Figure - available from: Empirical Software Engineering
This content is subject to copyright. Terms and conditions apply.
Source publication
ContextMachine learning-based security detection models have become prevalent in modern malware and intrusion detection systems. However, previous studies show that such models are susceptible to adversarial evasion attacks. In this type of attack, inputs (i.e., adversarial examples) are specially crafted by intelligent malicious adversaries, with...
Similar publications
Recent development in the field of explainable artificial intelligence (XAI) has helped improve trust in Machine-Learning-as-a-Service (MLaaS) systems, in which an explanation is provided together with the model prediction in response to each query. However, XAI also opens a door for adversaries to gain insights into the black-box models in MLaaS,...
This paper delves into the dynamic landscape of computer security, where malware poses a paramount threat. Our focus is a riveting exploration of the recent and promising hardware-based malware detection approach. Leveraging modern processors’ hardware performance counters and machine learning prowess, this approach brings forth compelling advantag...
Paper Anti-malware software producers are persistently tested to recognize and counter new malware as it is discharged into nature. An emotional increment in malware generation as of late has rendered the ordinary technique for physically deciding a mark for each new malware test unsound. This paper introduces a versatile, mechanized methodology fo...
Recently, malware detection models based on deep learning have gradually replaced manual analysis as the first line of defense for anti-malware systems. However, it has been shown that these models are vulnerable to a specific class of inputs called adversarial examples. It is possible to evade the detection model by adding some carefully crafted t...
Citations
... Notably, various categories of ransomware exist, each with unique characteristics. These categories encompass crypto worms in ref. [27], Human-operated Ransomware in ref. [28], Ransomware-as-a-Service (RaaS) in ref. [29], and Automated Active Adversary ransomware in ref. [30]. Table 2 encapsulates the essential features, propagation methods, exploitation strategies, and ransomware families associated with these diverse ransomware types. ...
Ransomware is a type of malicious software that encrypts a victim’s files and demands payment in exchange for the decryption key. It is a rapidly growing and evolving threat that has caused significant damage and disruption to individuals and organizations around the world. In this paper, we propose a comprehensive ransomware classification approach based on the comparison of similarity matrices derived from static, dynamic analysis, and visualization. Our approach involves the use of multiple analysis techniques to extract features from ransomware samples and to generate similarity matrices based on these features. These matrices are then compared using a variety of comparison algorithms to identify similarities and differences between the samples. The resulting similarity scores are then used to classify the samples into different categories, such as families, variants, and versions. We evaluate our approach using a dataset of ransomware samples and demonstrate that it can accurately classify the samples with a high degree of accuracy. One advantage of our approach is the use of visualization, which allows us to classify and cluster large datasets of ransomware in a more intuitive and effective way. In addition, static analysis has the advantage of being fast and accurate, while dynamic analysis allows us to classify and cluster packed ransomware samples. We also compare our approach to other classification approaches based on single analysis techniques and show that our approach outperforms these approaches in terms of classification accuracy. Overall, our study demonstrates the potential of using a comprehensive approach based on the comparison of multiple analysis techniques, including static analysis, dynamic analysis, and visualization, for the accurate and efficient classification of ransomware. It also highlights the importance of considering multiple analysis techniques in the development of effective ransomware classification methods, especially when dealing with large datasets and packed samples.
... To solve DSSE, we take advantage of Stacked ResNetD, an ensemble of deep residual neural networks that was proposed in [6] and shown to achieve better performance in DSSE than several other deep learning models. As discussed in [18], [19], victim models based on ensemble learning generally have better adversarial robustness than other models. Thus, exposing the vulnerability of Stacked ResNetD to adversarial attacks suggests that other data-driven DSSE models proposed in the previous work might have the same vulnerability. ...
