Visible to the public Biblio

Found 158 results

Filters: Keyword is Predictive models  [Clear All Filters]
2022-01-10
Al-Ameer, Ali, AL-Sunni, Fouad.  2021.  A Methodology for Securities and Cryptocurrency Trading Using Exploratory Data Analysis and Artificial Intelligence. 2021 1st International Conference on Artificial Intelligence and Data Analytics (CAIDA). :54–61.
This paper discusses securities and cryptocurrency trading using artificial intelligence (AI) in the sense that it focuses on performing Exploratory Data Analysis (EDA) on selected technical indicators before proceeding to modelling, and then to develop more practical models by introducing new reward loss function that maximizes the returns during training phase. The results of EDA reveal that the complex patterns within the data can be better captured by discriminative classification models and this was endorsed by performing back-testing on two securities using Artificial Neural Network (ANN) and Random Forests (RF) as discriminative models against their counterpart Na\"ıve Bayes as a generative model. To enhance the learning process, the new reward loss function is utilized to retrain the ANN with testing on AAPL, IBM, BRENT CRUDE and BTC using auto-trading strategy that serves as the intelligent unit, and the results indicate this loss superiorly outperforms the conventional cross-entropy used in predictive models. The overall results of this work suggest that there should be larger focus on EDA and more practical losses in the research of machine learning modelling for stock market prediction applications.
Alamaniotis, Miltiadis.  2021.  Fuzzy Integration of Kernel-Based Gaussian Processes Applied to Anomaly Detection in Nuclear Security. 2021 12th International Conference on Information, Intelligence, Systems Applications (IISA). :1–4.
Advances in artificial intelligence (AI) have provided a variety of solutions in several real-world complex problems. One of the current trends contains the integration of various AI tools to improve the proposed solutions. The question that has to be revisited is how tools may be put together to form efficient systems suitable for the problem at hand. This paper frames itself in the area of nuclear security where an agent uses a radiation sensor to survey an area for radiological threats. The main goal of this application is to identify anomalies in the measured data that designate the presence of nuclear material that may consist of a threat. To that end, we propose the integration of two kernel modeled Gaussian processes (GP) by using a fuzzy inference system. The GP models utilize different types of information to make predictions of the background radiation contribution that will be used to identify an anomaly. The integration of the prediction of the two GP models is performed with means of fuzzy rules that provide the degree of existence of anomalous data. The proposed system is tested on a set of real-world gamma-ray spectra taken with a low-resolution portable radiation spectrometer.
Wang, Xiaoyu, Han, Zhongshou, Yu, Rui.  2021.  Security Situation Prediction Method of Industrial Control Network Based on Ant Colony-RBF Neural Network. 2021 IEEE 2nd International Conference on Big Data, Artificial Intelligence and Internet of Things Engineering (ICBAIE). :834–837.
To understand the future trend of network security, the field of network security began to introduce the concept of NSSA(Network Security Situation Awareness). This paper implements the situation assessment model by using game theory algorithms to calculate the situation value of attack and defense behavior. After analyzing the ant colony algorithm and the RBF neural network, the defects of the RBF neural network are improved through the advantages of the ant colony algorithm, and the situation prediction model based on the ant colony-RBF neural network is realized. Finally, the model was verified experimentally.
2021-12-22
Renda, Alessandro, Ducange, Pietro, Gallo, Gionatan, Marcelloni, Francesco.  2021.  XAI Models for Quality of Experience Prediction in Wireless Networks. 2021 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE). :1–6.
Explainable Artificial Intelligence (XAI) is expected to play a key role in the design phase of next generation cellular networks. As 5G is being implemented and 6G is just in the conceptualization stage, it is increasingly clear that AI will be essential to manage the ever-growing complexity of the network. However, AI models will not only be required to deliver high levels of performance, but also high levels of explainability. In this paper we show how fuzzy models may be well suited to address this challenge. We compare fuzzy and classical decision tree models with a Random Forest (RF) classifier on a Quality of Experience classification dataset. The comparison suggests that, in our setting, fuzzy decision trees are easier to interpret and perform comparably or even better than classical ones in identifying stall events in a video streaming application. The accuracy drop with respect to RF classifier, which is considered to be a black-box ensemble model, is counterbalanced by a significant gain in terms of explainability.
