检索结果-内蒙古大学图书馆

Detection of Adversarial Supports in Few-Shot Classifiers Using Self-Similarity and Filtering

学校读者我要写书评

暂无评论

Detection of Adversarial Supports in Few-Shot Classifiers Us...

2021 International Workshop on Safety and security of Deep Learning, SSDL 2021

作者： Tan, Yi Xiang Marcus Chong, Penny Sun, Jiamei Cheung, Ngai-Man Elovici, Yuval Binder, Alexander Information Systems Technology and Design Pillar Singapore University of Technology and Design Singapore Department of Software and Information Systems Engineering Ben-Gurion University of the Negev Be’er Sheva Israel Department of Informatics University of Oslo Norway ST Engineering-SUTD Cyber Security Laboratory

Few-shot classifiers excel under limited training samples, making them useful in applications with sparsely user-provided labels. Their unique relative prediction setup offers opportunities for novel attacks, such as targeting support sets required to categorise unseen test samples, which are not available in other machine learning setups. In this work, we propose a detection strategy to identify adversarial support sets, aimed at destroying the understanding of a few-shot classifier for a certain class. We achieve this by introducing the concept of self-similarity of a support set and by employing filtering of supports. Our method is attack-agnostic, and we are the first to explore adversarial detection for support sets of few-shot classifiers to the best of our knowledge. Our evaluation of the miniImagenet (MI) and CUB datasets exhibits good attack detection performance despite conceptual simplicity, showing high AUROC scores. We show that self-similarity and filtering for adversarial detection can be paired with other filtering functions, constituting a generalisable concept. © 2021 CEUR-WS. All rights reserved.

关键词： Machine learning

SmartWitness: A proactive software transparency system using smart contracts 2

学校读者我要写书评

暂无评论

SmartWitness: A proactive software transparency system using...

2nd ACM International Symposium on Blockchain and Secure Critical Infrastructure, BSCI 2020, Co-located with AsiaCCS 2020

作者： Guarnizo, Juan Alangot, Bithin Szalachowski, Pawel ST Engineering-SUTD Cyber Security Laboratory Singapore University of Technology and Design Singapore Singapore Center for Cybersecurity Systems and Networks Amrita Vishwa Vidyapeetham Amritapuri India

ISBN: (纸本)9781450376105

Package managers have become essential for software distribution and management. Their goal is to allow users to install programs, drivers, or updates in their systems in a secure, quick, and often, unattended way. However, in recent years, attackers have found severe flaws in software distribution systems and used them as a stealthy launch pad for malicious software. Moreover, it was proved that actors of the software supply-chain are ineffective in detecting and stopping attacks on user devices. In this paper, we present a design for software distribution systems based on distributed ledgers. By replacing traditional code signing certificates with smart contracts, named SmartWitness, we propose a novel system that provides properties of binary transparency, useful and granular package revocation, and dynamic and proactive security assessment improving risk awareness of end users. SmartWitness keeps all actors transparent and accountable, and it enables security providers to participate earlier in the software distribution process, directly influencing package installations on user devices. We show how SmartWitness is integrated into an existing package manager system, and we present results from conducted experiments indicating that the system is practical as for today. © 2020 ACM.

关键词： Smart contract

Improving GAN with neighbors embedding and gradient matching 33

学校读者我要写书评

暂无评论

Improving GAN with neighbors embedding and gradient matching

33rd AAAI Conference on Artificial Intelligence, AAAI 2019, 31st Annual Conference on Innovative Applications of Artificial Intelligence, IAAI 2019 and the 9th AAAI Symposium on Educational Advances in Artificial Intelligence, EAAI 2019

作者： Tran, Ngoc-Trung Bui, Tuan-Anh Cheung, Ngai-Man ST Electronics - SUTD Cyber Security Laboratory Singapore University of Technology and Design Singapore

