Search Results for author:
Found 65 papers, 15 papers with code
Adversarially Guided Stateful Defense Against Backdoor Attacks in Federated Deep Learning
We show that in realistic FL settings, state-of-the-art (SOTA) defenses struggle to perform well against backdoor attacks in FL.
Honeyfile Camouflage: Hiding Fake Files in Plain Sight
Honeyfiles are a particularly useful type of honeypot: fake files deployed to detect and infer information from malicious behaviour.
Contextual Chart Generation for Cyber Deception
Honeyfiles are a type of honeypot that mimic real, sensitive documents, creating the illusion of the presence of valuable data.
SoK: Can Trajectory Generation Combine Privacy and Utility?
This work focuses on the systematisation of the state-of-the-art generative models for trajectories in the context of the proposed framework.
A2C: A Modular Multi-stage Collaborative Decision Framework for Human-AI Teams
By harnessing the strengths of both humans and AI, it significantly improves the efficiency and effectiveness of complex decision-making in dynamic and evolving environments.
Random Entangled Tokens for Adversarially Robust Vision Transformer
Recognizing the challenge posed by the structural disparities between ViTs and CNNs we introduce a novel module input-independent random entangled self-attention (II-ReSA).
Multiple Hypothesis Dropout: Estimating the Parameters of Multi-Modal Output Distributions
In many real-world applications, from robotics to pedestrian trajectory prediction, there is a need to predict multiple real-valued outputs to represent several potential scenarios.
Watch Out! Simple Horizontal Class Backdoor Can Trivially Evade Defense
In VCB attacks, any sample from a class activates the implanted backdoor when the secret trigger is present.
AI Potentiality and Awareness: A Position Paper from the Perspective of Human-AI Teaming in Cybersecurity
This position paper explores the broad landscape of AI potentiality in the context of cybersecurity, with a particular emphasis on its possible risk factors with awareness, which can be managed by incorporating human experts in the loop, i. e., "Human-AI" teaming.
Parameter-Saving Adversarial Training: Reinforcing Multi-Perturbation Robustness via Hypernetworks
Adversarial training serves as one of the most popular and effective methods to defend against adversarial perturbations.
RAI4IoE: Responsible AI for Enabling the Internet of Energy
This paper plans to develop an Equitable and Responsible AI framework with enabling techniques and algorithms for the Internet of Energy (IoE), in short, RAI4IoE.
Stealthy Physical Masked Face Recognition Attack via Adversarial Style Optimization
Moreover, to ameliorate the phenomenon of sub-optimization with one fixed style, we propose to discover the optimal style given a target through style optimization in a continuous relaxation manner.
Two-in-one Knowledge Distillation for Efficient Facial Forgery Detection
More specifically, knowledge distillation on both the spatial and frequency branches has degraded performance than distillation only on the spatial branch.
Anti-Compression Contrastive Facial Forgery Detection
To enhance the performance for such models, we consider the weak compressed and strong compressed data as two views of the original data and they should have similar representation and relationships with other samples.
Diverse Multimedia Layout Generation with Multi Choice Learning
In the above example, this would form an unacceptable layout with a logo in the centre.
Masked Vector Quantization
Generative models with discrete latent representations have recently demonstrated an impressive ability to learn complex high-dimensional data distributions.
Private Image Generation With Dual-Purpose Auxiliary Classifier
However, apart from this standard utility, we identify the "reversed utility" as another crucial aspect, which computes the accuracy on generated data of a classifier trained using real data, dubbed as real2gen accuracy (r2g%).
DeepTaster: Adversarial Perturbation-Based Fingerprinting to Identify Proprietary Dataset Use in Deep Neural Networks
In this study, we introduce DeepTaster, a novel DNN fingerprinting technique, to address scenarios where a victim's data is unlawfully used to build a suspect model.
Profiler: Profile-Based Model to Detect Phishing Emails
The Profiler does not require large data sets to train on to be effective and its analysis of varied email features reduces the impact of concept drift.
Deception for Cyber Defence: Challenges and Opportunities
Deception is rapidly growing as an important tool for cyber defence, complementing existing perimeter security measures to rapidly detect breaches and data theft.
Transformer-Based Language Models for Software Vulnerability Detection
The large transformer-based language models demonstrate excellent performance in natural language processing.
Towards Web Phishing Detection Limitations and Mitigation
However, with an average of 10K phishing links reported per hour to platforms such as PhishTank and VirusTotal (VT), the deficiencies of such ML-based solutions are laid bare.
PublicCheck: Public Integrity Verification for Services of Run-time Deep Models
Existing integrity verification approaches for deep models are designed for private verification (i. e., assuming the service provider is honest, with white-box access to model parameters).
