Self-Supervised Adversarial Example Detection by Disentangled Representation

Zhang, Zhaoxi; Zhang, Leo Yu; Zheng, Xufei; Jing-zhen, Tian; Zhou, Jiantao

doi:10.48550/arxiv.2105.03689

Cited by 4 publications

(3 citation statements)

References 19 publications

(43 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other robust ML algorithms may also be able to run over corrupted labels [49,53].The Gold Loss Correction (GLC) method in [29] utilizes a small set of trusted labels to improve the setting's accuracy. In the presence of high degrees of label corruption, the ML models overfit false samples into the corrupted labels, such as [5,28,69,70]. These algorithms could suggest extra unsupervised objective training with reliable signals.…”

Section: Self-supervised Learning (Ssl) Approachesmentioning

confidence: 99%

SETTI: A S elf-supervised Adv E rsarial Malware De T ection Archi T ecture in an I oT Environment

Golmaryami

Taheri

Pooranian

et al. 2022

ACM Trans. Multimedia Comput. Commun. Appl.

View full text Add to dashboard Cite

In recent years, malware detection has become an active research topic in the area of Internet of Things (IoT) security. The principle is to exploit knowledge from large quantities of continuously generated malware. Existing algorithms practise available malware features for IoT devices and lack real-time prediction behaviours. More research is thus required on malware detection to cope with real-time misclassification of the input IoT data. Motivated by this, in this paper we propose an adversarial self-supervised architecture for detecting malware in IoT networks, SETTI, considering samples of IoT network traffic that may not be labeled. In the SETTI architecture, we design three self-supervised attack techniques, namely Self-MDS , GSelf-MDS and ASelf-MDS . The Self-MDS method considers the IoT input data and the adversarial sample generation in real-time. The GSelf-MDS builds a generative adversarial network model to generate adversarial samples in the self-supervised structure. Finally, ASelf-MDS utilizes three well-known perturbation sample techniques to develop adversarial malware and inject it over the self-supervised architecture. Also, we apply a defence method to mitigate these attacks, namely adversarial self-supervised training to protect the malware detection architecture against injecting the malicious samples. To validate the attack and defence algorithms, we conduct experiments on two recent IoT datasets: IoT23 and NBIoT. Comparison of the results shows that in the IoT23 dataset, the Self-MDS method has the most damaging consequences from the attacker’s point of view by reducing the accuracy rate from 98% to 74%. In the NBIoT dataset, the ASelf-MDS method is the most devastating algorithm that can plunge the accuracy rate from 98% to 77%.

show abstract

Section: Self-supervised Learning (Ssl) Approachesmentioning

confidence: 99%

SETTI: A S elf-supervised Adv E rsarial Malware De T ection Archi T ecture in an I oT Environment

Golmaryami

Taheri

Pooranian

et al. 2022

ACM Trans. Multimedia Comput. Commun. Appl.

View full text Add to dashboard Cite

show abstract

“…Self-supervised learning provides a way for learning representation from unlabeled data. Recent efforts have been made toward using self-supervised algorithms in order to learn a disentangle representation [ 57 , 58 , 59 , 60 ]. However, recent studies have reported that the existing SSL methods often struggle to learn disentangled representations of the data [ 60 ].…”

Section: Introductionmentioning

confidence: 99%

Unsupervised Learning of Disentangled Representation via Auto-Encoding: A Survey

Eddahmani¹,

Pham

Napoléon³

et al. 2023

Sensors

View full text Add to dashboard Cite

In recent years, the rapid development of deep learning approaches has paved the way to explore the underlying factors that explain the data. In particular, several methods have been proposed to learn to identify and disentangle these underlying explanatory factors in order to improve the learning process and model generalization. However, extracting this representation with little or no supervision remains a key challenge in machine learning. In this paper, we provide a theoretical outlook on recent advances in the field of unsupervised representation learning with a focus on auto-encoding-based approaches and on the most well-known supervised disentanglement metrics. We cover the current state-of-the-art methods for learning disentangled representation in an unsupervised manner while pointing out the connection between each method and its added value on disentanglement. Further, we discuss how to quantify disentanglement and present an in-depth analysis of associated metrics. We conclude by carrying out a comparative evaluation of these metrics according to three criteria, (i) modularity, (ii) compactness and (iii) informativeness. Finally, we show that only the Mutual Information Gap score (MIG) meets all three criteria.

show abstract

“…From another line of research, adversarial examples of deep neural models have been extensively studied [25,26,23,24,27,28]. The seminal work in [25] made use of elaborately crafted adversarial perturbations, which are very tiny and unnoticeable to human eyes, to cause misclassifications of a victim model.…”

Section: Introductionmentioning

confidence: 99%

Evaluating Membership Inference Through Adversarial Robustness

Zhang¹,

Zhang²,

Zheng³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

The usage of deep learning is being escalated in many applications. Due to its outstanding performance, it is being used in a variety of security and privacy-sensitive areas in addition to conventional applications. One of the key aspects of deep learning efficacy is to have abundant data. This trait leads to the usage of data which can be highly sensitive and private, which in turn causes wariness with regard to deep learning in the general public. Membership inference attacks are considered lethal as they can be used to figure out whether a piece of data belongs to the training dataset or not. This can be problematic with regards to leakage of training data information and its characteristics. To highlight the significance of these types of attacks, we propose an enhanced methodology for membership inference attacks based on adversarial robustness, by adjusting the directions of adversarial perturbations through label smoothing under a white-box setting. We evaluate our proposed method on three datasets: Fashion-MNIST, CIFAR-10, and CIFAR-100. Our experimental results reveal that the performance of our method surpasses that of the existing adversarial robustnessbased method when attacking normally trained models. Additionally, through comparing our technique with the state-of-the-art metric-based membership inference methods, our proposed method also shows better performance when attacking adversarially trained models. The code for reproducing the results of this work is available at https://github.com/plll4zzx/ Evaluating-Membership-Inference-Through-Adversarial-Robustness.

show abstract

Self-Supervised Adversarial Example Detection by Disentangled Representation

Cited by 4 publications

References 19 publications

SETTI: A S elf-supervised Adv E rsarial Malware De T ection Archi T ecture in an I oT Environment

SETTI: A S elf-supervised Adv E rsarial Malware De T ection Archi T ecture in an I oT Environment

Unsupervised Learning of Disentangled Representation via Auto-Encoding: A Survey

Evaluating Membership Inference Through Adversarial Robustness

Contact Info

Product

Resources

About