Adversarial examples: A survey of attacks and defenses in deep learning-enabled cybersecurity systems

Macas, Mayra; Wu, Chunming; Fuertes, Walter

doi:10.1016/j.eswa.2023.122223

Cited by 21 publications

(4 citation statements)

References 102 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The authors of [35] analysed the recent state-of-the-art of research on poisoning attacks against machine learning models. The authors of [36] described a taxonomy of cybersecurity applications and reviewed methods of generating adversarial examples and suitable defences in multiple cybersecurity applications. Focusing on the Windows PE malware detection problems, the authors of [5,8] reviewed the state-of-the-art literature on adversarial attacks against Windows PE malware detection.…”

Section: Adversarial Attacks and Defencesmentioning

confidence: 99%

Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection

Imran,

Appice,

Malerba

2024

Future Internet

View full text Add to dashboard Cite

During the last decade, the cybersecurity literature has conferred a high-level role to machine learning as a powerful security paradigm to recognise malicious software in modern anti-malware systems. However, a non-negligible limitation of machine learning methods used to train decision models is that adversarial attacks can easily fool them. Adversarial attacks are attack samples produced by carefully manipulating the samples at the test time to violate the model integrity by causing detection mistakes. In this paper, we analyse the performance of five realistic target-based adversarial attacks, namely Extend, Full DOS, Shift, FGSM padding + slack and GAMMA, against two machine learning models, namely MalConv and LGBM, learned to recognise Windows Portable Executable (PE) malware files. Specifically, MalConv is a Convolutional Neural Network (CNN) model learned from the raw bytes of Windows PE files. LGBM is a Gradient-Boosted Decision Tree model that is learned from features extracted through the static analysis of Windows PE files. Notably, the attack methods and machine learning models considered in this study are state-of-the-art methods broadly used in the machine learning literature for Windows PE malware detection tasks. In addition, we explore the effect of accounting for adversarial attacks on securing machine learning models through the adversarial training strategy. Therefore, the main contributions of this article are as follows: (1) We extend existing machine learning studies that commonly consider small datasets to explore the evasion ability of state-of-the-art Windows PE attack methods by increasing the size of the evaluation dataset. (2) To the best of our knowledge, we are the first to carry out an exploratory study to explain how the considered adversarial attack methods change Windows PE malware to fool an effective decision model. (3) We explore the performance of the adversarial training strategy as a means to secure effective decision models against adversarial Windows PE malware files generated with the considered attack methods. Hence, the study explains how GAMMA can actually be considered the most effective evasion method for the performed comparative analysis. On the other hand, the study shows that the adversarial training strategy can actually help in recognising adversarial PE malware generated with GAMMA by also explaining how it changes model decisions.

show abstract

Section: Adversarial Attacks and Defencesmentioning

confidence: 99%

Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection

Imran,

Appice,

Malerba

2024

Future Internet

View full text Add to dashboard Cite

show abstract

“…Since white box attacks can achieve nearly 100% success rates in the realm of image classification, research efforts have shifted toward developing effective black box attack strategies. Within black box attacks, several techniques have emerged, including universal perturbation [19,20], transfer attacks [21][22][23], and substitute network methods [24]. First, the universal perturbation method, although introducing strong noise, aims to mislead the attacker into classifying the data as the desired target class by adding specific noise to all original data.…”

Section: Information For the Target Modelmentioning

confidence: 99%

Evasion Attacks on Deep Learning-Based Helicopter Recognition Systems

Lee,

Kim,

Bang

et al. 2024

Journal of Sensors

View full text Add to dashboard Cite

Identifying objects in surveillance and reconnaissance systems with the human eye can be challenging, underscoring the growing importance of employing deep learning models for the recognition of enemy weapon systems. These systems, leveraging deep neural networks known for their strong performance in image recognition and classification, are currently under extensive research. However, it is crucial to acknowledge that surveillance and reconnaissance systems utilizing deep neural networks are susceptible to vulnerabilities posed by adversarial examples. While prior adversarial example research has mainly utilized publicly available internet data, there has been a significant absence of studies concerning adversarial attacks on data and models specific to real military scenarios. In this paper, we introduce an adversarial example designed for a binary classifier tasked with recognizing helicopters. Our approach generates an adversarial example that is misclassified by the model, despite appearing unproblematic to the human eye. To conduct our experiments, we gathered real attack and transport helicopters and employed TensorFlow as the machine learning library of choice. Our experimental findings demonstrate that the average attack success rate of the proposed method is 81.9%. Additionally, when epsilon is 0.4, the attack success rate is 90.1%. Before epsilon reaches 0.4, the attack success rate increases rapidly, and then we can see that epsilon increases little by little thereafter.

show abstract

“…Currently, deep neural networks are being used efficiently in several domains due to their state-of-the-art performance. In cybersecurity, researchers have demonstrated the potential of DL in tackling many cybersecurity problems [5]. However, more work is required to examine the robustness of deep neural networks for detecting email phishing [6].…”

Section: Introductionmentioning

confidence: 99%

Advancing Phishing Email Detection: A Comparative Study of Deep Learning Models

Altwaijry,

Al-Turaiki,

Alotaibi

et al. 2024

Sensors

View full text Add to dashboard Cite

Phishing is one of the most dangerous attacks targeting individuals, organizations, and nations. Although many traditional methods for email phishing detection exist, there is a need to improve accuracy and reduce false-positive rates. Our work investigates one-dimensional CNN-based models (1D-CNNPD) to detect phishing emails in order to address these challenges. Additionally, further improvement is achieved with the augmentation of the base 1D-CNNPD model with recurrent layers, namely, LSTM, Bi-LSTM, GRU, and Bi-GRU, and experimented with the four resulting models. Two benchmark datasets were used to evaluate the performance of our models: Phishing Corpus and Spam Assassin. Our results indicate that, in general, the augmentations improve the performance of the 1D-CNNPD base model. Specifically, the 1D-CNNPD with Bi-GRU yields the best results. Overall, the performance of our models is comparable to the state of the art of CNN-based phishing email detection. The Advanced 1D-CNNPD with Leaky ReLU and Bi-GRU achieved 100% precision, 99.68% accuracy, an F1 score of 99.66%, and a recall of 99.32%. We observe that increasing model depth typically leads to an initial performance improvement, succeeded by a decline. In conclusion, this study highlights the effectiveness of augmented 1D-CNNPD models in detecting phishing emails with improved accuracy. The reported performance measure values indicate the potential of these models in advancing the implementation of cybersecurity solutions to combat email phishing attacks.

show abstract

Adversarial examples: A survey of attacks and defenses in deep learning-enabled cybersecurity systems

Cited by 21 publications

References 102 publications

Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection

Evaluating Realistic Adversarial Attacks against Machine Learning Models for Windows PE Malware Detection

Evasion Attacks on Deep Learning-Based Helicopter Recognition Systems

Advancing Phishing Email Detection: A Comparative Study of Deep Learning Models

Contact Info

Product

Resources

About