On the Neural Representation for Adversarial Attack and Defense

Qiuling Xu (17121274)

20 October 2023

<p dir="ltr">Neural representations are high-dimensional embeddings generated during the feed-forward process of neural networks. These embeddings compress raw input information and extract abstract features beneficial for downstream tasks. However, effectively utilizing these representations poses challenges due to their inherent complexity. This complexity arises from the non-linear relationship between inputs and neural representations, as well as the diversity of the learning process.</p><p dir="ltr">In this thesis, we propose effective methods to utilize neural representations for adversarial attack and defense. Our approach generally involves decomposing complex neural representations into smaller, more analyzable parts. We also seek general patterns emerging during learning to better understand the semantic meaning associated with neural representations.</p><p dir="ltr">We demonstrate that formalizing neural representations can reveal models' weaknesses and aid in defending against poison attacks. Specifically, we define a new type of adversarial attack using neural style, a special component of neural representation. This new attack uncovers novel aspects of the models' vulnerabilities. </p><p dir="ltr">Furthermore, we develop an interpretation of neural representations by approximating their marginal distribution, treating intermediate neurons as feature indicators. By properly harnessing these rich feature indicators, we address scalability and imperceptibility issues related to pixel-wise bounds.</p><p dir="ltr">Finally, we discover that neural representations contain crucial information about how neural networks make decisions. Leveraging the general patterns in neural representations, we design algorithms to remove unwanted and harmful functionalities from neural networks, thereby mitigating poison attacks.</p>

Adversarial machine learning

Adversarial learning

Adversarial Attack

LEVERAGING SDN AND NFV FOR DNS AMPLIFICATION OR REFLECTION ATTACK DETECTION AND MITIGATION

Nesary, Mohammad Mashud

01 August 2023

Domain Name System (DNS) is virtually the distributed directory of the Internet for obtaining the Internet Protocol (IP) addresses to access web resources. DNS has always been one of the prime targets for cyber attackers either to inundate different types of DNS servers with attack traffic and false records or to exploit the DNS protocol to perform targeted attacks to user machines. DNS amplification or reflection attacks are some of the most fundamental types of DNS specific Denial-of-Service (DoS) attacks. In this type of attack, users are denied service as the server needs to process spoofed DNS query from the attackers and victim machines receive unsolicited DNS response. Software Defined Networking (SDN) and Network Function Virtualization (NFV) are the technological breakthroughs which have brought transformational change in operating and maintaining network services. These have also opened new avenues to deal with those cyber-attacks along with introducing a whole new set of security threats or vulnerabilities that need to be taken care of. In this paper, we propose detection and mitigation strategies to combat DNS amplification or reflection attacks leveraging the functionalities of both SDN and NFV. We reviewed the existing literature of related approaches, incorporated Moving Target Defense (MTD) techniques into the security solutions, discussed the deployment options of vDNS (Virtual DNS) servers, and elaborated on the security issues involved with SDN and NFV. This work could potentially augment the security of the DNS infrastructure while improving the scalability and agility and provide future direction in research and practice.

DNS

DNS Amplification Attack

NFV

SDN

vDNS

High Angle-of-Attack Yaw Control Using Strakes on Blunt-Nose Bodies

Stucke, Russell Andrew

January 2006

No description available.

Blunt-nose

High angle-of-attack

strakes

MEMBERSHIP INFERENCE ATTACKS AND DEFENSES IN CLASSIFICATION MODELS

Jiacheng Li (17775408)

