents the Speech Technology Center (STC) replay attack
detection systems proposed for Automatic Speaker Verification Spoofing and
Countermeasures Challenge 2017. In this study we focused on comparison of
different spoofing detection approaches. These were GMM based methods, high
level features extraction with simple classifier and deep learning frameworks.
Experiments performed on the development and evaluation parts of the challenge
dataset demonstrated stable efficiency of deep learning approaches in case of
changing acoustic conditions. At the same time SVM classifier with high level
features provided a substantial input in the efficiency of the resulting STC
systems according to the fusion systems results.Comment: 11 pages, 3 figures, accepted for Specom 201
Classification-Based Anomaly Detection for General Data
Anomaly detection, finding patterns that substantially deviate from those
seen previously, is one of the fundamental problems of artificial intelligence.
Recently, classification-based methods were shown to achieve superior results
on this task. In this work, we present a unifying view and propose an open-set
method, GOAD, to relax current generalization assumptions. Furthermore, we
extend the applicability of transformation-based methods to non-image data
using random affine transformations. Our method is shown to obtain
state-of-the-art accuracy and is applicable to broad data types. The strong
performance of our method is extensively validated on multiple datasets from
different domains.Comment: ICLR'2
Rogue Signs: Deceiving Traffic Sign Recognition with Malicious Ads and Logos
We propose a new real-world attack against the computer vision based systems
of autonomous vehicles (AVs). Our novel Sign Embedding attack exploits the
concept of adversarial examples to modify innocuous signs and advertisements in
the environment such that they are classified as the adversary's desired
traffic sign with high confidence. Our attack greatly expands the scope of the
threat posed to AVs since adversaries are no longer restricted to just
modifying existing traffic signs as in previous work. Our attack pipeline
generates adversarial samples which are robust to the environmental conditions
and noisy image transformations present in the physical world. We ensure this
by including a variety of possible image transformations in the optimization
problem used to generate adversarial samples. We verify the robustness of the
adversarial samples by printing them out and carrying out drive-by tests
simulating the conditions under which image capture would occur in a real-world
scenario. We experimented with physical attack samples for different distances,
lighting conditions and camera angles. In addition, extensive evaluations were
carried out in the virtual setting for a variety of image transformations. The
adversarial samples generated using our method have adversarial success rates
in excess of 95% in the physical as well as virtual settings.Comment: Extended abstract accepted for the 1st Deep Learning and Security
Workshop; 5 pages, 4 figure
Evaluating and Improving Adversarial Robustness of Machine Learning-Based Network Intrusion Detectors
Machine learning (ML), especially deep learning (DL) techniques have been
increasingly used in anomaly-based network intrusion detection systems (NIDS).
However, ML/DL has shown to be extremely vulnerable to adversarial attacks,
especially in such security-sensitive systems. Many adversarial attacks have
been proposed to evaluate the robustness of ML-based NIDSs. Unfortunately,
existing attacks mostly focused on feature-space and/or white-box attacks,
which make impractical assumptions in real-world scenarios, leaving the study
on practical gray/black-box attacks largely unexplored.
To bridge this gap, we conduct the first systematic study of the
gray/black-box traffic-space adversarial attacks to evaluate the robustness of
ML-based NIDSs. Our work outperforms previous ones in the following aspects:
(i) practical-the proposed attack can automatically mutate original traffic
with extremely limited knowledge and affordable overhead while preserving its
functionality; (ii) generic-the proposed attack is effective for evaluating the
robustness of various NIDSs using diverse ML/DL models and non-payload-based
features; (iii) explainable-we propose an explanation method for the fragile
robustness of ML-based NIDSs. Based on this, we also propose a defense scheme
against adversarial attacks to improve system robustness. We extensively
evaluate the robustness of various NIDSs using diverse feature sets and ML/DL
models. Experimental results show our attack is effective (e.g., >97% evasion
rate in half cases for Kitsune, a state-of-the-art NIDS) with affordable
execution cost and the proposed defense method can effectively mitigate such
attacks (evasion rate is reduced by >50% in most cases).Comment: This article has been accepted for publication by IEEE JSA
Using Rough Set and Support Vector Machine for Network Intrusion Detection
The main function of IDS (Intrusion Detection System) is to protect the
system, analyze and predict the behaviors of users. Then these behaviors will
be considered an attack or a normal behavior. Though IDS has been developed for
many years, the large number of return alert messages makes managers maintain
system inefficiently. In this paper, we use RST (Rough Set Theory) and SVM
(Support Vector Machine) to detect intrusions. First, RST is used to preprocess
the data and reduce the dimensions. Next, the features were selected by RST
will be sent to SVM model to learn and test respectively. The method is
effective to decrease the space density of data. The experiments will compare
the results with different methods and show RST and SVM schema could improve
the false positive rate and accuracy.Comment: 13 Page
Deep Learning for Wireless Communications
Existing communication systems exhibit inherent limitations in translating
theory to practice when handling the complexity of optimization for emerging
wireless applications with high degrees of freedom. Deep learning has a strong
potential to overcome this challenge via data-driven solutions and improve the
performance of wireless systems in utilizing limited spectrum resources. In
this chapter, we first describe how deep learning is used to design an
end-to-end communication system using autoencoders. This flexible design
effectively captures channel impairments and optimizes transmitter and receiver
operations jointly in single-antenna, multiple-antenna, and multiuser
communications. Next, we present the benefits of deep learning in spectrum
situation awareness ranging from channel modeling and estimation to signal
detection and classification tasks. Deep learning improves the performance when
the model-based methods fail. Finally, we discuss how deep learning applies to
wireless communication security. In this context, adversarial machine learning
provides novel means to launch and defend against wireless attacks. These
applications demonstrate the power of deep learning in providing novel means to
design, optimize, adapt, and secure wireless communications
Adversarial Examples: Opportunities and Challenges
Deep neural networks (DNNs) have shown huge superiority over humans in image
recognition, speech processing, autonomous vehicles and medical diagnosis.
However, recent studies indicate that DNNs are vulnerable to adversarial
examples (AEs), which are designed by attackers to fool deep learning models.
Different from real examples, AEs can mislead the model to predict incorrect
outputs while hardly be distinguished by human eyes, therefore threaten
security-critical deep-learning applications. In recent years, the generation
and defense of AEs have become a research hotspot in the field of artificial
intelligence (AI) security. This article reviews the latest research progress
of AEs. First, we introduce the concept, cause, characteristics and evaluation
metrics of AEs, then give a survey on the state-of-the-art AE generation
methods with the discussion of advantages and disadvantages. After that, we
review the existing defenses and discuss their limitations. Finally, future
research opportunities and challenges on AEs are prospected.Comment: 16 pages, 13 figures, 5 table
Robustness Of Saak Transform Against Adversarial Attacks
Image classification is vulnerable to adversarial attacks. This work
investigates the robustness of Saak transform against adversarial attacks
towards high performance image classification. We develop a complete image
classification system based on multi-stage Saak transform. In the Saak
transform domain, clean and adversarial images demonstrate different
distributions at different spectral dimensions. Selection of the spectral
dimensions at every stage can be viewed as an automatic denoising process.
Motivated by this observation, we carefully design strategies of feature
extraction, representation and classification that increase adversarial
robustness. The performances with well-known datasets and attacks are
demonstrated by extensive experimental evaluations
- …