Brittle Features of Device Authentication
| Autor: | Washington Garcia, Animesh Chhotaray, Somesh Jha, Joseph I. Choi, Suman Kalyan Adari, Kevin R. B. Butler |
|---|---|
| Rok vydání: | 2021 |
| Předmět: |
021110 strategic
defence & security studies Authentication Traffic analysis Artificial neural network Computer science 0211 other engineering and technologies 02 engineering and technology Fuzz testing Adversarial machine learning Computer security computer.software_genre Identification (information) 020204 information systems 0202 electrical engineering electronic engineering information engineering Adaptation (computer science) computer Advice (complexity) |
| Zdroj: | CODASPY |
| Popis: | Authenticating a networked device relies on identifying its unique characteristics. Recent device fingerprinting proposals demonstrate that device activity, such as network traffic, can be used to extract features which identify devices using machine learning (ML). However, there has been little work examining how adversarial machine learning can compromise these schemes. In this work, we show two efficient attacks against three ML-based device authentication (MDA) systems. One of the attacks is an adaptation of an existing gradient-estimation-based attack to the MDA setting; the second uses a fuzzing-based approach. We find that the MDA systems use brittle features for device identification and hence, can be reliably fooled with only 30 to 80 failed authentication attempts. However, selecting features that are robust against adversarial attack is challenging, as indicators such as information gain are not reflective of the features that adversaries most profitably attack. We demonstrate that it is possible to defend MDA systems which rely on neural networks, and in the general case, offer targeted advice for designing more robust MDA systems. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|