Search

Your search keyword '"Demetrio, Luca"' showing total 11 results
Start Over Author "Demetrio, Luca" Language english
11 results on '"Demetrio, Luca"'

6. A Survey on Reinforcement Learning Security with Application to Autonomous Driving

Author

Demontis, Ambra, Pintor, Maura, Demetrio, Luca, Grosse, Kathrin, Lin, Hsiao-Ying, Fang, Chengfang, Biggio, Battista, and Roli, Fabio

Subjects
FOS: Computer and information sciences, Computer Science - Machine Learning, Computer Science - Robotics, Robotics (cs.RO), Machine Learning (cs.LG)
Abstract

Reinforcement learning allows machines to learn from their own experience. Nowadays, it is used in safety-critical applications, such as autonomous driving, despite being vulnerable to attacks carefully crafted to either prevent that the reinforcement learning algorithm learns an effective and reliable policy, or to induce the trained agent to make a wrong decision. The literature about the security of reinforcement learning is rapidly growing, and some surveys have been proposed to shed light on this field. However, their categorizations are insufficient for choosing an appropriate defense given the kind of system at hand. In our survey, we do not only overcome this limitation by considering a different perspective, but we also discuss the applicability of state-of-the-art attacks and defenses when reinforcement learning algorithms are used in the context of autonomous driving.

Published
2022

7. Robust Machine Learning for Malware Detection over Time

Author

Angioni, Daniele, Demetrio, Luca, Pintor, Maura, and Biggio, Battista

Subjects
FOS: Computer and information sciences, Computer Science - Cryptography and Security, Cryptography and Security (cs.CR)
Abstract

The presence and persistence of Android malware is an on-going threat that plagues this information era, and machine learning technologies are now extensively used to deploy more effective detectors that can block the majority of these malicious programs. However, these algorithms have not been developed to pursue the natural evolution of malware, and their performances significantly degrade over time because of such concept-drift. Currently, state-of-the-art techniques only focus on detecting the presence of such drift, or they address it by relying on frequent updates of models. Hence, there is a lack of knowledge regarding the cause of the concept drift, and ad-hoc solutions that can counter the passing of time are still under-investigated. In this work, we commence to address these issues as we propose (i) a drift-analysis framework to identify which characteristics of data are causing the drift, and (ii) SVM-CB, a time-aware classifier that leverages the drift-analysis information to slow down the performance drop. We highlight the efficacy of our contribution by comparing its degradation over time with a state-of-the-art classifier, and we show that SVM-CB better withstands the distribution changes that naturally characterize the malware domain. We conclude by discussing the limitations of our approach and how our contribution can be taken as a first step towards more time-resistant classifiers that not only tackle, but also understand the concept drift that affects data.

Published
2022

8. Practical Attacks on Machine Learning: A Case Study on Adversarial Windows Malware.

Author

Demetrio, Luca, Biggio, Battista, and Roli, Fabio

Abstract

While machine learning is vulnerable to adversarial examples, it still lacks systematic procedures and tools for evaluating its security in different contexts. We discuss how to develop automated and scalable security evaluations of machine learning using practical attacks, reporting a use case on Windows malware detection. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

10. Adversarial EXEmples: A Survey and Experimental Evaluation of Practical Attacks on Machine Learning for Windows Malware Detection.

Author

DEMETRIO, LUCA, COULL, SCOTT E., BIGGIO, BATTISTA, LAGORIO, GIOVANNI, ARMANDO, ALESSANDRO, and ROLI, FABIO

Subjects
MACHINE learning, MALWARE, PYTHON programming language, EMBEDDING theorems, SEMANTICS
Abstract

Recent work has shown that adversarial Windows malware samples--referred to as adversarial EXEmples in this article--can bypass machine learning-based detection relying on static code analysis by perturbing relatively few input bytes. To preserve malicious functionality, previous attacks either add bytes to existing non-functional areas of the file, potentially limiting their effectiveness, or require running computationally demanding validation steps to discard malware variants that do not correctly execute in sandbox environments. In this work, we overcome these limitations by developing a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks based on practical, functionality-preserving manipulations to the Windows Portable Executable file format. These attacks, named Full DOS, Extend, and Shift, inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section. Our experimental results show that these attacks outperform existing ones in both white-box and black-box scenarios, achieving a better tradeoff in terms of evasion rate and size of the injected payload, while also enabling evasion of models that have been shown to be robust to previous attacks. To facilitate reproducibility of our findings, we open source our framework and all the corresponding attack implementations as part of the secml-malware Python library. We conclude this work by discussing the limitations of current machine learning-based malware detectors, along with potential mitigation strategies based on embedding domain knowledge coming from subject-matter experts directly into the learning process. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results