30 research outputs found
A Survey of Adversarial Machine Learning in Cyber Warfare
The changing nature of warfare has seen a paradigm shift from the conventional to asymmetric, contactless warfare such as information and cyber warfare. Excessive dependence on information and communication technologies, cloud infrastructures, big data analytics, data-mining and automation in decision making poses grave threats to business and economy in adversarial environments. Adversarial machine learning is a fast growing area of research which studies the design of Machine Learning algorithms that are robust in adversarial environments. This paper presents a comprehensive survey of this emerging area and the various techniques of adversary modelling. We explore the threat models for Machine Learning systems and describe the various techniques to attack and defend them. We present privacy issues in these models and describe a cyber-warfare test-bed to test the effectiveness of the various attack-defence strategies and conclude with some open problems in this area of research.
CBSeq: A Channel-level Behavior Sequence For Encrypted Malware Traffic Detection
Machine learning and neural networks have become increasingly popular
solutions for encrypted malware traffic detection. They mine and learn complex
traffic patterns, enabling detection by fitting boundaries between malware
traffic and benign traffic. Compared with signature-based methods, they have
higher scalability and flexibility. However, affected by the frequent variants
and updates of malware, current methods suffer from a high false positive rate
and do not work well for unknown malware traffic detection. It remains a
critical task to achieve effective malware traffic detection. In this paper, we
introduce CBSeq to address the above problems. CBSeq is a method that
constructs a stable traffic representation, behavior sequence, to characterize
attacking intent and achieve malware traffic detection. We novelly propose the
channels with similar behavior as the detection object and extract side-channel
content to construct behavior sequence. Unlike benign activities, the behavior
sequences of malware and its variant's traffic exhibit solid internal
correlations. Moreover, we design the MSFormer, a powerful Transformer-based
multi-sequence fusion classifier. It captures the internal similarity of
behavior sequence, thereby distinguishing malware traffic from benign traffic.
Our evaluations demonstrate that CBSeq performs effectively in various known
malware traffic detection and exhibits superior performance in unknown malware
traffic detection, outperforming state-of-the-art methods.Comment: Submitted to IEEE TIF
Adversarial Zoom Lens: A Novel Physical-World Attack to DNNs
Although deep neural networks (DNNs) are known to be fragile, no one has
studied the effects of zooming-in and zooming-out of images in the physical
world on DNNs performance. In this paper, we demonstrate a novel physical
adversarial attack technique called Adversarial Zoom Lens (AdvZL), which uses a
zoom lens to zoom in and out of pictures of the physical world, fooling DNNs
without changing the characteristics of the target object. The proposed method
is so far the only adversarial attack technique that does not add physical
adversarial perturbation attack DNNs. In a digital environment, we construct a
data set based on AdvZL to verify the antagonism of equal-scale enlarged images
to DNNs. In the physical environment, we manipulate the zoom lens to zoom in
and out of the target object, and generate adversarial samples. The
experimental results demonstrate the effectiveness of AdvZL in both digital and
physical environments. We further analyze the antagonism of the proposed data
set to the improved DNNs. On the other hand, we provide a guideline for defense
against AdvZL by means of adversarial training. Finally, we look into the
threat possibilities of the proposed approach to future autonomous driving and
variant attack ideas similar to the proposed attack
Undermining User Privacy on Mobile Devices Using AI
Over the past years, literature has shown that attacks exploiting the
microarchitecture of modern processors pose a serious threat to the privacy of
mobile phone users. This is because applications leave distinct footprints in
the processor, which can be used by malware to infer user activities. In this
work, we show that these inference attacks are considerably more practical when
combined with advanced AI techniques. In particular, we focus on profiling the
activity in the last-level cache (LLC) of ARM processors. We employ a simple
Prime+Probe based monitoring technique to obtain cache traces, which we
classify with Deep Learning methods including Convolutional Neural Networks. We
demonstrate our approach on an off-the-shelf Android phone by launching a
successful attack from an unprivileged, zeropermission App in well under a
minute. The App thereby detects running applications with an accuracy of 98%
and reveals opened websites and streaming videos by monitoring the LLC for at
most 6 seconds. This is possible, since Deep Learning compensates measurement
disturbances stemming from the inherently noisy LLC monitoring and unfavorable
cache characteristics such as random line replacement policies. In summary, our
results show that thanks to advanced AI techniques, inference attacks are
becoming alarmingly easy to implement and execute in practice. This once more
calls for countermeasures that confine microarchitectural leakage and protect
mobile phone applications, especially those valuing the privacy of their users