Zhang, Yuyi, Xu, Feiran, Zou, Jingying, Petrosian, Ovanes L., Krinkin, Kirill V..  2021.  XAI Evaluation: Evaluating Black-Box Model Explanations for Prediction. 2021 II International Conference on Neural Networks and Neurotechnologies (NeuroNT). :13–16.
The results of evaluating explanations of the black-box model for prediction are presented. The XAI evaluation is realized through the different principles and characteristics between black-box model explanations and XAI labels. In the field of high-dimensional prediction, the black-box model represented by neural network and ensemble models can predict complex data sets more accurately than traditional linear regression and white-box models such as the decision tree model. However, an unexplainable characteristic not only hinders developers from debugging but also causes users mistrust. In the XAI field dedicated to ``opening'' the black box model, effective evaluation methods are still being developed. Within the established XAI evaluation framework (MDMC) in this paper, explanation methods for the prediction can be effectively tested, and the identified explanation method with relatively higher quality can improve the accuracy, transparency, and reliability of prediction.
2021-12-21
Xu, Xiaojun, Wang, Qi, Li, Huichen, Borisov, Nikita, Gunter, Carl A., Li, Bo.  2021.  Detecting AI Trojans Using Meta Neural Analysis. 2021 IEEE Symposium on Security and Privacy (SP). :103–120.
In machine learning Trojan attacks, an adversary trains a corrupted model that obtains good performance on normal data but behaves maliciously on data samples with certain trigger patterns. Several approaches have been proposed to detect such attacks, but they make undesirable assumptions about the attack strategies or require direct access to the trained models, which restricts their utility in practice.This paper addresses these challenges by introducing a Meta Neural Trojan Detection (MNTD) pipeline that does not make assumptions on the attack strategies and only needs black-box access to models. The strategy is to train a meta-classifier that predicts whether a given target model is Trojaned. To train the meta-model without knowledge of the attack strategy, we introduce a technique called jumbo learning that samples a set of Trojaned models following a general distribution. We then dynamically optimize a query set together with the meta-classifier to distinguish between Trojaned and benign models.We evaluate MNTD with experiments on vision, speech, tabular data and natural language text datasets, and against different Trojan attacks such as data poisoning attack, model manipulation attack, and latent attack. We show that MNTD achieves 97% detection AUC score and significantly outperforms existing detection approaches. In addition, MNTD generalizes well and achieves high detection performance against unforeseen attacks. We also propose a robust MNTD pipeline which achieves around 90% detection AUC even when the attacker aims to evade the detection with full knowledge of the system.
2021-12-20
Liu, Jiawei, Liu, Quanli, Wang, Wei, Wang, Xiao- Lei.  2021.  An Improved MLMS Algorithm with Prediction Error Method for Adaptive Feedback Cancellation. 2021 International Conference on Security, Pattern Analysis, and Cybernetics(SPAC). :397–401.
Adaptive feedback cancellation (AFC) method is widely adopted for the purpose of reducing the adverse effects of acoustic feedback on the sound reinforcement systems. However, since the existence of forward path results in the correlation between the source signal and the feedback signal, the source signal is mistakenly considered as the feedback signal to be eliminated by adaptive filter when it is colored, which leads to a inaccurate prediction of the acoustic feedback signal. In order to solve this problem, prediction error method is introduced in this paper to remove the correlation between the source signal and the feedback signal. Aiming at the dilemma of Modified Least Mean Square (MLMS) algorithm in choosing between prediction speed and prediction accuracy, an improved MLMS algorithm with a variable step-size scheme is proposed. Simulation examples are applied to show that the proposed algorithm can obtain more accurate prediction of acoustic feedback signal in a shorter time than the MLMS algorithm.
