Preventing reverse engineering of black-box classifiers

Machine learning (ML) models trained for various purposes are generally kept confidential, e.g., due to their commercial value, proprietary nature of training data, etc. Therefore, commercial cloud-based machine-learning service providers protect their ML models even as they provide one or more services to customers that employ ML models. For example, a service enables a customer to upload an observation, e.g., an image, and receive a label for the observation, generated by a ML model that’s trained to determine labels for images. Recent research has shown that given a sufficient number of observations and returned labels, it is possible to reverse engineer the ML model that generated the labels. This disclosure presents techniques that thwart reverse-engineering efforts, e.g., by adversarial actors, by returning, for a small fraction of input queries, not a true but a near-true class label

Forensic Analysis of G Suite Collaborative Protocols

Widespread adoption of cloud services is fundamentally changing the way IT services are delivered and how data is stored. Current forensic tools and techniques have been slow to adapt to new challenges and demands of collecting and analyzing cloud artifacts. Traditional methods focusing only on client data collection are incomplete, as the client may have only a (partial) snapshot and misses cloud-native artifacts that may contain valuable historical information. In this work, we demonstrate the importance of recovering and analyzing cloud-native artifacts using G Suite as a case study. We develop a tool that extracts and processes the history of Google Documents and Google Slides by reverse engineering the web applications private protocol. Combined with previous work that has focused on API-based acquisition of cloud drives, this presents a more complete solution to cloud forensics, and is generalizable to any cloud service that maintains a detailed log of revisions

Ontology development for the semantic web: an html form-based reverse engineering approach

The rapid growth of the Internet makes information available anywhere and anytime. Most businesses run Web-based front-end databases upon which online services are offered to end-users. The next generation of the Web, the semantic Web, seeks to offer data in a usable form for automatic reasoning. To this purpose, it is necessary to make existing database content ready-to-use for semantic Web applications, which use ontologies to formally define the semantics of their data. As a result, a large number of initiatives focus on building ontologies through automatic or semi-automatic processes. In this paper we present a semi-automatic reverse engineering approach that uses a relational database\u27s HTML forms and a set of transformation rules to produce to an OWL ontology

A process oriented approach for Modelling On line Learning Environments

In this paper we describe the modelling approach used in an on going project bringing together partners from the academic world and from a company. The two main features of this approach are the following. Firstly, it starts from the production model recommended by ISO for modelling any production activity in industry and then it refines and specialises this general cycle to on-line learning production. Secondly, it takes a reverse engineering perspective as it starts from an existing set of software services, which are currently tailored to customers'needs by the company engineers. The general model includes three complementary views: a process oriented-view, a life cycle oriented view and a data flow oriented view. We compare this model with some models previously proposed or currently in use. Then we give an overview of SERPOLET; the kernel set of services which is included in all the on line learning delivery environments currently provided by the company. We show how the existing components can be split throughout the models. Finally, we show our perspectives for anticipating forthcoming needs

Reverse Engineering: WiMAX and IEEE 802.16e

Wireless communications is part of everyday life. As it is incorporated into new products and services, it brings additional security risks and requirements. A thorough understanding of wireless protocols is necessary for network administrators and manufacturers. Though most wireless protocols have strict standards, many parts of the hardware implementation may deviate from the standard and be proprietary. In these situations reverse engineering must be conducted to fully understand the strengths and vulnerabilities of the communication medium. New 4G broadband wireless access protocols, including IEEE 802.16e and WiMAX, offer higher data rates and wider coverage than earlier 3G technologies. Many security vulnerabilities, including various Denial of Service (DoS) attacks, have been discovered in 3G protocols and the original IEEE 802.16 standard. Many of these vulnerabilities and new security flaws exist in the revised standard IEEE 802.16e. Most of the vulnerabilities already discovered allow for DoS attacks to be carried out on WiMAX networks. This study examines and analyzes a new DoS attack on IEEE 802.16e standard. We investigate how system parameters for the WiMAX Bandwidth Contention Resolution (BCR) process affect network vulnerability to DoS attacks. As this investigation developed and transitioned into analyzing hardware implementations, reverse engineering was needed to locate and modify the BCR system parameters. Controlling the BCR system parameters in hardware is not a normal task. The protocol allows only the BS to set the system parameters. The BS gives one setting of the BCR system parameters to all WiMAX clients on the network and everyone is suppose to follow these settings. Our study looks at what happens if a set of users, attackers, do not follow the BS\u27s settings and set their BCR system parameters independently. We hypothesize and analyze different techniques to do this in hardware with the goal being to replicate previous software simulations that looked at this behavior. This document details our approaches to reverse engineer IEEE 802.16e and WiMAX. Additionally, we look at network security analysis and how to design experiments to reduce time and cost. Factorial experiment design and ANOVA analysis is the solution. In using these approaches, one can test multiple factors in parallel, producing robust, repeatable and statistically significant results. By treating all other parameters as noise when testing first order effects, second and third order effects can be analyzed with less significance. The details of this type of experimental design is given along with NS-2 simulations and hardware experiments that analyze the BCR system parameters. This purpose of this paper is to serve as guide for reverse engineering network protocols and conducting network experiments. As wireless communication and network security become ubiquitous, the methods and techniques detailed in this study become increasingly important. This document can serve as a guide to reduce time and effort when reverse engineering other communication protocols and conducting network experiments

Transitioning Applications to Semantic Web Services: An Automated Formal Approach

Semantic Web Services have been recognized as a promising technology that exhibits huge commercial potential, and attract significant attention from both industry and the research community. Despite expectations being high, the industrial take-up of Semantic Web Service technologies has been slower than expected. One of the main reasons is that many systems have been developed without considering the potential of the web in integrating services and sharing resources. Without a systematic methodology and proper tool support, the migration from legacy systems to Semantic Web Service-based systems can be a very tedious and expensive process, which carries a definite risk of failure. There is an urgent need to provide strategies which allow the migration of legacy systems to Semantic Web Services platforms, and also tools to support such a strategy. In this paper we propose a methodology for transitioning these applications to Semantic Web Services by taking the advantage of rigorous mathematical methods. Our methodology allows users to migrate their applications to Semantic Web Services platform automatically or semi-automatically

Reverse engineering in construction

Recently a great deal of research into construction IT has been completed, and this is ongoing to improve efficiency and quality in the construction sector. The new innovation of 3D laser scanning is aimed at being used to improve the efficiency and quality of construction projects, such as maintenance of buildings or group of buildings that are going to be renovated for new services. The 3D laser scanner will be integrated with other VR tools such as GIS solutions and workbench for visualisation, analysis and interaction with a building VR model. An integration strategy is proposed for an Ordnance Survey map of the area and 3D model created by means of the laser scanner. The integrated model will then be transferred to the VR workbench in order to visualise, interact and analyse the interested buildings on purpose