ISBN: (纸本)9781577358091

We propose two new techniques for training Generative Adversarial Networks (GANs) in the unsupervised setting. Our objectives are to alleviate mode collapse in GAN and improve the quality of the generated samples. First, we propose neighbor embedding, a manifold learning-based regularization to explicitly retain local structures of latent samples in the generated samples. This prevents generator from producing nearly identical data samples from different latent samples, and reduces mode collapse. We propose an inverse t-SNE regularizer to achieve this. Second, we propose a new technique, gradient matching, to align the distributions of the generated samples and the real samples. As it is challenging to work with high-dimensional sample distributions, we propose to align these distributions through the scalar discriminator scores. We constrain the difference between the discriminator scores of the real samples and generated ones. We further constrain the difference between the gradients of these discriminator scores. We derive these constraints from Taylor approximations of the discriminator function. We perform experiments to demonstrate that our proposed techniques are computationally simple and easy to be incorporated in existing systems. When Gradient matching and Neighbour embedding are applied together, our GN-GAN achieves outstanding results on 1D/2D synthetic, CIFAR-10 and stL-10 datasets, e.g. FID score of 30.80 for the stL-10 dataset. Our code is available at: https://***/tntrung/gan. Copyright © 2019, Association for the Advancement of Artificial Intelligence (***). All rights reserved.

关键词： Generative adversarial networks

An improved self-supervised GAN via adversarial training

学校读者我要写书评

暂无评论

arXiv 2019年

作者： Tran, Ngoc-Trung Tran, Viet-Hung Nguyen, Ngoc-Bao Cheung, Ngai-Man ST Electronics - SUTD Cyber Security Laboratory Singapore University of Technology and Design

We propose to improve unconditional Generative Adversarial Networks (GAN) by training the self-supervised learning with the adversarial process. In particular, we apply self-supervised learning via the geometric transformation on input images and assign the pseudo-labels to these transformed images. (i) In addition to the GAN task, which distinguishes data (real) versus generated (fake) samples, we train the discriminator to predict the correct pseudolabels of real transformed samples (classification task). Importantly, we find out that simultaneously training the discriminator to classify the fake class from the pseudo-classes of real samples for the classification task will improve the discriminator and subsequently lead better guides to train generator. (ii) The generator is trained by attempting to confuse the discriminator for not only the GAN task but also the classification task. For the classification task, the generator tries to confuse the discriminator recognizing the transformation of its output as one of the real transformed classes. Especially, we exploit that when the generator creates samples that result in a similar loss (via cross-entropy) as that of the real ones, the training is more stable and the generator distribution tends to match better the data distribution. When integrating our techniques into a state-ofthe-art Auto-Encoder (AE) based-GAN model, they help to significantly boost the model's performance and also establish new state-of-the-art Fréchet Inception Distance (FID) scores in the literature of unconditional GAN for CIFAR-10 and stL-10 datasets. Copyright © 2019, The Authors. All rights reserved.

关键词： Generative adversarial networks

Detection of adversarial supports in few-shot classifiers using self-similarity and filtering

学校读者我要写书评

暂无评论

arXiv 2020年

作者： Tan, Yi Xiang Marcus Chong, Penny Sun, Jiamei Cheung, Ngai-Man Elovici, Yuval Binder, Alexander ST Engineering-SUTD Cyber Security Laboratory ISTD pillar Singapore University of Technology and Design Singapore Department of Software and Information Systems Engineering Ben-Gurion University Israel Department of Informatics University of Oslo Norway

关键词： Machine learning

A Neural Attention Model for Real-Time Network Intrusion Detection

学校读者我要写书评

暂无评论

A Neural Attention Model for Real-Time Network Intrusion Det...

Conference on Local Computer Networks (LCN)

作者： Mengxuan Tan Alfonso Iacovazzi Ngai-Man Man Cheung Yuval Elovici ST Engineering-SUTD Cyber Security Laboratory Singapore University of Technology and Design Singapore

The diversity and ever-evolving nature of network intrusion attacks has made defense a real challenge for security practitioners. Recent research in the domain of Network-based Intrusion Detection System has mainly focused on adopting a flow-based approach when extracting features from raw packets. One drawback of this is that attack detection can only be carried out after the flow has ended. In this work, we present a new technique based on the neural attention mechanism; unlike many existing solutions, our technique can be applied for real-time attack detection since it uses time slot-based features. The proposed solution is a modified version of the transformer model which has been proposed and used in the language translation domain. We conduct experiments on a dataset extracted from a recent repository network traffic containing several kinds of network attack. We use the "bidirectional LstM" and "conditional random fields" models as baseline for comparison and our performance results demonstrate that the proposed solution significantly outperforms the two baselines in terms of precision, recall, and false positive rates. In addition, we show that our solution is more computationally efficient than the bidirectional LstM model as a result of the removal of recurrent layers.

