111 research outputs found
The Impact of Exposed Passwords on Honeyword Efficacy
Honeywords are decoy passwords that can be added to a credential database; if
a login attempt uses a honeyword, this indicates that the site's credential
database has been leaked. In this paper we explore the basic requirements for
honeywords to be effective, in a threat model where the attacker knows
passwords for the same users at other sites. First, we show that for
user-chosen (vs. algorithmically generated, i.e., by a password manager)
passwords, existing honeyword-generation algorithms largely fail to achieve
reasonable tradeoffs between false positives and false negatives in this threat
model. Second, we show that for users leveraging algorithmically generated
passwords, state-of-the-art methods for honeyword generation will produce
honeywords that are not sufficiently deceptive, yielding many false negatives.
Instead, we find that only a honeyword-generation algorithm that uses the same
password generator as the user can provide deceptive honeywords in this case.
However, when the defender's ability to infer the generator from the (one)
account password is less accurate than the attacker's ability to infer the
generator from potentially many, this deception can again wane. Taken together,
our results provide a cautionary note for the state of honeyword research and
pose new challenges to the field
What you want is not what you get: Predicting sharing policies for text-based content on Facebook
National Research Foundation (NRF) Singapore under International Research Centres in Singapore Funding Initiativ
Group-based Robustness: A General Framework for Customized Robustness in the Real World
Machine-learning models are known to be vulnerable to evasion attacks that
perturb model inputs to induce misclassifications. In this work, we identify
real-world scenarios where the true threat cannot be assessed accurately by
existing attacks. Specifically, we find that conventional metrics measuring
targeted and untargeted robustness do not appropriately reflect a model's
ability to withstand attacks from one set of source classes to another set of
target classes. To address the shortcomings of existing methods, we formally
define a new metric, termed group-based robustness, that complements existing
metrics and is better-suited for evaluating model performance in certain attack
scenarios. We show empirically that group-based robustness allows us to
distinguish between models' vulnerability against specific threat models in
situations where traditional robustness metrics do not apply. Moreover, to
measure group-based robustness efficiently and accurately, we 1) propose two
loss functions and 2) identify three new attack strategies. We show empirically
that with comparable success rates, finding evasive samples using our new loss
functions saves computation by a factor as large as the number of targeted
classes, and finding evasive samples using our new attack strategies saves time
by up to 99\% compared to brute-force search methods. Finally, we propose a
defense method that increases group-based robustness by up to 3.52
RS-Del: Edit Distance Robustness Certificates for Sequence Classifiers via Randomized Deletion
Randomized smoothing is a leading approach for constructing classifiers that
are certifiably robust against adversarial examples. Existing work on
randomized smoothing has focused on classifiers with continuous inputs, such as
images, where -norm bounded adversaries are commonly studied. However,
there has been limited work for classifiers with discrete or variable-size
inputs, such as for source code, which require different threat models and
smoothing mechanisms. In this work, we adapt randomized smoothing for discrete
sequence classifiers to provide certified robustness against edit
distance-bounded adversaries. Our proposed smoothing mechanism randomized
deletion (RS-Del) applies random deletion edits, which are (perhaps
surprisingly) sufficient to confer robustness against adversarial deletion,
insertion and substitution edits. Our proof of certification deviates from the
established Neyman-Pearson approach, which is intractable in our setting, and
is instead organized around longest common subsequences. We present a case
study on malware detection--a binary classification problem on byte sequences
where classifier evasion is a well-established threat model. When applied to
the popular MalConv malware detection model, our smoothing mechanism RS-Del
achieves a certified accuracy of 91% at an edit distance radius of 128 bytes.Comment: To be published in NeurIPS 2023. 36 pages, 7 figures, 12 tables.
Includes 20 pages of appendice
- …