Classifiers based on machine learning algorithms have shown promising results for many security tasks including malware classification and network intrusion detection, but classic machine learning algorithms are not designed to operate in the presence of adversaries. Intelligent and adaptive adversaries may actively manipulate the information they present in attempts to evade a trained classifier, leading to a competition between the designers of learning systems and attackers who wish to evade them. This project is developing automated techniques for predicting how well classifiers will resist the evasions of adversaries, along with general methods to automatically harden machine-learning classifiers against adversarial evasion attacks.
At the junction between machine learning and computer security, this project involves toolboxes for five main task as shown in the following table. Our system aims to allow a classifier designer to understand how the classification performance of a model degrades under evasion attacks, enabling better-informed and more secure design choices. The framework is general and scalable, and takes advantage of the latest advances in machine learning and computer security.
|1||Evade Machine Learning||Automatically Evading Classifiers, Case Study on PDF Malware Classifiers||NDSS16||GitHub|
|2||Evade Machine Learning||Black-box Generation of Adversarial Text Sequences to Fool Deep Learning Classifiers||DeepSecureWkp18||GitHub|
|3||Detect Adversarial Attacks||Feature Squeezing- Detecting Adversarial Examples in Deep Neural Networks||NDSS18||GitHub|
|4||Defense against Adversarial Attacks||DeepCloak- Masking Deep Neural Network Models for Robustness against Adversarial Samples||ICLRwkp17||GitHub|
|5||Visualize Adversarial Attacks||Adversarial-Playground- A Visualization Suite for Adversarial Samples||VizSec17||GitHub|
|6||Theorems of Adversarial Examples||A Theoretical Framework for Robustness of (Deep) Classifiers Against Adversarial Samples||ICLRwkp17|
Thanks for reading!