Ebrahimabadi, Mohammad, Younis, Mohamed, Lalouani, Wassila, Karimi, Naghmeh.  2021.  A Novel Modeling-Attack Resilient Arbiter-PUF Design. 2021 34th International Conference on VLSI Design and 2021 20th International Conference on Embedded Systems (VLSID). :123–128.
Physically Unclonable Functions (PUFs) have been considered as promising lightweight primitives for random number generation and device authentication. Thanks to the imperfections occurring during the fabrication process of integrated circuits, each PUF generates a unique signature which can be used for chip identification. Although supposed to be unclonable, PUFs have been shown to be vulnerable to modeling attacks where a set of collected challenge response pairs are used for training a machine learning model to predict the PUF response to unseen challenges. Challenge obfuscation has been proposed to tackle the modeling attacks in recent years. However, knowing the obfuscation algorithm can help the adversary to model the PUF. This paper proposes a modeling-resilient arbiter-PUF architecture that benefits from the randomness provided by PUFs in concealing the obfuscation scheme. The experimental results confirm the effectiveness of the proposed structure in countering PUF modeling attacks.
Luo, Xinjian, Wu, Yuncheng, Xiao, Xiaokui, Ooi, Beng Chin.  2021.  Feature Inference Attack on Model Predictions in Vertical Federated Learning. 2021 IEEE 37th International Conference on Data Engineering (ICDE). :181–192.
Federated learning (FL) is an emerging paradigm for facilitating multiple organizations' data collaboration without revealing their private data to each other. Recently, vertical FL, where the participating organizations hold the same set of samples but with disjoint features and only one organization owns the labels, has received increased attention. This paper presents several feature inference attack methods to investigate the potential privacy leakages in the model prediction stage of vertical FL. The attack methods consider the most stringent setting that the adversary controls only the trained vertical FL model and the model predictions, relying on no background information of the attack target's data distribution. We first propose two specific attacks on the logistic regression (LR) and decision tree (DT) models, according to individual prediction output. We further design a general attack method based on multiple prediction outputs accumulated by the adversary to handle complex models, such as neural networks (NN) and random forest (RF) models. Experimental evaluations demonstrate the effectiveness of the proposed attacks and highlight the need for designing private mechanisms to protect the prediction outputs in vertical FL.
Kriaa, Siwar, Chaabane, Yahia.  2021.  SecKG: Leveraging attack detection and prediction using knowledge graphs. 2021 12th International Conference on Information and Communication Systems (ICICS). :112–119.
Advanced persistent threats targeting sensitive corporations, are becoming today stealthier and more complex, coordinating different attacks steps and lateral movements, and trying to stay undetected for long time. Classical security solutions that rely on signature-based detection can be easily thwarted by malware using obfuscation and encryption techniques. More recent solutions are using machine learning approaches for detecting outliers. Nevertheless, the majority of them reason on tabular unstructured data which can lead to missing obvious conclusions. We propose in this paper a novel approach that leverages a combination of both knowledge graphs and machine learning techniques to detect and predict attacks. Using Cyber Threat Intelligence (CTI), we built a knowledge graph that processes event logs in order to not only detect attack techniques, but also learn how to predict them.
Yang, SU.  2021.  An Approach on Attack Path Prediction Modeling Based on Game Theory. 2021 IEEE 5th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). 5:2604–2608.
Considering the lack of theoretical analysis for distributed network under APT (advanced persistent threat) attacks, a game model was proposed to solve the problem based on APT attack path. Firstly, this paper analyzed the attack paths of attackers and proposed the defensive framework of network security by analyzing the characteristics of the APT attack and the distributed network structure. Secondly, OAPG(an attack path prediction model oriented to APT) was established from the value both the attacker and the defender based on game theory, besides, this paper calculated the game equilibrium and generated the maximum revenue path of the attacker, and then put forward the best defensive strategy for defender. Finally, this paper validated the model by an instance of APT attack, the calculated results showed that the model can analyze the attacker and defender from the attack path, and can provide a reasonable defense scheme for organizations that use distributed networks.