12 January 2024

<p dir="ltr">Neural network-based machine learning models are now prevalent in our daily lives, from voice assistants~\cite{lopez2018alexa}, to image generation~\cite{ramesh2021zero} and chatbots (e.g., ChatGPT-4~\cite{openai2023gpt4}). These large neural networks are powerful but also raise serious security and privacy concerns, such as whether personal data used to train these models are leaked by these models. One way to understand and address this privacy concern is to study membership inference (MI) attacks and defenses~\cite{shokri2017membership,nasr2019comprehensive}. In MI attacks, an adversary seeks to infer if a given instance was part of the training data. We study the membership inference (MI) attack against classifiers, where the attacker's goal is to determine whether a data instance was used for training the classifier. Through systematic cataloging of existing MI attacks and extensive experimental evaluations of them, we find that a model's vulnerability to MI attacks is tightly related to the generalization gap---the difference between training accuracy and test accuracy. We then propose a defense against MI attacks that aims to close the gap by intentionally reduces the training accuracy. More specifically, the training process attempts to match the training and validation accuracies, by means of a new {\em set regularizer} using the Maximum Mean Discrepancy between the softmax output empirical distributions of the training and validation sets. Our experimental results show that combining this approach with another simple defense (mix-up training) significantly improves state-of-the-art defense against MI attacks, with minimal impact on testing accuracy. </p><p dir="ltr"><br></p><p dir="ltr">Furthermore, we considers the challenge of performing membership inference attacks in a federated learning setting ---for image classification--- where an adversary can only observe the communication between the central node and a single client (a passive white-box attack). Passive attacks are one of the hardest-to-detect attacks, since they can be performed without modifying how the behavior of the central server or its clients, and assumes {\em no access to private data instances}. The key insight of our method is empirically observing that, near parameters that generalize well in test, the gradient of large overparameterized neural network models statistically behave like high-dimensional independent isotropic random vectors. Using this insight, we devise two attacks that are often little impacted by existing and proposed defenses. Finally, we validated the hypothesis that our attack depends on the overparametrization by showing that increasing the level of overparametrization (without changing the neural network architecture) positively correlates with our attack effectiveness.</p><p dir="ltr">Finally, we observe that training instances have different degrees of vulnerability to MI attacks. Most instances will have low loss even when not included in training. For these instances, the model can fit them well without concerns of MI attacks. An effective defense only needs to (possibly implicitly) identify instances that are vulnerable to MI attacks and avoids overfitting them. A major challenge is how to achieve such an effect in an efficient training process. Leveraging two distinct recent advancements in representation learning: counterfactually-invariant representations and subspace learning methods, we introduce a novel Membership-Invariant Subspace Training (MIST) method to defend against MI attacks. MIST avoids overfitting the vulnerable instances without significant impact on other instances. We have conducted extensive experimental studies, comparing MIST with various other state-of-the-art (SOTA) MI defenses against several SOTA MI attacks. We find that MIST outperforms other defenses while resulting in minimal reduction in testing accuracy. </p><p dir="ltr"><br></p>

Data and information privacy

Membership Inference Attack

Effectiveness of a Serpentine Inlet Duct Flow Control Scheme at Design and Off-Design Simulated Flight Conditions

Rabe, Angela C.

27 October 2003

An experimental investigation was conducted in a static ground test facility to determine the flow quality of a serpentine inlet duct incorporating active flow control for several simulated flight conditions. The total pressure distortion at the aerodynamic interface plane (AIP) was then used to predict the resulting stability for a compression system. This study was conducted using a model of a compact, low observable, engine inlet duct developed by Lockheed Martin. A flow control technique using air injection through microjets at 1% of the inlet mass flow rate was developed by Lockheed Martin to improve the quality of the flow exiting the inlet duct. Both the inlet duct and the flow control technique were examined at cruise condition and off-design simulated flight conditions (angle of attack and asymmetric distortion). All of the experimental tests were run at an inlet throat Mach number of 0.55 and a resulting Reynolds number of 1.76*105 based on the hydraulic diameter at the inlet throat. For each of the flight conditions tested, the flow control scheme was found to improve the flow uniformity and reduce the inlet distortion at the AIP. For simulated cruise condition, the total pressure recovery was improved by ~2% with the addition of flow control. For the off-design conditions of angle of attack and asymmetric distortion, the total pressure recovery was improved by 1.5% and 2% respectively. All flight conditions tested showed a reduction in circumferential distortion intensity with flow control. The cruise condition case showed reduced maximum circumferential distortion of 70% with the addition of flow control. A reduction in maximum circumferential distortion of 40% occurred for the angle of attack case with flow control, and 30% for the asymmetric distortion case with flow control. The inlet total pressure distortion was used to predict the changes in stability margin of a compression system due to design and off-design flight conditions and the improvement of the stability margin with the addition of flow control. A parallel compressor model (DYNTECC) was utilized to predict changes in the stability margin of a representative compression system (NASA Stage 35). Without flow control, all three cases show similar reduced stability margins on the order of 30% of the original stability margin for NASA Stage 35 at 70% corrected rotor speed. With the addition of flow control, the cruise condition tested improved the stability margin to 80% of the original value while the off-design conditions recover to 60% of the original margin. Overall, the flow control has been found to be extremely beneficial in improving the operating range of a compression system for the same inlet duct without flow control. / Ph. D.