p>This paper presents a novel targeted adversarial attack based on the fast gradient sign method on data-driven distribution system state estimation. In this attack, malicious sensor data are crafted such that the state estimator’s output moves away from the latent state of the system in a direction specified by the attacker. Through extensive simulation on a test distribution system, we expose the vulnerability of a state-of-the-art data-driven state estimation technique to the proposed adversarial attack. We also show that the bad data detection method that is commonly used to safeguard state estimation is ineffective against this attack, and this can have deleterious effects on a voltage regulation scheme that incorporates state estimates. To address this vulnerability, we analyze the dispersion of perfeature attribution scores and argue that this dispersion can be used be to detect adversarially crafted data. We corroborate the efficacy of this detection method by comparing it with the conventional bad data detection method and two other baselines.</p
... To solve DSSE, we take advantage of Stacked ResNetD, an ensemble of deep residual neural networks that was proposed in [6] and shown to achieve better performance in DSSE than several other deep learning models. As discussed in [18], [19], victim models based on ensemble learning generally have better adversarial robustness than other models. Thus, exposing the vulnerability of Stacked ResNetD to adversarial attacks suggests that other data-driven DSSE models proposed in the previous work might have the same vulnerability. ...
p>This paper presents a novel targeted adversarial attack based on the fast gradient sign method on data-driven distribution system state estimation. In this attack, malicious sensor data are crafted such that the state estimator’s output moves away from the latent state of the system in a direction specified by the attacker. Through extensive simulation on a test distribution system, we expose the vulnerability of a state-of-the-art data-driven state estimation technique to the proposed adversarial attack. We also show that the bad data detection method that is commonly used to safeguard state estimation is ineffective against this attack, and this can have deleterious effects on a voltage regulation scheme that incorporates state estimates. To address this vulnerability, we analyze the dispersion of perfeature attribution scores and argue that this dispersion can be used be to detect adversarially crafted data. We corroborate the efficacy of this detection method by comparing it with the conventional bad data detection method and two other baselines.</p
... In addition, the deep image restoration model produced excellent experimental results compared with other techniques. There is another defense method against adversarial attacks named Omni, based on hyperparameter optimization, such as in [39]. The authors used an ML-based IDS and evaluated the model using five benchmark datasets. ...
An intrusion detection system (IDS) is an effective tool for securing networks and a dependable technique for improving a user’s internet security. It informs the administration whenever strange conduct occurs. An IDS fundamentally depends on the classification of network packets as benign or attack. Moreover, IDSs can achieve better results when built with machine learning (ML)/deep learning (DL) techniques, such as convolutional neural networks (CNNs). However, there is a limitation when building a reliable IDS using ML/DL techniques, which is their vulnerability to adversarial attacks. Such attacks are crafted by attackers to compromise the ML/DL models, which affects their accuracy. Thus, this paper describes the construction of a sustainable IDS based on the CNN technique, and it presents a method for defense against adversarial attacks that enhances the IDS’s accuracy and ensures it is more reliable in performing classification. To achieve this goal, first, two IDS models with a convolutional neural network (CNN) were built to enhance the IDS accuracy. Second, seven adversarial attack scenarios were designed against the aforementioned CNN-based IDS models to test their reliability and efficiency. The experimental results show that the CNN-based IDS models achieved significant increases in the intrusion detection system accuracy of 97.51% and 95.43% compared with the scores before the adversarial scenarios were applied. Furthermore, it was revealed that the adversarial attacks caused the models’ accuracy to significantly decrease from one attack scenario to another. The Auto-PGD and BIM attacks had the strongest effect against the CNN-based IDS models, with accuracy drops of 2.92% and 3.46%, respectively. Third, this research applied the adversarial perturbation elimination with generative adversarial nets (APE_GAN++) defense method to enhance the accuracy of the CNN-based IDS models after they were affected by adversarial attacks, which was shown to increase after the adversarial attacks in an intelligible way, with accuracy scores ranging between 78.12% and 89.40%.
