logo
allArticlesConferencesPresentations

Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks

Conference:  BlackHat USA 2018

2018-08-09

Summary

The presentation discusses the use of ensemble models in cybersecurity to improve threat detection and resilience against attacks.
  • Ensemble models are effective at filtering out noise and covering gaps in individual models
  • The use of diverse feature sets and classifiers is important for generating an effective ensemble
  • The highly polymorphic nature of the threat landscape requires constant training and updating of classifiers
  • Real-world examples illustrate the effectiveness of ensemble models in detecting and blocking threats
The presentation provides two case studies where the ensemble model was able to detect and block spear phishing and JavaScript Trojan attacks. In both cases, the local machine learning model was not strong enough to block the threat, but the ensemble model was able to identify the threat and send a response back to the client within milliseconds to block the file before it could execute.

Abstract

Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Researchers have been able to successfully attack deep learning models used to classify malware to completely change their predictions by only accessing the output label of the model for the input samples fed by the attacker. Moreover, we've also seen attackers attempting to poison our training data for ML models by sending fake telemetry and trying to fool the classifier into believing that a given set of malware samples are actually benign. How do we detect and protect against such attacks? Is there a way we can make our models more robust to future attacks? We'll discuss several strategies to make machine learning models more tamper resilient. We'll compare the difficulty of tampering with cloud-based models and client-based models. We'll discuss research that shows how singular models are susceptible to tampering, and some techniques, like stacked ensemble models, can be used to make them more resilient. We also talk about the importance of diversity in base ML models and technical details on how they can be optimized to handle different threat scenarios. Lastly, we'll describe suspected tampering activity we've witnessed using protection telemetry from over half a billion computers, and whether our mitigations worked.
Materials:
Slides
Tags:

Post a comment

Related work

Labeling Tools are Great, but What About Quality Checks?

Conference:  OpenAI + Data Forum 2022
Authors: Jakub Piotr Cłapa, Marcus Edel
2022-06-23

Making Sense of the Landscape of Attacks and Defenses Against AI

Conference:  RSA Conference 2021
Authors:
2021-05-17

Superman Powered by Kryptonite: Turn the Adversarial Attack into Your Defense Weapon

Conference:  BlackHat USA 2020
Authors:
2020-08-05

Demystify AI Security Products With a Universal Pluggable XAI Translator

Conference:  BlackHat USA 2021
Authors:
2021-08-05

How to Design, Launch, and Monitor Resilient ML Systems

Conference:  Transform X 2022
Authors: Dan Shiebler
2022-10-19

Generating YARA Rules by Classifying Malicious Byte Sequences

Conference:  BlackHat USA 2021
Authors:
2021-08-05