distortion

serpentine inlet

AIP

angle of attack

Cascading Events in the Aftermath of a Targeted Physical Attack on the Power Grid

Meyur, Rounak

29 March 2019

This work studies the consequences of a human-initiated targeted attack on the electric power system by simulating the detonation of a bomb at one or more substations in and around Washington DC. An AC power flow based transient analysis on a realistic power grid model of Eastern Interconnection is considered to study the cascading events. A detailed model of control and protection system in the power grid is considered to ensure the accurate representation of cascading outages. Particularly, the problem of identifying a set of k critical nodes, whose failure/attack leads to the maximum adverse impact on the power system has been analyzed in detail. It is observed that a greedy approach yields node sets with higher criticality than a degree-based approach, which has been suggested in many prior works. Furthermore, it is seen that the impact of a targeted attack exhibits a nonmonotonic behavior as a function of the target set size k. The consideration of hidden failures in the protective relays has revealed that the outage of certain lines/buses in the course of cascading events can save the power grid from a system collapse. Finally, a comparison with the DC steady state analysis of cascading events shows that a transient stability assessment is necessary to obtain the complete picture of cascading events in the aftermath of a targeted attack on the power grid. / M.S. / The modern day power system has been identified as a critical infrastructure providing crucial support to the economy of a country. Prior experience has shown that a small failure of a component in the power grid can lead to widespread cascading events and eventually result in a blackout. Such failures can be triggered by devastating damage due to a natural calamity or because of a targeted adversarial attack on certain points in the power system. Given limited budget to avoid widespread cascading failures in the network, an important problem would be to identify critical components in the power system. In this research an attempt has been made to replicate the actual power system conditions as accurately as possible to study the impact of a targeted adversarial attack on different points in the network. Three heuristics have been proposed to identify critical nodes in the network and their performance has been discussed. The case studies of cascading events have been performed on a synthetic power system network of Washington DC to achieve the actual system conditions of an operating power grid.

Cascading failures

targeted attack

hidden failures

Determination of induced changes in foliar emissions of terpene-accumulating plants

Zabaras, Dimitrios, University of Western Sydney, College of Science, Technology and Environment, School of Science, Food and Horticulture

