3 research outputs found
The Efficacy of Transformer-based Adversarial Attacks in Security Domains
Today, the security of many domains rely on the use of Machine Learning to
detect threats, identify vulnerabilities, and safeguard systems from attacks.
Recently, transformer architectures have improved the state-of-the-art
performance on a wide range of tasks such as malware detection and network
intrusion detection. But, before abandoning current approaches to transformers,
it is crucial to understand their properties and implications on cybersecurity
applications. In this paper, we evaluate the robustness of transformers to
adversarial samples for system defenders (i.e., resiliency to adversarial
perturbations generated on different types of architectures) and their
adversarial strength for system attackers (i.e., transferability of adversarial
samples generated by transformers to other target models). To that effect, we
first fine-tune a set of pre-trained transformer, Convolutional Neural Network
(CNN), and hybrid (an ensemble of transformer and CNN) models to solve
different downstream image-based tasks. Then, we use an attack algorithm to
craft 19,367 adversarial examples on each model for each task. The
transferability of these adversarial examples is measured by evaluating each
set on other models to determine which models offer more adversarial strength,
and consequently, more robustness against these attacks. We find that the
adversarial examples crafted on transformers offer the highest transferability
rate (i.e., 25.7% higher than the average) onto other models. Similarly,
adversarial examples crafted on other models have the lowest rate of
transferability (i.e., 56.7% lower than the average) onto transformers. Our
work emphasizes the importance of studying transformer architectures for
attacking and defending models in security domains, and suggests using them as
the primary architecture in transfer attack settings.Comment: Accepted to IEEE Military Communications Conference (MILCOM), AI for
Cyber Workshop, 202
EIPSIM: Modeling Secure IP Address Allocation at Cloud Scale
Public clouds provide impressive capability through resource sharing.
However, recent works have shown that the reuse of IP addresses can allow
adversaries to exploit the latent configurations left by previous tenants. In
this work, we perform a comprehensive analysis of the effect of cloud IP
address allocation on exploitation of latent configuration. We first develop a
statistical model of cloud tenant behavior and latent configuration based on
literature and deployed systems. Through these, we analyze IP allocation
policies under existing and novel threat models. Our resulting framework,
EIPSim, simulates our models in representative public cloud scenarios,
evaluating adversarial objectives against pool policies. In response to our
stronger proposed threat model, we also propose IP scan segmentation, an IP
allocation policy that protects the IP pool against adversarial scanning even
when an adversary is not limited by number of cloud tenants. Our evaluation
shows that IP scan segmentation reduces latent configuration exploitability by
97.1% compared to policies proposed in literature and 99.8% compared to those
currently deployed by cloud providers. Finally, we evaluate our statistical
assumptions by analyzing real allocation and configuration data, showing that
results generalize to deployed cloud workloads. In this way, we show that
principled analysis of cloud IP address allocation can lead to substantial
security gains for tenants and their users