... While it is possible to train a variety of ML models and incorporate them in DSSE, instead of introducing yet another architecture and identifying its vulnerabilities, we use a state-of-the-art ensemble learning model, namely Stacked ResNetD, which has been proposed in [11] and shown to outperform several other deep neural networks, as our victim model. Previous work has shown that ensemble learning models have enhanced adversarial robustness [49,55]. This together with the strong performance of Stacked ResNetD motivates our choice of the victim model. ...
... Existing studies mostly focus on data factors affecting the robustness of DNNs. Tripuraneni et al. [6] study the high-dimensional asymptotics of random regression under covariate shift; Zhang et al. [7] investigate the negative effects of weakly-labeled samples for clustering and proposed a new hybrid representation strategy for familial clustering; Tu et al. [8] found that automatic keyword labeling suffers weakly-labeled issue in bug-fixing commits and recommended to label commits through human+artificial expertise; Shu et al. [9] argue that well-crafted adversarial samples heavily decrease the identification performance of DNN models and proposed a new Omni solution with the multi-model ensemble. Some recent studies also explore other factors affecting robustness. ...
Deep neural networks (DNNs), are widely used in many industries such as image recognition, supply chain, medical diagnosis, and autonomous driving. However, prior work has shown the high accuracy of a DNN model does not imply high robustness (i.e., consistent performances on new and future datasets) because the input data and external environment (e.g., software and model configurations) for a deployed model are constantly changing. Hence, ensuring the robustness of deep learning is not an option but a priority to enhance business and consumer confidence. Previous studies mostly focus on the data aspect of model variance. In this article, we systematically summarize DNN robustness issues and formulate them in a holistic view through two important aspects, i.e., data and software configuration variances in DNNs. We also provide a predictive framework to generate representative variances (counterexamples) by considering both data and configurations for robust learning through the lens of search-based optimization.
... Rui Shu et al. [25] propose a technique called Omni, an ensemble of unexpected models to tackle adversarial environments. Their ideology behind employing unexpected models is to keep the distance between their core prediction mechanism and the adversary's target model's mechanism as large as possible. ...
... The CW is one of the attacks, and the CSE-CIC-IDS2018 dataset is one among the datasets they have evaluated their approach with. Therefore, we briefly compare our results with the results presented in [25] to analyze our approach further. From the results presented by Rui et al., the baseline accuracy, i.e., under normal settings is 94.48%, and the final accuracy after implementing their defense on the model is 75.23%. ...
Machine Learning (ML) techniques have been applied over the past two decades to improve the abilities of Intrusion Detection Systems (IDSs). Over time, several enhancements have been implemented to help the ML-based IDS models tackle the ever-evolving attack behaviors. However, recent works reveal that ML models are vulnerable to adversarial perturbations. With the increasing volumes of data passing through systems, defeating adversarial attacks has become a significant challenge. Recent research suggests that Generative Adversarial Networks (GANs) possess a good potential in creating adversarial samples and tackling them, playing well on both offense and defense teams. With a motive to improve the resistance of ML-based IDS models against a powerful white-box evasion attack technique, the Carlini-Wagner, we propose a GAN-based defensive approach and evaluate it with the CSE-CIC-IDS2018 dataset. The paper presents preliminary evaluation results and discusses the direction in which we want to continue the work.
... [41] Without learning how organizers constructed the adversarial cases, I used the defense mechanism to achieve the AICS'2019 Challenge. [42] Using techniques like hyperparameter optimization, it is recommended to generate an ensemble featuring profound models different from the attacker's expected framework (i.e., targeting model). [43] proved that the unique adversarial training greatly improves the robustness of deep learning models against a large variety of attacks. ...