January 2003

Stress-induced changes in the emissions of volatiles from many economically-important plants have been demonstrated in studies over the past decade. Plants such as cotton and corn change both the composition and concentration of their emissions when subjected to wounding, herbivory and pathogen attack. Terpene-accumulating plants have been overlooked as potential objects of such studies although work on conifers has shown that species rich in constitutive defences can also exhibit induced responses. The aim of this study was to investigate whether terpene-accumulating plants respond to stress by altering their foliar emissions qualitatively and/or quantitatively. Species examined included Salvia officinalis (common sage), Melaleuca alternifolia (Australian tea tree) and Ocimum minimum (Bush basil). An experimental design was developed to eliminate factors such as leaf ontogeny that can affect the obtained results and complicate their interpretation. Small-scale solvent extraction and HS-SPME-based techniques were also developed; they enabled the quantitative determination of treatment-induced changes over periods ranging from 10 minutes to 6 months. Treatment of plants included mechanical wounding, herbivory, pathogen attack and chemical elicitation. Overall, statistically significant induced-changes were observed for both leaf-oil composition and concentration. The response of the different species used varied. O. minimum exhibited the greatest compositional changes whilst M. alternifolia was the only species for which oil-concentration changes were observed. The demonstrated changes were not as great as those reported in similar studies with non-terpene producing plants. The results indicate that the high metabolic costs associated with the production and storage of constitutive defences may be responsible for the limited induction of further defensive responses / Doctor of Philosophy (PhD)

terpene-accumulating

mechanical wounding

foliage emissions

herbivory attack

pathogen attack

chemical elicitation

Attacks on structured P2P overlay networks : Simulating Sybil Attacks

Tefera, Mismaku Hiruy

January 2014

No description available.

P2P

DHT

Chord

CAN

Pastry

Tapestry

P-Grid and MediaSense

Sybil attack

DDos attack

OMNeT++

OverSim.

Analys av skottstatistik från de tre främsta herrfotbollsligorna i Europa : La Liga, Premier League och Serie A

Hermansson, Josefine, Stolpe, Amanda

January 2018

Purpose: The aim of the study is to investigate the two topteams and two bottomteams scoring statistics from the three top soccer leagues in Europe during the 2016/2017 season. From which zone are the shots taken which results in goals? From which zone are the shots taken on the goal, but do not result in goals? From which zone are the shots taken that end up outside the goal? From which zone are the shots taken that are blocked by opponents? Methods: A quantitative method was used where data was obtained from a website called www.squawka.com. A total of 456 matches from six top teams and six bottom teams were analyzed from the leagues Serie A, La Liga and Premier League during the 2016/2017 season. A template was used to analyze in which zones the shots was taken. The data was analyzed with Chi square crosstab post-hoc test. Results: Both groups scored the most goals from shots taken within the penalty area. These zones also saw the highest rate of shots on goal, but did not result in goals were taken. At shots that ended up outside the goal, both the top teams and the bottom teams took the most shots centrally, outside the penalty area, where the top team also took a large part of the shooting center inside the penalty area. At a shot blocked by opponents, both the top teams and the bottom teams took most shots centrally outside the penalty area, where a large proportion was taken within the penalty area. Conclusions: The study revealed major similarities between the top and bottom teams during the 2016/2017 season, where it was shown that the top team took more total shots over the season and the highest number of shots that resulted in goals. Both groups mostly took the shot at the center of the plane, where the zones within the penalty area are proved to be the most effective zone for goal creation. Through this knowledge of the top team and the bottom team's shot statistics, important attack patterns emerge which may be used for coaches in the higher leagues. Trainers can tactically draw their own players to take shots from the effective zones to increase the chances of scoring goals. The statistics may also be used by teams to plan effective defense-stategies. / Syfte: Syftet med studien är att undersöka skottstatistik för två topp respektive två bottenlag från de tre främsta fotbollsligorna i Europa under säsongen 2016/2017. Från vilken zon utförs de skott som resulterar i mål? Från vilken zon utförs de skott som går på målet, men inte resulterar i mål? Från vilken zon utförs de skott som går utanför målet? Från vilken zon utförs de skott som blockeras av motståndare? Metod: En kvantitativ metod användes där data inhämtades från en hemsida vid namn www.squawka.com. Totalt analyserades 456 matcher från sex topplag och sex bottenlag från ligorna Serie A, La Liga och Premier League under säsongen 2016/2017. En mall användes för att analysera inom vilka zoner skotten utförts. Data analyserades sedan med ett Chi square crosstab post-hoc test. Resultat: Båda grupperna utförde flest skott som resulterade i mål innanför straffområdet. Det var även vid dessa zoner som flest skott som gick på mål, men inte resulterade i mål utfördes. Vid skott som hamnade utanför målet så utförde både topplagen och bottenlagen flest skott centralt, utanför straffområdet där även topplagen utförde stor del av skotten centralt innanför straffområdet. Vid skott som blockerades av motståndare så utförde både topplagen och bottenlagen flest skott centralt utanför straffområdet men även flertalet skott innanför straffområdet. Slutsatser: Studien påvisade stora likheter mellan topplagen och bottenlagen under säsongen 2016/2017, där det resulterade i att topplagen utförde fler skott totalt över säsongen och även flest skott som resulterade i mål. Båda grupperna utförde mestadels skotten centralt på planen, där zonerna innanför straffområdet är det området som är den mest effektiva zonen för skapande av målchans. Genom denna vetskap om topplagen respektive bottenlagens skottstatistik så framkommer viktiga anfallsmönster vilket kan vara till användning för tränare i de högre ligorna. Tränare kan med taktiska drag få sina egna spelare till att utföra skott från de effektiva zonerna för att öka chanserna till att göra mål, samtidigt som informationen kan användas för att försvara sig på ett effektivt sätt.

