FADER: Fast Adversarial Example Rejection

no code implementations • 18 Oct 2020 • Francesco Crecchi, Marco Melis, Angelo Sotgiu, Davide Bacciu, Battista Biggio

As a second main contribution of this work, we introduce FADER, a novel technique for speeding up detection-based methods.

Adversarial Robustness

Do Gradient-based Explanations Tell Anything About Adversarial Robustness to Android Malware?

no code implementations • 4 May 2020 • Marco Melis, Michele Scalas, Ambra Demontis, Davide Maiorca, Battista Biggio, Giorgio Giacinto, Fabio Roli

While machine-learning algorithms have demonstrated a strong ability in detecting Android malware, they can be evaded by sparse evasion attacks crafted by injecting a small set of fake components, e. g., permissions and system calls, without compromising intrusive functionality.

Adversarial Robustness Android Malware Detection +1

secml: A Python Library for Secure and Explainable Machine Learning

2 code implementations • 20 Dec 2019 • Maura Pintor, Luca Demetrio, Angelo Sotgiu, Marco Melis, Ambra Demontis, Battista Biggio

We present \texttt{secml}, an open-source Python library for secure and explainable machine learning.

BIG-bench Machine Learning

Deep Neural Rejection against Adversarial Examples

1 code implementation • 1 Oct 2019 • Angelo Sotgiu, Ambra Demontis, Marco Melis, Battista Biggio, Giorgio Fumera, Xiaoyi Feng, Fabio Roli

Despite the impressive performances reported by deep neural networks in different application domains, they remain largely vulnerable to adversarial examples, i. e., input samples that are carefully perturbed to cause misclassification at test time.

Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks

no code implementations • 8 Sep 2018 • Ambra Demontis, Marco Melis, Maura Pintor, Matthew Jagielski, Battista Biggio, Alina Oprea, Cristina Nita-Rotaru, Fabio Roli

Transferability captures the ability of an attack against a machine-learning model to be effective against a different, potentially unknown, model.

Explaining Black-box Android Malware Detection

no code implementations • 9 Mar 2018 • Marco Melis, Davide Maiorca, Battista Biggio, Giorgio Giacinto, Fabio Roli

In this work, we generalize this approach to any black-box machine- learning model, by leveraging a gradient-based approach to identify the most influential local features.

Android Malware Detection BIG-bench Machine Learning +1

Super-sparse Learning in Similarity Spaces

no code implementations • 17 Dec 2017 • Ambra Demontis, Marco Melis, Battista Biggio, Giorgio Fumera, Fabio Roli

In several applications, input samples are more naturally represented in terms of similarities between each other, rather than in terms of feature vectors.

General Classification Sparse Learning

Is Deep Learning Safe for Robot Vision? Adversarial Examples against the iCub Humanoid

no code implementations • 23 Aug 2017 • Marco Melis, Ambra Demontis, Battista Biggio, Gavin Brown, Giorgio Fumera, Fabio Roli

Deep neural networks have been widely adopted in recent years, exhibiting impressive performances in several application domains.

General Classification

Yes, Machine Learning Can Be More Secure! A Case Study on Android Malware Detection

no code implementations • 28 Apr 2017 • Ambra Demontis, Marco Melis, Battista Biggio, Davide Maiorca, Daniel Arp, Konrad Rieck, Igino Corona, Giorgio Giacinto, Fabio Roli

To cope with the increasing variability and sophistication of modern attacks, machine learning has been widely adopted as a statistically-sound tool for malware detection.

Cryptography and Security