Machine learning is widely accepted as an accurate statistical approach for malware detection to cope with the rising uncertainty risk and complexity of modern intrusions. Not only has machine learning security been asked, but it has also been challenged in the past. However, it has been identified that machine learning contains intrinsic weaknesses that may be exploited to avoid detection during testing. So, look at it another way, machine learning can become an intelligence system bottleneck. We use the related attack methodology to classify different types of attacks using learning-based malware detection techniques in this research by evaluating attackers with unique abilities and talents. After this, to carefully identify the security of Drebin, Android malware detection has been performed. We implemented and did a set of comparable malware detection using the linear SVM and other relevant techniques, including Sec-SVM, Reduced SVM, Reduced Sec-SVM, Na ̈ıve Bayes, Random Forest Classifier, and some deep neural networks. The main agenda of this paper is the presentation of a scalable and straightforward securelearning methodology that reduces the effect of adversarial attacks. In the presence of an attack, the detection accuracy is only a bit worsened. Finally, we evaluate that our robust technique may be accurately adapted to additional intrusion prevention tasks.
... Therefore, we explored whether state-of-the-art defences can enhance the robustness of MLPU models. For this, we applied two popular defences used in Adversarial Machine learning literature to defend against evasion attacks: (i) Adversarial Training [106] and (ii) Ensemble Learning [107], [108]. ...
... Ensemble learning is another popular method adapted by researchers to improve the robustness of models. In this approach, multiple classifiers are combined to improve classifier robustness [107]. Based on our results in section 3.2.2, ...
ML-based Phishing URL (MLPU) detectors serve as the first level of defence to protect users and organisations from being victims of phishing attacks. Lately, few studies have launched successful adversarial attacks against specific MLPU detectors raising questions on their practical reliability and usage. Nevertheless, the robustness of these systems has not been extensively investigated. Therefore, the security vulnerabilities of these systems, in general, remain primarily unknown that calls for testing the robustness of these systems. In this article, we have proposed a methodology to investigate the reliability and robustness of 50 representative state-of-the-art MLPU models. First, we have proposed a cost-effective Adversarial URL generator URLBUG that created an Adversarial URL dataset (
) . Subsequently, we reproduced 50 MLPU (traditional ML and Deep learning) systems and recorded their baseline performance. Lastly, we tested the considered MLPU systems on
and analyzed their robustness and reliability using box plots and heat maps. Our results showed that the generated adversarial URLs have valid syntax and can be registered at a median annual price of
{\}Adv_\text{data}$
, indicating that the baseline MLPU models are unreliable in their current form. Further, our findings identified several security vulnerabilities of these systems and provided future directions for researchers to design dependable and secure MLPU systems.
... • Ensemble Adversarial Training where the training dataset is augmented by adversarial examples from different models [154]. • OMNI, an ensemble of unexpected models that have a way different hyperparameter values [155]. Trojan ...
As we make tremendous advances in machine learning and artificial intelligence technosciences, there is a renewed understanding in the AI community that we must ensure that humans being are at the center of our deliberations so that we don't end in technology-induced dystopias. As strongly argued by Green in his book Smart Enough City, the incorporation of technology in city environs does not automatically translate into prosperity, wellbeing, urban livability, or social justice. There is a great need to deliberate on the future of the cities worth living and designing. There are philosophical and ethical questions involved along with various challenges that relate to the security, safety, and interpretability of AI algorithms that will form the technological bedrock of future cities. Several research institutes on human centered AI have been established at top international universities. Globally there are calls for technology to be made more humane and human-compatible. For example, Stuart Russell has a book called Human Compatible AI. The Center for Humane Technology advocates for regulators and technology companies to avoid business models and product features that contribute to social problems such as extremism, polarization, misinformation, and Internet addiction. In this paper, we analyze and explore key challenges including security, robustness, interpretability, and ethical challenges to a successful deployment of AI or ML in human-centric applications, with a particular emphasis on the convergence of these challenges. We provide a detailed review of existing literature on these key challenges and analyze how one of these challenges may lead to others or help in solving other challenges. The paper also advises on the current limitations, pitfalls, and future directions of research in these domains, and how it can fill the current gaps and lead to better solutions.