TSM: Measuring the Enticement of Honeyfiles with Natural Language Processing
Honeyfile deployment is a useful breach detection method in cyber deception that can also inform defenders about the intent and interests of intruders and malicious insiders.
Can pre-trained Transformers be used in detecting complex sensitive sentences? -- A Monsanto case study
We experimented with four different categories of documents in the Monsanto dataset and observed that BERT achieves better F2 scores by 24. 13\% to 65. 79\% for GHOST, 30. 14\% to 54. 88\% for TOXIC, 39. 22\% for CHEMI, 53. 57\% for REGUL compared to existing sensitive information detection models.
DeepFake Disrupter: The Detector of DeepFake Is My Friend
We argue that the detectors do not share a similar perspective as human eyes, which might still be spoofed by the disrupted data.
Modelling Direct Messaging Networks with Multiple Recipients for Cyber Deception
Cyber deception is emerging as a promising approach to defending networks and systems against attackers and data thieves.
Mate! Are You Really Aware? An Explainability-Guided Testing Framework for Robustness of Malware Detectors
We find that (i) commercial antivirus engines are vulnerable to AMM-guided test cases; (ii) the ability of a manipulated malware generated using one detector to evade detection by another detector (i. e., transferability) depends on the overlap of features with large AMM values between the different detectors; and (iii) AMM values effectively measure the fragility of features (i. e., capability of feature-space manipulation to flip the prediction results) and explain the robustness of malware detectors facing evasion attacks.
Characterizing Malicious URL Campaigns
Seemingly dissimilar URLs are being used in an organized way to perform phishing attacks and distribute malware.
FedDICE: A ransomware spread detection in a distributed integrated clinical environment using federated learning and SDN based mitigation
FedDICE integrates federated learning (FL), which is privacy-preserving learning, to SDN-oriented security architecture to enable collaborative learning, detection, and mitigation of ransomware attacks.
A Comprehensive Survey on Community Detection with Deep Learning
A community reveals the features and connections of its members that are different from those in other communities in a network.
RAIDER: Reinforcement-aided Spear Phishing Detector
RAIDER also keeps the number of features to a minimum by selecting only the significant features to represent phishing emails and detect spear-phishing attacks.
Robust Training Using Natural Transformation
We target attributes of the input images that are independent of the class identification, and manipulate those attributes to mimic real-world natural transformations (NaTra) of the inputs, which are then used to augment the training dataset of the image classifier.
OCTOPUS: Overcoming Performance andPrivatization Bottlenecks in Distributed Learning
We introduce a new distributed/collaborative learning scheme to address communication overhead via latent compression, leveraging global data while providing privatization of local data without additional cost due to encryption or perturbation.
Confined Gradient Descent: Privacy-preserving Optimization for Federated Learning
We prove that less information is exposed in CGD compared to that of traditional FL.
Evaluation and Optimization of Distributed Machine Learning Techniques for Internet of Things
Federated learning (FL) and split learning (SL) are state-of-the-art distributed machine learning techniques to enable machine learning training without accessing raw data on clients or end devices.
Token-Modification Adversarial Attacks for Natural Language Processing: A Survey
Many adversarial attacks target natural language processing systems, most of which succeed through modifying the individual tokens of a document.
Peeler: Profiling Kernel-Level Events to Detect Ransomware
Based on those characteristics, we develop Peeler that continuously monitors a target system's kernel events and detects ransomware attacks on the system.
Malware Detection
Cryptography and Security
DeepiSign: Invisible Fragile Watermark to Protect the Integrityand Authenticity of CNN
In this paper, we propose a self-contained tamper-proofing method, called DeepiSign, to ensure the integrity and authenticity of CNN models against such manipulation attacks.
HaS-Nets: A Heal and Select Mechanism to Defend DNNs Against Backdoor Attacks for Data Collection Scenarios
We have witnessed the continuing arms race between backdoor attacks and the corresponding defense strategies on Deep Neural Networks (DNNs).
Assessing Social License to Operate from the Public Discourse on Social Media
Our experimental results show that SIRTA is highly effective in distilling stances from social posts for SLO level assessment, and that the continuous monitoring of SLO levels afforded by SIRTA enables the early detection of critical SLO changes.
Decamouflage: A Framework to Detect Image-Scaling Attacks on Convolutional Neural Networks
To corroborate the efficiency of Decamouflage, we have also measured its run-time overhead on a personal PC with an i5 CPU and found that Decamouflage can detect image-scaling attacks in milliseconds.
Evaluation of Federated Learning in Phishing Email Detection
For a fixed total email dataset, the global RNN based model suffers by a 1. 8% accuracy drop when increasing organizational counts from 2 to 10.
Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review
We have also reviewed the flip side of backdoor attacks, which are explored for i) protecting intellectual property of deep learning models, ii) acting as a honeypot to catch adversarial example attacks, and iii) verifying data deletion requested by the data contributor. Overall, the research on defense is far behind the attack, and there is no single defense that can prevent all types of backdoor attacks.
Analysis of Trending Topics and Text-based Channels of Information Delivery in Cybersecurity
We further compare the identified 16 security categories across different sources based on their popularity and impact.
Adversarial Defense by Latent Style Transformations
The intuition behind our approach is that the essential characteristics of a normal image are generally consistent with non-essential style transformations, e. g., slightly changing the facial expression of human portraits.
Can the Multi-Incoming Smart Meter Compressed Streams be Re-Compressed?
Smart meters have currently attracted attention because of their high efficiency and throughput performance.
Deep Learning for Community Detection: Progress, Challenges and Opportunities
As communities represent similar opinions, similar functions, similar purposes, etc., community detection is an important and extremely useful tool in both scientific inquiry and data analytics.
End-to-End Evaluation of Federated Learning and Split Learning for Internet of Things
For learning performance, which is specified by the model accuracy and convergence speed metrics, we empirically evaluate both FL and SplitNN under different types of data distributions such as imbalanced and non-independent and identically distributed (non-IID) data.
Can We Use Split Learning on 1D CNN Models for Privacy Preserving Training?
We observed that the 1D CNN model under split learning can achieve the same accuracy of 98. 9\% like the original (non-split) model.
DAN: Dual-View Representation Learning for Adapting Stance Classifiers to New Domains
We address the issue of having a limited number of annotations for stance classification in a new domain, by adapting out-of-domain classifiers with domain adaptation.
Defending Adversarial Attacks via Semantic Feature Manipulation
In this paper, we propose a one-off and attack-agnostic Feature Manipulation (FM)-Defense to detect and purify adversarial examples in an interpretable and efficient manner.
OIAD: One-for-all Image Anomaly Detection with Disentanglement Learning
Our key insight is that the impact of small perturbation on the latent representation can be bounded for normal samples while anomaly images are usually outside such bounded intervals, referred to as structure consistency.
Backdoor Attacks against Transfer Learning with Pre-trained Deep Learning Models
In this paper, we demonstrate a backdoor threat to transfer learning tasks on both image and time-series data leveraging the knowledge of publicly accessible Teacher models, aimed at defeating three commonly-adopted defenses: \textit{pruning-based}, \textit{retraining-based} and \textit{input pre-processing-based defenses}.
Generating Semantic Adversarial Examples via Feature Manipulation
We further demonstrate the existence of a universal, image-agnostic semantic adversarial example.
Design and Evaluation of a Multi-Domain Trojan Detection Method on Deep Neural Networks
In particular, for vision tasks, we can always achieve a 0% FRR and FAR.
Cryptography and Security
Man-in-the-Middle Attacks against Machine Learning Classifiers via Malicious Generative Models
First, such attacks must acquire the outputs from the models by multiple times before actually launching attacks, which is difficult for the MitM adversary in practice.
Recognising Agreement and Disagreement between Stances with Reason Comparing Networks
We identify agreement and disagreement between utterances that express stances towards a topic of discussion.
STRIP: A Defence Against Trojan Attacks on Deep Neural Networks
Since the trojan trigger is a secret guarded and exploited by the attacker, detecting such trojan inputs is a challenge, especially at run-time when models are in active operation.
Cryptography and Security
Daedalus: Breaking Non-Maximum Suppression in Object Detection via Adversarial Examples
Experimental results demonstrate that the attack effectively stops NMS from filtering redundant bounding boxes.
Android HIV: A Study of Repackaging Malware for Evading Machine-Learning Detection
In contrast to existing works, the adversarial examples crafted by our method can also deceive recent machine learning based detectors that rely on semantic features such as control-flow-graph.
Cryptography and Security
Cross-Target Stance Classification with Self-Attention Networks
In stance classification, the target on which the stance is made defines the boundary of the task, and a classifier is usually trained for prediction on the same target.
Defending against Adversarial Attack towards Deep Neural Networks via Collaborative Multi-task Training
For example, proactive defending methods are invalid against grey-box or white-box attacks, while reactive defending methods are challenged by low-distortion adversarial examples or transferring adversarial examples.
Still Hammerable and Exploitable: on the Effectiveness of Software-only Physical Kernel Isolation
The exploit is motivated by our key observation that the modern OSes have double-owned kernel buffers (e. g., video buffers) owned concurrently by the kernel and user domains.
Cryptography and Security
KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels
In this paper, we propose a reliable and practical system, named KASR, which transparently reduces attack surfaces of commodity OS kernels at runtime without requiring their source code.
Cryptography and Security Operating Systems
