Adversarial Machine Learning for Network Security


报告题目:Adversarial Machine Learning for Network Security

报告人:石怡 首席研究员




摘要:With the rapid growth of machine learning applications in communication networks, it is essential to understand the security issues associated with machine learning. In this talk, we choose a slow-based Deep Neural Network (DNN) classifier as a target and study various attacks on this target classifier. The target classifier detects malicious HTTP traffic (i.e., bots, C&C, etc.). We first launch an exploratory attack under a black box assumption against the target CNN classifier. We start from a simple case that the attacker can collect the same set of features used in the target classifier and then consider the case that the attacker can only collect a set of features based on its judgement. We also design the attacks with conditional Generative Adversarial Network (cGAN) to reduce the requirement on the amount of collected data. We show that the attacker can build its own classifier to predict the target classifier's classification results with about 93% accuracy. Once the exploratory attack is successful, we can perform further attacks, e.g., evasion attack and causative attack. We show that these attacks are very effective. Evasion atack can identify samples to double error probability of the target classifier while under causative attack, the new classifier makes classification errors on more than 60% of samples.


   石怡,1998年毕业于中国科技大学零零班获取学士学位,2001年毕业于中科院软件所(现中科院大学)获取硕士学位,2003年毕业于美国弗吉利亚理工大学获取第二个硕士学位,2007年毕业于美国弗吉利亚理工大学获取博士学位。现为IEEE高级会员,美国智能自动化公司首席研究员,美国弗吉利亚理工大学兼职教授。石怡博士是国际上知名的无线网络优化专家,已经在IEEE Transactions on Mobile Computing等著名期刊上和IEEE INFOCOM等著名会议上发表论文150多篇,并主编出版专著1部,参与编写专著5部。2006年,石博士以华盛顿区第一名的身份获得由中国政府颁发的“国家优秀自费留学生”的奖励;2008年和2011年,石博士的论文先后两次在IEEE INFOCOM会议中获得最佳论文奖及最佳论文入围奖。石博士担任IEEE Communications Surveys and Tutorials编辑,担任过3个workshop的技术委员会主席和近50个国际会议的技术委员会委员,包括IEEE INFOCOM, ACM MobiHoc, IEEE MILCOM, IEEE ICC, IEEE WCNC, IEEE GLOBECOM等。