Visible to the public Biblio

Filters: Author is Li, Bo  [Clear All Filters]
Book Chapter
Li, Bo, Vorobeychik, Yevgeniy.  2014.  Feature Cross-Substitution in Adversarial Classification. Advances in Neural Information Processing Systems 27. :2087–2095.

The success of machine learning, particularly in supervised settings, has led to numerous attempts to apply it in adversarial settings such as spam and malware detection. The core challenge in this class of applications is that adversaries are not static data generators, but make a deliberate effort to evade the classifiers deployed to detect them. We investigate both the problem of modeling the objectives of such adversaries, as well as the algorithmic problem of accounting for rational, objective-driven adversaries. In particular, we demonstrate severe shortcomings of feature reduction in adversarial settings using several natural adversarial objective functions, an observation that is particularly pronounced when the adversary is able to substitute across similar features (for example, replace words with synonyms or replace letters in words). We offer a simple heuristic method for making learning more robust to feature cross-substitution attacks. We then present a more general approach based on mixed-integer linear programming with constraint generation, which implicitly trades off overfitting and feature selection in an adversarial setting using a sparse regularizer along with an evasion model. Our approach is the first method for combining an adversarial classification algorithm with a very general class of models of adversarial classifier evasion. We show that our algorithmic approach significantly outperforms state-of-the-art alternatives.

Conference Paper
Zhao, Min, Li, Shunxin, Xiao, Dong, Zhao, Guoliang, Li, Bo, Liu, Li, Chen, Xiangyu, Yang, Min.  2019.  Consumption Ability Estimation of Distribution System Interconnected with Microgrids. 2019 IEEE International Conference on Energy Internet (ICEI). :345–350.
With fast development of distributed generation, storages and control techniques, a growing number of microgrids are interconnected with distribution networks. Microgrid capacity that a local distribution system can afford, is important to distribution network planning and microgrids well-organized integration. Therefore, this paper focuses on estimating consumption ability of distribution system interconnected with microgrids. The method to judge rationality of microgrids access plan is put forward, and an index system covering operation security, power quality and energy management is proposed. Consumption ability estimation procedure based on rationality evaluation and interactions is built up then, and requirements on multi-scenario simulation are presented. Case study on a practical distribution system design with multi-microgrids guarantees the validity and reasonableness of the proposed method and process. The results also indicate construction and reinforcement directions for the distribution network.
Zhao, Zhijun, Jiang, Zhengwei, Wang, Yueqiang, Chen, Guoen, Li, Bo.  2019.  Experimental Verification of Security Measures in Industrial Environments. 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC). :498–502.
Industrial Control Security (ICS) plays an important role in protecting Industrial assets and processed from being tampered by attackers. Recent years witness the fast development of ICS technology. However there are still shortage of techniques and measures to verify the effectiveness of ICS approaches. In this paper, we propose a verification framework named vICS, for security measures in industrial environments. vICS does not requires installing any agent in industrial environments, and could be viewed as a non-intrusive way. We use vICS to evaluate the effectiveness of classic ICS techniques and measures through several experiments. The results shown that vICS provide an feasible solution for verifying the effectiveness of classic ICS techniques and measures for industrial environments.
Li, Bo, Kong, Libo, Huang, Yuan, Li, Liang, Chen, Jingyun.  2018.  Integration of QR Code Based on Generation, Parsing and Business Processing Mechanism. Proceedings of the International Conference on Information Technology and Electrical Engineering 2018. :18:1–18:5.
The process of information and transformation of society has become a habit in modem people. We are accustomed to using the mobile phone for all kinds of operations, such as: sweep code to order meals, buy tickets and payment, thanks to the popularity of QR code technology in our country. There are many applications in the market with the function of scanning QR code, however, some QR codes can only be parsed by the specified application software. For instance, it can not work when using Alipay scanning QR code which configured by WeChat payment certificate Web program. The user will not be able to pay for such operations. For a product or service provider, different QR codes need to be created for different applications; for a user, a certain business operation needs to face multiple QR codes to select corresponding software in the device. The integration of QR code technology has become a key breakthrough point to improve the competitiveness of enterprises.
Li, Bo, Vorobeychik, Yevgeniy, Li, Muqun, Malin, Bradley.  2015.  Iterative Classification for Sanitizing Large-Scale Datasets. SIAM International Conference on Data Mining.

Cheap ubiquitous computing enables the collectionof massive amounts of personal data in a wide variety of domains.Many organizations aim to share such data while obscuring fea-tures that could disclose identities or other sensitive information.Much of the data now collected exhibits weak structure (e.g.,natural language text) and machine learning approaches havebeen developed to identify and remove sensitive entities in suchdata. Learning-based approaches are never perfect and relyingupon them to sanitize data can leak sensitive information as aconsequence. However, a small amount of risk is permissiblein practice, and, thus, our goal is to balance the value ofdata published and the risk of an adversary discovering leakedsensitive information. We model data sanitization as a gamebetween 1) a publisher who chooses a set of classifiers to applyto data and publishes only instances predicted to be non-sensitiveand 2) an attacker who combines machine learning and manualinspection to uncover leaked sensitive entities (e.g., personal names). We introduce an iterative greedy algorithm for thepublisher that provably executes no more than a linear numberof iterations, and ensures a low utility for a resource-limitedadversary. Moreover, using several real world natural languagecorpora, we illustrate that our greedy algorithm leaves virtuallyno automatically identifiable sensitive instances for a state-of-the-art learning algorithm, while sharing over 93% of the original data, and completes after at most 5 iterations.

