MLsploit
(KDD'19 Project Showcase)
A Framework for Interactive Experimentation with Adversarial Machine Learning Research
MLsploit is a machine learning (ML) evaluation and fortification framework designed for education and research of adversarial ML. It is the first cloud-based tool that allows real-time interactive experimentation with state-of-the-art adversarial ML research through a web-based interface. The MLsploit system has a service-oriented architecture (SOA) that includes a web portal for users to interact with, and a RESTful API to further automate experiments. The research functions integrated in MLsploit can be thought of as modular components which can be combined in different arrangements to create the desired experiment pipeline using an intuitive interface. Since MLsploit leverages Docker containerization in the backend, each component can be implemented in any language and on any platform, and MLsploit glues everything together through well-defined APIs. This flexible component design is agnostic to the underlying implementation of the ML functionality, and hence allows quick development for researchers as well.
SHIELD
(KDD'18)
Fast, Practical Defense for Deep Learning
SHIELD addresses the urgent need for practical defense that can be readily deployed to combat attacks in real-time. It places JPEG compression at the core of our proposed SHIELD defense framework, utilizing its capability to effectively "compress away" such pixel manipulation.
- SHIELD "vaccinates" a model by re-training it with compressed images, where different compression levels are applied to generate multiple vaccinated models that are ultimately used together in an ensemble defense.
- SHIELD adds an additional layer of protection by employing randomization at test time that compresses different regions of an image using random compression levels, making it harder for an adversary to estimate the transformation performed.
- Extensive large-scale experiments using the ImageNet dataset shows that SHIELD eliminates up to 94% of black-box attacks and 98% of gray-box attacks delivered by the recent, strongest attacks, such as Carlini-Wagner's L2 and DeepFool.
- SHIELD's novel fortified multi-pronged approach is fast and works without requiring knowledge about the model.
ShapeShifter
(ECML-PKDD'18)
1st Targeted Physical Attack on Faster R-CNN Object Detector
ShapeShifter is the first targeted physical attack on Faster R-CNN object detector. It generates adversarial stop signs that were consistently mis-detected by Faster R-CNN as the target objects in real drive-by tests, posing a potential threat to autonomous vehicles and other safety-critical computer vision systems.
Barnum
(ISC'19)
Deep Learning Software Anomaly Detection
Barnum is an offline control flow attack detection system that applies deep learning on hardware execution traces to model a program's behavior and detect control flow anomalies. Our implementation analyzes document readers to detect exploits and ABI abuse.
ELF Module
(ELF)
ELF File Malware Detection and Bypassing
ELF module is an end-to-end module to train/classify ELF classifier and perturb sample:
- ELF module trains and classifies Linux malware Classifier (using Nearest Neighbor, SVM, Gaussian Process, Neural Network, and Random Forest algorithms).
- ELF module perturbs target malware through remove-API (direct to indirect call).
SGX Module
(SGX)
SGX for privacy-preserving and inference-preventing ML and Adv-ML
SGX module provides an example of privacy-preserving and inference-preventing ML and Adv-ML:
- SGX module loads encrypted trained model and decrypt inside of the SGX. Also, this module accepts encrypted user-input so we can guarantee privacy even user's machine is compromised.
- SGX module maintains multiple classifiers and randomly selects which classifier should provide result to user. Since the result is non-deterministic, adversary will end-up with contaminated decision boundary while user can get the precision close to average of all classifiers. Since SGX can protect random number K, we can prevent decision boundary inference.
- We also build a webpage to guide an user who wants to learn Intel SGX technology so this will help the user to build the first SGX-enabled application step by step. In addition to this, we provide extensive resources for further study of Intel SGX. Please check the following link for detail: (Link: SGX101)