Alabugin, Sergei K., Sokolov, Alexander N..  2021.  Applying of Recurrent Neural Networks for Industrial Processes Anomaly Detection. 2021 Ural Symposium on Biomedical Engineering, Radioelectronics and Information Technology (USBEREIT). :0467–0470.
The paper considers the issue of recurrent neural networks applicability for detecting industrial process anomalies to detect intrusion in Industrial Control Systems. Cyberattack on Industrial Control Systems often leads to appearing of anomalies in industrial process. Thus, it is proposed to detect such anomalies by forecasting the state of an industrial process using a recurrent neural network and comparing the predicted state with actual process' state. In the course of experimental research, a recurrent neural network with one-dimensional convolutional layer was implemented. The Secure Water Treatment dataset was used to train model and assess its quality. The obtained results indicate the possibility of using the proposed method in practice. The proposed method is characterized by the absence of the need to use anomaly data for training. Also, the method has significant interpretability and allows to localize an anomaly by pointing to a sensor or actuator whose signal does not match the model's prediction.
2021-11-30
Wang, Zhanle, Munawar, Usman, Paranjape, Raman.  2020.  Stochastic Optimization for Residential Demand Response under Time of Use. 2020 IEEE International Conference on Power Electronics, Smart Grid and Renewable Energy (PESGRE2020). :1–6.
Demand response (DR) is one of the most economical methods for peak demand reduction, renewable energy integration and ancillary service support. Residential electrical energy consumption takes approximately 33% of the total electricity usage and hence has great potentials in DR applications. However, residential DR encounters various challenges such as small individual magnitude, stochastic consuming patterns and privacy issues. In this study, we propose a stochastic optimal mechanism to tackle these issues and try to reveal the benefits from residential DR implementation. Stochastic residential load (SRL) models, a generation cost prediction (GCP) model and a stochastic optimal load aggregation (SOLA) model are developed. A set of uniformly distributed scalers is introduced into the SOLA model to efficiently avoid the peak demand rebound problem in DR applications. The SOLA model is further transformed into a deterministic LP model. Time-of-Use (TOU) tariff is adopted as the price structure because of its similarity and popularity. Case studies show that the proposed mechanism can significantly reduce the peak-to-average power ratio (PAPR) of the load profile as well as the electrical energy cost. Furthermore, the impacts of consumers' participation levels in the DR program are investigated. Simulation results show that the 50% participation level appears as the best case in terms system stability. With the participation level of 80%, consumers' electrical energy cost is minimized. The proposed mechanism can be used by a residential load aggregator (LA) or a utility to plan a DR program, predict its impacts, and aggregate residential loads to minimize the electrical energy cost.
2021-11-29
Naeem, Hajra, Alalfi, Manar H..  2020.  Identifying Vulnerable IoT Applications Using Deep Learning. 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER). :582–586.
This paper presents an approach for the identification of vulnerable IoT applications using deep learning algorithms. The approach focuses on a category of vulnerabilities that leads to sensitive information leakage which can be identified using taint flow analysis. First, we analyze the source code of IoT apps in order to recover tokens along their frequencies and tainted flows. Second, we develop, Token2Vec, which transforms the source code tokens into vectors. We have also developed Flow2Vec, which transforms the identified tainted flows into vectors. Third, we use the recovered vectors to train a deep learning algorithm to build a model for the identification of tainted apps. We have evaluated the approach on two datasets and the experiments show that the proposed approach of combining tainted flows features with the base benchmark that uses token frequencies only, has improved the accuracy of the prediction models from 77.78% to 92.59% for Corpus1 and 61.11% to 87.03% for Corpus2.
Ma, Chuang, You, Haisheng, Wang, Li, Zhang, Jiajun.  2020.  Intelligent Cybersecurity Situational Awareness Model Based on Deep Neural Network. 2020 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :76–83.