Li, Bo, Roundy, Kevin, Gates, Chris, Vorobeychik, Yevgeniy.  2017.  Large-Scale Identification of Malicious Singleton Files. Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy. :227–238.

We study a dataset of billions of program binary files that appeared on 100 million computers over the course of 12 months, discovering that 94% of these files were present on a single machine. Though malware polymorphism is one cause for the large number of singleton files, additional factors also contribute to polymorphism, given that the ratio of benign to malicious singleton files is 80:1. The huge number of benign singletons makes it challenging to reliably identify the minority of malicious singletons. We present a large-scale study of the properties, characteristics, and distribution of benign and malicious singleton files. We leverage the insights from this study to build a classifier based purely on static features to identify 92% of the remaining malicious singletons at a 1.4% percent false positive rate, despite heavy use of obfuscation and packing techniques by most malicious singleton files that we make no attempt to de-obfuscate. Finally, we demonstrate robustness of our classifier to important classes of automated evasion attacks.

Liu, Chang, Li, Bo, Vorobeychik, Yevgeniy, Oprea, Alina.  2017.  Robust Linear Regression Against Training Data Poisoning. Proceedings of the 10th ACM Workshop on Artificial Intelligence and Security. :91–102.
The effectiveness of supervised learning techniques has made them ubiquitous in research and practice. In high-dimensional settings, supervised learning commonly relies on dimensionality reduction to improve performance and identify the most important factors in predicting outcomes. However, the economic importance of learning has made it a natural target for adversarial manipulation of training data, which we term poisoning attacks. Prior approaches to dealing with robust supervised learning rely on strong assumptions about the nature of the feature matrix, such as feature independence and sub-Gaussian noise with low variance. We propose an integrated method for robust regression that relaxes these assumptions, assuming only that the feature matrix can be well approximated by a low-rank matrix. Our techniques integrate improved robust low-rank matrix approximation and robust principle component regression, and yield strong performance guarantees. Moreover, we experimentally show that our methods significantly outperform state of the art both in running time and prediction error.
Li, Bo, Ma, Yehan, Westenbroek, Tyler, Wu, Chengjie, Gonzalez, Humberto, Lu, Chenyang.  2016.  Wireless Routing and Control: A Cyber-physical Case Study. Proceedings of the 7th International Conference on Cyber-Physical Systems. :32:1–32:10.

Wireless sensor-actuator networks (WSANs) are being adopted in process industries because of their advantages in lowering deployment and maintenance costs. While there has been significant theoretical advancement in networked control design, only limited empirical results that combine control design with realistic WSAN standards exist. This paper presents a cyber-physical case study on a wireless process control system that integrates state-of-the-art network control design and a WSAN based on the WirelessHART standard. The case study systematically explores the interactions between wireless routing and control design in the process control plant. The network supports alternative routing strategies, including single-path source routing and multi-path graph routing. To mitigate the effect of data loss in the WSAN, the control design integrates an observer based on an Extended Kalman Filter with a model predictive controller and an actuator buffer of recent control inputs. We observe that sensing and actuation can have different levels of resilience to packet loss under this network control design. We then propose a flexible routing approach where the routing strategy for sensing and actuation can be configured separately. Finally, we show that an asymmetric routing configuration with different routing strategies for sensing and actuation can effectively improve control performance under significant packet loss. Our results highlight the importance of co-joining the design of wireless network protocols and control in wireless control systems.

Journal Article
Ke, Liyiming, Li, Bo, Vorobeychik, Yevgeniy.  2016.  Behavioral Experiments in Email Filter Evasion.

Despite decades of effort to combat spam, unwanted and even malicious emails, such as phish which aim to deceive recipients into disclosing sensitive information, still routinely find their way into one’s mailbox. To be sure, email filters manage to stop a large fraction of spam emails from ever reaching users, but spammers and phishers have mastered the art of filter evasion, or manipulating the content of email messages to avoid being filtered. We present a unique behavioral experiment designed to study email filter evasion. Our experiment is framed in somewhat broader terms: given the widespread use of machine learning methods for distinguishing spam and non-spam, we investigate how human subjects manipulate a spam template to evade a classification-based filter. We find that adding a small amount of noise to a filter significantly reduces the ability of subjects to evade it, observing that noise does not merely have a short-term impact, but also degrades evasion performance in the longer term. Moreover, we find that greater coverage of an email template by the classifier (filter) features significantly increases the difficulty of evading it. This observation suggests that aggressive feature reduction—a common practice in applied machine learning—can actually facilitate evasion. In addition to the descriptive analysis of behavior, we develop a synthetic model of human evasion behavior which closely matches observed behavior and effectively replicates experimental findings in simulation.