3 research outputs found
QEVSEC: Quick Electric Vehicle SEcure Charging via Dynamic Wireless Power Transfer
Dynamic Wireless Power Transfer (DWPT) can be used for on-demand recharging
of Electric Vehicles (EV) while driving. However, DWPT raises numerous security
and privacy concerns. Recently, researchers demonstrated that DWPT systems are
vulnerable to adversarial attacks. In an EV charging scenario, an attacker can
prevent the authorized customer from charging, obtain a free charge by billing
a victim user and track a target vehicle. State-of-the-art authentication
schemes relying on centralized solutions are either vulnerable to various
attacks or have high computational complexity, making them unsuitable for a
dynamic scenario. In this paper, we propose Quick Electric Vehicle SEcure
Charging (QEVSEC), a novel, secure, and efficient authentication protocol for
the dynamic charging of EVs. Our idea for QEVSEC originates from multiple
vulnerabilities we found in the state-of-the-art protocol that allows tracking
of user activity and is susceptible to replay attacks. Based on these
observations, the proposed protocol solves these issues and achieves lower
computational complexity by using only primitive cryptographic operations in a
very short message exchange. QEVSEC provides scalability and a reduced cost in
each iteration, thus lowering the impact on the power needed from the grid.Comment: 6 pages, conferenc
MDTD: A Multi Domain Trojan Detector for Deep Neural Networks
Machine learning models that use deep neural networks (DNNs) are vulnerable
to backdoor attacks. An adversary carrying out a backdoor attack embeds a
predefined perturbation called a trigger into a small subset of input samples
and trains the DNN such that the presence of the trigger in the input results
in an adversary-desired output class. Such adversarial retraining however needs
to ensure that outputs for inputs without the trigger remain unaffected and
provide high classification accuracy on clean samples. In this paper, we
propose MDTD, a Multi-Domain Trojan Detector for DNNs, which detects inputs
containing a Trojan trigger at testing time. MDTD does not require knowledge of
trigger-embedding strategy of the attacker and can be applied to a pre-trained
DNN model with image, audio, or graph-based inputs. MDTD leverages an insight
that input samples containing a Trojan trigger are located relatively farther
away from a decision boundary than clean samples. MDTD estimates the distance
to a decision boundary using adversarial learning methods and uses this
distance to infer whether a test-time input sample is Trojaned or not. We
evaluate MDTD against state-of-the-art Trojan detection methods across five
widely used image-based datasets: CIFAR100, CIFAR10, GTSRB, SVHN, and
Flowers102; four graph-based datasets: AIDS, WinMal, Toxicant, and COLLAB; and
the SpeechCommand audio dataset. MDTD effectively identifies samples that
contain different types of Trojan triggers. We evaluate MDTD against adaptive
attacks where an adversary trains a robust DNN to increase (decrease) distance
of benign (Trojan) inputs from a decision boundary.Comment: Accepted to ACM Conference on Computer and Communications Security
(ACM CCS) 202
A Multi-Domain Trojan Detector for Deep Neural Networks
Thesis (Master's)--University of Washington, 2023Backdoor attacks have been demonstrated to compromise the functioning of machine learning models that utilize deep neural networks (DNNs). An adversary carrying out a backdoor attack embeds a predefined perturbation called a Trojan trigger into a small subset of input samples. The DNN can then be trained in a manner such that the presence of the trigger in the input results in an output label that is different from the correct label. At the same time, outputs of the DNN corresponding to inputs without the trigger remain unaffected. Backdoor attacks, where an attacker can negatively affect the DNN's behavior, might have severe repercussions in safety-critical applications. Existing defenses in the literature against backdoor attacks involve pruning or retraining DNN models, which can be computationally expensive. In addition, researchers have demonstrated the success of these solutions on input domains based on images. The performance of such defenses on other inputs needs to be understood better. In this thesis, we propose and develop MDTD, a multi-domain Trojan detector. MDTD for DNNs has several distinguishing characteristics, including (i) not requiring retraining DNN models (ii) not requiring knowledge of the trigger or the embedding strategy of the attacker, (iii) is computationally inexpensive (iv) capable of being applied to image and graph-based inputs. To the best of our knowledge, MDTD is the first Trojan detection mechanism proposed for graph-based inputs. MDTD uses the insight that input samples containing a Trojan trigger are located relatively further away from a decision boundary than clean input samples. Initially, MDTD estimates the distance to a decision boundary using adversarial learning methods. These methods estimate the smallest magnitude of noise required for the model to misclassify a sample. MDTD uses this information to infer whether a given sample is Trojaned or not. More precisely MDTD learns a threshold for the distance to the decision boundary using a small set of clean labeled samples and uses this threshold to flag a sample as possibly Trojaned. We evaluate MDTD against state-of-the-art (SOTA) Trojan detection methods across five image-based datasets - CIFAR100, CIFAR10, GTSRB, SVHN and Flowers102- and four graph-based datasets - AIDS, WinMal, Toxicant and COLLAB. Our results show that MDTD effectively identifies samples that contain different types of Trojan triggers. We also show that an adversary who trains robust DNN models using a combination of clean and Trojaned samples does not cause a significant deterioration in MDTD performance without significantly reducing the classification accuracy of the DNN model