Loading...
| Friend's email | |
| Your name | |
| Your email | |
| enter code | |
This page was sent successfuly
- Type of Document: Ph.D. Dissertation
- Language: Farsi
- Document No: 56663 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Jalili, Rasool
- Abstract:
- Although Machine Learning (ML) and especially Deep Learning (DL) has shown significant success in solving complex problems, recent studies have shown that ML algorithms are vulnerable to adversarial attacks. So far, ML algorithms have been designed to run in benign environments. However, the increasing use of ML algorithms in security-sensitive applications motivated adversaries to focus on their vulnerabilities. In the adversarial environment, an adversary can interfere in the training and inference processes of ML algorithms. Adversarial examples are one of the most critical vulnerabilities of ML models at the inference time. Adversarial examples are maliciously crafted inputs that cause classifiers to make incorrect predictions. This thesis evaluates the robustness of network traffic classifiers against adversarial examples and presents a new defense against model extraction attacks. Network traffic classification is used in various applications such as network traffic management, policy enforcement, and intrusion detection systems. We evaluate the robustness of DL-based network traffic classifiers against Adversarial Network Traffic (ANT). ANT injects universal adversarial perturbation into network traffic in order to cause DL-based network traffic classifiers to predict incorrectly. The results demonstrate that ANT highly decreases the accuracy of DL-based network traffic classifiers. In the website fingerprinting attack, the adversary uses an ML-based network traffic classifier to predict the website that has been visited by the victim user. We propose a new defense against website fingerprinting attacks using adversarial example generating approaches called Adversarial Website Adaptation (AWA). AWA generates adversarial examples that are more robust against adversarial training, and It decreases the accuracy of the adversary's classifier to 19\% with almost 22\% bandwidth overhead. Model Extraction attacks exploit the target model's prediction interface to create a surrogate model in order to steal or reconnoiter the functionality of the target model in the black-box setting odel extraction attacks can be used to conduct other attacks, such as adversarial example attacks in the black-box setting. We propose Hardness-Oriented Detection Approach (HODA) to detect the sample sequences of model extraction attacks. We define the hardness degree of a sample using the concept of learning difficulty. The results demonstrate that HODA outperforms all previous model extraction detection methods and is more scalable than its competitors
- Keywords:
- Adversarial Example ; Machine Learning Security ; Classify Network Traffic ; Secure Learning ; Black Box Adversarial Environment
Digital Object List
-
محتواي کتاب
- view
Bookmark
- 1 سرآغاز
- 2 پیشزمینه و مفاهیم پایه
- 3 کارهای پیشین
- 4 ترافیک شبکه خصمانه
- 5 آوا: تطبیق وبسایت خصمانه
- 6 هُدا: رویکرد تشخیص سختی-گرا
- 7 نتیجهگیری و سوی کارهای آتی
- کتابنامه
- واژهنامهی فارسی به انگلیسی
- واژهنامهی انگلیسی به فارسی