Omni: automated ensemble with unexpected models against adversarial evasion attack
| Autor: | Rui Shu, Tianpei Xia, Laurie Williams, Tim Menzies |
|---|---|
| Rok vydání: | 2021 |
| Předmět: |
FOS: Computer and information sciences
Hyperparameter Computer Science - Machine Learning Computer Science - Cryptography and Security Ensemble forecasting Computer science business.industry Evasion (network security) Intrusion detection system Adversary computer.software_genre Machine learning Machine Learning (cs.LG) Adversarial system Hyperparameter optimization Malware Artificial intelligence business Cryptography and Security (cs.CR) computer Software |
| Zdroj: | Empirical Software Engineering. 27 |
| ISSN: | 1573-7616 1382-3256 |
| DOI: | 10.1007/s10664-021-10064-8 |
| Popis: | Background: Machine learning-based security detection models have become prevalent in modern malware and intrusion detection systems. However, previous studies show that such models are susceptible to adversarial evasion attacks. In this type of attack, inputs (i.e., adversarial examples) are specially crafted by intelligent malicious adversaries, with the aim of being misclassified by existing state-of-the-art models (e.g., deep neural networks). Once the attackers can fool a classifier to think that a malicious input is actually benign, they can render a machine learning-based malware or intrusion detection system ineffective. Goal: To help security practitioners and researchers build a more robust model against non-adaptive, white-box, and non-targeted adversarial evasion attacks through the idea of an ensemble model. Method: We propose an approach called Omni, the main idea of which is to explore methods that create an ensemble of "unexpected models"; i.e., models whose control hyperparameters have a large distance to the hyperparameters of an adversary's target model, with which we then make an optimized weighted ensemble prediction. Result: In studies with five types of adversarial evasion attacks (FGSM, BIM, JSMA, DeepFooland Carlini-Wagner) on five security datasets (NSL-KDD, CIC-IDS-2017, CSE-CIC-IDS2018, CICAnd-Mal2017, and the Contagio PDF dataset), we show Omni is a promising approach as a defense strategy against adversarial attacks when compared with other baseline treatments. Conclusion: When employing ensemble defense against adversarial evasion attacks, we suggest creating an ensemble with unexpected models that are distant from the attacker's expected model (i.e., target model) through methods such as hyperparameter optimization. Comment: Submitted to EMSE |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|
Full text from SpringerLink