In recent years, we have faced a series of online threats. The continuous malicious attacks on the network have directly caused a huge threat to the user's spirit and property. In order to deal with the complex security situation in today's network environment, an intelligent network situational awareness model based on deep neural networks is proposed. Use the nonlinear characteristics of the deep neural network to solve the nonlinear fitting problem, establish a network security situation assessment system, take the situation indicators output by the situation assessment system as a guide, and collect on the main data features according to the characteristics of the network attack method, the main data features are collected and the data is preprocessed. This model designs and trains a 4-layer neural network model, and then use the trained deep neural network model to understand and analyze the network situation data, so as to build the network situation perception model based on deep neural network. The deep neural network situational awareness model designed in this paper is used as a network situational awareness simulation attack prediction experiment. At the same time, it is compared with the perception model using gray theory and Support Vector Machine(SVM). The experiments show that this model can make perception according to the changes of state characteristics of network situation data, establish understanding through learning, and finally achieve accurate prediction of network attacks. Through comparison experiments, datatypized neural network deep neural network situation perception model is proved to be effective, accurate and superior.
2021-11-08
Aygül, Mehmet Ali, Nazzal, Mahmoud, Ekti, Ali Rıza, Görçin, Ali, da Costa, Daniel Benevides, Ateş, Hasan Fehmi, Arslan, Hüseyin.  2020.  Spectrum Occupancy Prediction Exploiting Time and Frequency Correlations Through 2D-LSTM. 2020 IEEE 91st Vehicular Technology Conference (VTC2020-Spring). :1–5.
The identification of spectrum opportunities is a pivotal requirement for efficient spectrum utilization in cognitive radio systems. Spectrum prediction offers a convenient means for revealing such opportunities based on the previously obtained occupancies. As spectrum occupancy states are correlated over time, spectrum prediction is often cast as a predictable time-series process using classical or deep learning-based models. However, this variety of methods exploits time-domain correlation and overlooks the existing correlation over frequency. In this paper, differently from previous works, we investigate a more realistic scenario by exploiting correlation over time and frequency through a 2D-long short-term memory (LSTM) model. Extensive experimental results show a performance improvement over conventional spectrum prediction methods in terms of accuracy and computational complexity. These observations are validated over the real-world spectrum measurements, assuming a frequency range between 832-862 MHz where most of the telecom operators in Turkey have private uplink bands.
Li, Gao, Xu, Jianliang, Shen, Weiguo, Wang, Wei, Liu, Zitong, Ding, Guoru.  2020.  LSTM-based Frequency Hopping Sequence Prediction. 2020 International Conference on Wireless Communications and Signal Processing (WCSP). :472–477.
The continuous change of communication frequency brings difficulties to the reconnaissance and prediction of non-cooperative communication. The core of this communication process is the frequency-hopping (FH) sequence with pseudo-random characteristics, which controls carrier frequency hopping. However, FH sequence is always generated by a certain model and is a kind of time sequence with certain regularity. Long Short-Term Memory (LSTM) neural network in deep learning has been proved to have strong ability to solve time series problems. Therefore, in this paper, we establish LSTM model to implement FH sequence prediction. The simulation results show that LSTM-based scheme can effectively predict frequency point by point based on historical HF frequency data. Further, we achieve frequency interval prediction based on frequency point prediction.
Ma, Qicheng, Rastogi, Nidhi.  2020.  DANTE: Predicting Insider Threat using LSTM on system logs. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :1151–1156.
Insider threat is one of the most pernicious threat vectors to information and communication technologies (ICT) across the world due to the elevated level of trust and access that an insider is afforded. This type of threat can stem from both malicious users with a motive as well as negligent users who inadvertently reveal details about trade secrets, company information, or even access information to malignant players. In this paper, we propose a novel approach that uses system logs to detect insider behavior using a special recurrent neural network (RNN) model. Ground truth is established using DANTE and used as baseline for identifying anomalous behavior. For this, system logs are modeled as a natural language sequence and patterns are extracted from these sequences. We create workflows of sequences of actions that follow a natural language logic and control flow. These flows are assigned various categories of behaviors - malignant or benign. Any deviation from these sequences indicates the presence of a threat. We further classify threats into one of the five categories provided in the CERT insider threat dataset. Through experimental evaluation, we show that the proposed model can achieve 93% prediction accuracy.