关键词：

Comparative analysis of state-of-the-art EDoS mitigation techniques in cloud computing environment

学校读者我要写书评

暂无评论

arXiv 2019年

作者： Singh, Parminder Rehman, Shafiq Ul Manickam, Selvakumar Penang Malaysia ST Engineering Electronics - SUTD Cyber Security Laboratory Singapore 8 Somapah Road Singapore487372 Singapore

A new variant of the DDoS attack, called Economic Denial of Sustainability (EDoS) attack has emerged. Since the cloud service is based on the pay-per-use model, the EDoS attack endeavors to scale up the resource usage over time to the point the purveyor of the server is financially incapable of sustaining the service due to the incurred unaffordable usage charges. The implication of the EDoS attack is a major security implication as more elastic cloud services are being deployed. Existing techniques to detect and mitigate such attacks are either have low accuracy or ineffective and, in some cases, aggravate the attack even further. Therefore, an enhanced EDoS Mitigation Mechanism (EMM), is proposed to address these shortcomings using OpenFlow and statistical techniques, i.e. Hellinger Distance and Entropy. The experiments clearly depicted that EMM is able to detect and mitigate EDoS attacks with high accuracy and it is effective in terms of resource utilization compared to existing mitigation techniques. Thus, it can be deployed in the cloud environment without the need for additional resource requirements. Copyright © 2019, The Authors. All rights reserved.

关键词： Anomaly detection

Permissionless Blockchains and Secure Logging

学校读者我要写书评

暂无评论

arXiv 2019年

作者： Ge, Chunpeng Sun, Siwei Szalachowski, Pawel St Electronics-SUTD Cyber Security Laboratory Singapore University of Technology and Design Data Assurance and Communication Security Research Center Cas

The blockchain technology enables mutu-ally untrusting participants to reach consensus on the state of a distributed and decentralized ledger (called a blockchain) in a permissionless setting. The consensus protocol of the blockchain imposes a unified view of the system state over the global network, and once a block is stable in the blockchain, its data is visible to all users and cannot be retrospectively modified or removed. Due to these properties, the blockchain technology is regarded as a general consensus infrastructure and based on which a variety of systems have been built. This article presents a study and survey of permis-sionless blockchain systems in the context of secure logging. We postulate the most essential properties required by a secure logging system and by considering a wide range of applications, we give insights into how the blockchain technology matches these requirements. Based on the survey, we motivate related research perspectives and challenges for blockchain-based secure logging systems, and we highlight potential solutions to some specific problems. Copyright © 2019, The Authors. All rights reserved.

关键词： Blockchain

Exploring the back alleys: Analysing the robustness of alternative neural network architectures against adversarial attacks

学校读者我要写书评

暂无评论

arXiv 2019年

作者： Tan, Yi Xiang Marcus Elovici, Yuval Binder, Alexander ST Engineering Electronics-SUTD Cyber Security Laboratory Pillar Singapore University of Technology and Design Department of Software and Information Systems Engineering Ben-Gurion University of the Negev Deutsche Telekom Innovation Laboratories Ben-Gurion University of the Negev

Recent discoveries in the field of adversarial machine learning have shown that Artificial Neural Networks (ANNs) are susceptible to adversarial attacks. These attacks cause misclassification of specially crafted adversarial samples. In light of this phenomenon, it is worth investigating whether other types of neural networks are less susceptible to adversarial attacks. In this work, we applied standard attack methods originally aimed at conventional ANNs, towards stochastic ANNs and also towards Spiking Neural Networks (SNNs), across three different datasets namely MNIst, CIFAR-10 and Patch Camelyon. We analysed their adversarial robustness against attacks performed in the raw image space of the different model variants. We employ a variety of attacks namely Basic Iterative Method (BIM), Carlini & Wagner L2 attack (CWL2) and Boundary attack. Our results suggests that SNNs and stochastic ANNs exhibit some degree of adversarial robustness as compared to their ANN counterparts under certain attack methods. Namely, we found that the Boundary and the state-of-the-art CWL2 attacks are largely ineffective against stochastic ANNs. Following this observation, we proposed a modified version of the CWL2 attack and analysed the impact of this attack on the models’ adversarial robustness. Our results suggest that with this modified CWL2 attack, many models are more easily fooled as compared to the vanilla CWL2 attack, albeit observing an increase in L2 norms of adversarial perturbations. Lastly, we also investigate the resilience of alternative neural networks against adversarial samples transferred from ResNet18. We show that the modified CWL2 attack provides an improved cross-architecture transferability compared to other attacks. Copyright © 2019, The Authors. All rights reserved.

关键词： Neural networks