attack

football

goal

shot

statistics

zone

attack

fotboll

mål

skott

statistik

zoner

Sport and Fitness Sciences

Idrottsvetenskap

A method of detecting and predicting attack vectors based on genetic programming

Churakova, Yekatierina, Novikov, Oleksii

January 2023

This Master's thesis presents a novel approach for detecting and predicting attack vectors based on genetic programming. The proposed method utilizes a genetic algorithm to evolve a set of rules that predict attack vectors over the system based on caught indicators of compromise. The generated rules are then used to identify potential attack vectors and predict how it started and how it will develop in future. The research aims to improve the accuracy and efficiency of existing methods for attack detection and prediction. The proposed approach is evaluated using real-world attack data and compared against several state-of-the-art techniques. Results indicate that the proposed method outperforms existing approaches in terms of detection accuracy and prediction capability. This research has important implications for the field of cybersecurity and can assist organizations in developing more effective and proactive defense strategies against cyberattacks. Background. Cybersecurity is an increasingly critical issue in today's digital age. Cyberattacks are becoming more sophisticated, making it challenging for traditional defense mechanisms to detect and prevent them. Therefore, it is crucial to develop new and innovative methods for identifying and predicting potential attack vectors. In this context, this Master's thesis presents a novel approach to detecting and predicting attack vectors based on genetic programming. The proposed method aims to improve the accuracy and efficiency of existing approaches to cyberattack detection and prediction. Objectives.This Master’s thesis aims to reach the following objectives: 1. To identify the limitations of existing approaches to cyberattack detection and prevention and propose a novel method based on genetic programming. 2. To develop a genetic programming-based algorithm to evolve a model for attack-vectors prediction. 3. To evaluate the effectiveness of the proposed approach using real-world attack data Methods. The methods used in this Master's thesis combine literature review, data collection, algorithm development, experimentation, data analysis, and recommendations to improving approach to detecting and predicting attack vectors using genetic programming. The research aims to contribute to the field of cybersecurity by advancing our understanding of cyberattack detection and prevention. Results. The proposed method has the potential to enhance the accuracy and efficiency of cyberattack detection and prediction, which can help organizations prevent or mitigate the impact of cyberattacks. Future improvements can include more complex MITRE ATT&amp;CK datasets, including Mobile and ICS matrices. Conclusions. The genetic programming-based algorithm developed in this thesis was shown to be effective in detecting and predicting attack vectors using real-world attack data. The proposed approach has the potential to improve organizations' cybersecurity posture by providing a proactive defense strategy against cyberattacks.

MITTRE ATT&CK

genetic programming

attack vectors

attack prediction

Computer Sciences

Datavetenskap (datalogi)