Singh, Juhi, Sharmila, V Ceronmani.  2020.  Detecting Trojan Attacks on Deep Neural Networks. 2020 4th International Conference on Computer, Communication and Signal Processing (ICCCSP). :1–5.
Machine learning and Artificial Intelligent techniques are the most used techniques. It gives opportunity to online sharing market where sharing and adopting model is being popular. It gives attackers many new opportunities. Deep neural network is the most used approached for artificial techniques. In this paper we are presenting a Proof of Concept method to detect Trojan attacks on the Deep Neural Network. Deploying trojan models can be dangerous in normal human lives (Application like Automated vehicle). First inverse the neuron network to create general trojan triggers, and then retrain the model with external datasets to inject Trojan trigger to the model. The malicious behaviors are only activated with the trojan trigger Input. In attack, original datasets are not required to train the model. In practice, usually datasets are not shared due to privacy or copyright concerns. We use five different applications to demonstrate the attack, and perform an analysis on the factors that affect the attack. The behavior of a trojan modification can be triggered without affecting the test accuracy for normal input datasets. After generating the trojan trigger and performing an attack. It's applying SHAP as defense against such attacks. SHAP is known for its unique explanation for model predictions.
2021-10-12
Gouk, Henry, Hospedales, Timothy M..  2020.  Optimising Network Architectures for Provable Adversarial Robustness. 2020 Sensor Signal Processing for Defence Conference (SSPD). :1–5.
Existing Lipschitz-based provable defences to adversarial examples only cover the L2 threat model. We introduce the first bound that makes use of Lipschitz continuity to provide a more general guarantee for threat models based on any Lp norm. Additionally, a new strategy is proposed for designing network architectures that exhibit superior provable adversarial robustness over conventional convolutional neural networks. Experiments are conducted to validate our theoretical contributions, show that the assumptions made during the design of our novel architecture hold in practice, and quantify the empirical robustness of several Lipschitz-based adversarial defence methods.
Radhakrishnan, C., Karthick, K., Asokan, R..  2020.  Ensemble Learning Based Network Anomaly Detection Using Clustered Generalization of the Features. 2020 2nd International Conference on Advances in Computing, Communication Control and Networking (ICACCCN). :157–162.
Due to the extraordinary volume of business information, classy cyber-attacks pointing the networks of all enterprise have become more casual, with intruders trying to pierce vast into and grasp broader from the compromised network machines. The vital security essential is that field experts and the network administrators have a common terminology to share the attempt of intruders to invoke the system and to rapidly assist each other retort to all kind of threats. Given the enormous huge system traffic, traditional Machine Learning (ML) algorithms will provide ineffective predictions of the network anomaly. Thereby, a hybridized multi-model system can improve the accuracy of detecting the intrusion in the networks. In this manner, this article presents a novel approach Clustered Generalization oriented Ensemble Learning Model (CGELM) for predicting the network anomaly. The performance metrics of the anticipated approach are Detection Rate (DR) and False Predictive Rate (FPR) for the two heterogeneous data sets namely NSL-KDD and UGR'16. The proposed method provides 98.93% accuracy for DR and 0.14% of FPR against Decision Stump AdaBoost and Stacking Ensemble methods.
Zhao, Haojun, Lin, Yun, Gao, Song, Yu, Shui.  2020.  Evaluating and Improving Adversarial Attacks on DNN-Based Modulation Recognition. GLOBECOM 2020 - 2020 IEEE Global Communications Conference. :1–5.
