Security Evaluation of Pattern Classifiers under Attack

Biggio, Battista; Fumera, Giorgio; Roli, Fabio

doi:10.1109/tkde.2013.57

Cited by 380 publications

(408 citation statements)

References 41 publications

Supporting

Mentioning

407

Contrasting

Order By: Relevance

“…Given the opacity of the learning process it is not always clear, either to the attacked or even the attacker, what the consequences might be or how to identify such an attack. Examples of attack on machine learning include spam filtering [35], malware classifiers [36][37][38] and biometric recognition systems [39]. Machine learning can be subjected to attacks during training and inference phases.…”

Section: N Tuptuk S Hailesmentioning

confidence: 99%

Security of smart manufacturing systems

Tuptuk

Hailes

2018

Journal of Manufacturing Systems

347

138

View full text Add to dashboard Cite

A B S T R A C TA revolution in manufacturing systems is underway: substantial recent investment has been directed towards the development of smart manufacturing systems that are able to respond in real time to changes in customer demands, as well as the conditions in the supply chain and in the factory itself. Smart manufacturing is a key component of the broader thrust towards Industry 4.0, and relies on the creation of a bridge between digital and physical environments through Internet of Things (IoT) technologies, coupled with enhancements to those digital environments through greater use of cloud systems, data analytics and machine learning. Whilst these individual technologies have been in development for some time, their integration with industrial systems leads to new challenges as well as potential benefits. In this paper, we explore the challenges faced by those wishing to secure smart manufacturing systems. Lessons from history suggest that where an attempt has been made to retrofit security on systems for which the primary driver was the development of functionality, there are inevitable and costly breaches. Indeed, today's manufacturing systems have started to experience this over the past few years; however, the integration of complex smart manufacturing technologies massively increases the scope for attack from adversaries aiming at industrial espionage and sabotage. The potential outcome of these attacks ranges from economic damage and lost production, through injury and loss of life, to catastrophic nation-wide effects. In this paper, we discuss the security of existing industrial and manufacturing systems, existing vulnerabilities, potential future cyber-attacks, the weaknesses of existing measures, the levels of awareness and preparedness for future security challenges, and why security must play a key role underpinning the development of future smart manufacturing systems.

show abstract

Section: N Tuptuk S Hailesmentioning

confidence: 99%

Security of smart manufacturing systems

Tuptuk

Hailes

2018

Journal of Manufacturing Systems

347

138

View full text Add to dashboard Cite

show abstract

“…Research on Machine Learning has traditionally focused on improving the effectiveness of the solutions, without taking into account adversarial settings. However, a current area of research has begun to explore the reliability and security of Machine Learning algorithms under adversarial models [31,21,32,33].…”

Section: Attacks On Nidsmentioning

confidence: 99%

Randomized Anagram revisited

Pastrana

Orfila

Tapiador

et al. 2014

Journal of Network and Computer Applications

View full text Add to dashboard Cite

When compared to signature-based Intrusion Detection Systems (IDS), anomaly detectors present the potential advantage of detecting previously unseen attacks, which makes them an attractive solution against zero-day exploits and other attacks for which a signature is unavailable. Most anomaly detectors rely on machine learning algorithms to derive a model of normality that is later used to detect suspicious events. Such algorithms, however, are generally susceptible to evasion by means of carefully constructed attacks that are not recognized as anomalous. Different strategies to thwart evasion have been proposed over the last years, including the use of randomization to make somewhat uncertain how each packet will be processed. In this paper we analyze the strength of the randomization strategy suggested for Anagram, a well-known anomaly detector based on n-gram models. We show that an adversary who can interact with the system for a short period of time with inputs of his choosing will be able to recover the secret mask used to process packets. We describe and discuss an efficient algorithm to do this and report our experiences with a prototype implementation. Furthermore, we show that the specific form of randomization suggested for Anagram is a double-edged sword, as knowledge of the mask makes evasion easier than in the non-randomized case. We finally discuss a simple countermeasure to prevent our attacks.

show abstract

“…Adversarial learning that is conducive to cyber security can be conducted using reactive and/or proactive modes of operation [10]. In the reactive mode, the offensive side devises and engages in the attack while the defense is limited to analyzing the attack and developing countermeasures.…”

Section: Introductionmentioning

confidence: 99%

Cyberspace Security Using Adversarial Learning and Conformal Prediction

Wechsler¹

2015

IIM

View full text Add to dashboard Cite

This paper advances new directions for cyber security using adversarial learning and conformal prediction in order to enhance network and computing services defenses against adaptive, malicious, persistent, and tactical offensive threats. Conformal prediction is the principled and unified adaptive and learning framework used to design, develop, and deploy a multi-faceted self-managing defensive shield to detect, disrupt, and deny intrusive attacks, hostile and malicious behavior, and subterfuge. Conformal prediction leverages apparent relationships between immunity and intrusion detection using non-conformity measures characteristic of affinity, a typicality, and surprise, to recognize patterns and messages as friend or foe and to respond to them accordingly. The solutions proffered throughout are built around active learning, meta-reasoning, randomness, distributed semantics and stratification, and most important and above all around adaptive Oracles. The motivation for using conformal prediction and its immediate off-spring, those of semi-supervised learning and transduction, comes from them first and foremost supporting discriminative and non-parametric methods characteristic of principled demarcation using cohorts and sensitivity analysis to hedge on the prediction outcomes including negative selection, on one side, and providing credibility and confidence indices that assist meta-reasoning and information fusion.

show abstract

Security Evaluation of Pattern Classifiers under Attack

Cited by 380 publications

References 41 publications

Security of smart manufacturing systems

Security of smart manufacturing systems

Randomized Anagram revisited

Cyberspace Security Using Adversarial Learning and Conformal Prediction

Contact Info

Product

Resources

About