The discovery of adversarial examples poses a serious risk to the deep neural networks (DNN). By adding a subtle perturbation that is imperceptible to the human eye, a well-behaved DNN model can be easily fooled and completely change the prediction categories of the input samples. However, research on adversarial attacks in the field of modulation recognition mainly focuses on increasing the prediction error of the classifier, while ignores the importance of decreasing the perceptual invisibility of attack. Aiming at the task of DNNbased modulation recognition, this study designs the Fitting Difference as a metric to measure the perturbed waveforms and proposes a new method: the Nesterov Adam Iterative Method to generate adversarial examples. We show that the proposed algorithm not only exerts excellent white-box attacks but also can initiate attacks on a black-box model. Moreover, our method decreases the waveform perceptual invisibility of attacks to a certain degree, thereby reducing the risk of an attack being detected.
Zhong, Zhenyu, Hu, Zhisheng, Chen, Xiaowei.  2020.  Quantifying DNN Model Robustness to the Real-World Threats. 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :150–157.
DNN models have suffered from adversarial example attacks, which lead to inconsistent prediction results. As opposed to the gradient-based attack, which assumes white-box access to the model by the attacker, we focus on more realistic input perturbations from the real-world and their actual impact on the model robustness without any presence of the attackers. In this work, we promote a standardized framework to quantify the robustness against real-world threats. It is composed of a set of safety properties associated with common violations, a group of metrics to measure the minimal perturbation that causes the offense, and various criteria that reflect different aspects of the model robustness. By revealing comparison results through this framework among 13 pre-trained ImageNet classifiers, three state-of-the-art object detectors, and three cloud-based content moderators, we deliver the status quo of the real-world model robustness. Beyond that, we provide robustness benchmarking datasets for the community.
Deng, Perry, Linsky, Cooper, Wright, Matthew.  2020.  Weaponizing Unicodes with Deep Learning -Identifying Homoglyphs with Weakly Labeled Data. 2020 IEEE International Conference on Intelligence and Security Informatics (ISI). :1–6.
Visually similar characters, or homoglyphs, can be used to perform social engineering attacks or to evade spam and plagiarism detectors. It is thus important to understand the capabilities of an attacker to identify homoglyphs - particularly ones that have not been previously spotted - and leverage them in attacks. We investigate a deep-learning model using embedding learning, transfer learning, and augmentation to determine the visual similarity of characters and thereby identify potential homoglyphs. Our approach uniquely takes advantage of weak labels that arise from the fact that most characters are not homoglyphs. Our model drastically outperforms the Normal-ized Compression Distance approach on pairwise homoglyph identification, for which we achieve an average precision of 0.97. We also present the first attempt at clustering homoglyphs into sets of equivalence classes, which is more efficient than pairwise information for security practitioners to quickly lookup homoglyphs or to normalize confusable string encodings. To measure clustering performance, we propose a metric (mBIOU) building on the classic Intersection-Over-Union (IOU) metric. Our clustering method achieves 0.592 mBIOU, compared to 0.430 for the naive baseline. We also use our model to predict over 8,000 previously unknown homoglyphs, and find good early indications that many of these may be true positives. Source code and list of predicted homoglyphs are uploaded to Github: https://github.com/PerryXDeng/weaponizing\_unicode.
Chen, Jianbo, Jordan, Michael I., Wainwright, Martin J..  2020.  HopSkipJumpAttack: A Query-Efficient Decision-Based Attack. 2020 IEEE Symposium on Security and Privacy (SP). :1277–1294.
The goal of a decision-based adversarial attack on a trained model is to generate adversarial examples based solely on observing output labels returned by the targeted model. We develop HopSkipJumpAttack, a family of algorithms based on a novel estimate of the gradient direction using binary information at the decision boundary. The proposed family includes both untargeted and targeted attacks optimized for $\mathscrl$ and $\mathscrlınfty$ similarity metrics respectively. Theoretical analysis is provided for the proposed algorithms and the gradient direction estimate. Experiments show HopSkipJumpAttack requires significantly fewer model queries than several state-of-the-art decision-based adversarial attacks. It also achieves competitive performance in attacking several widely-used defense mechanisms.