Your search keyword '"ai security"' showing total 5 results

1. Improving the transferability of adversarial examples with path tuning.

Author

Li, Tianyu, Li, Xiaoyu, Ke, Wuping, Tian, Xuwei, Zheng, Desheng, and Lu, Chao

Subjects

ARTIFICIAL neural networks, IRREGULAR sampling (Signal processing), COMPUTER vision, CYBERTERRORISM, ARTIFICIAL intelligence

Abstract

Adversarial attacks pose a significant threat to real-world applications based on deep neural networks (DNNs), especially in security-critical applications. Research has shown that adversarial examples (AEs) generated on a surrogate model can also succeed on a target model, which is known as transferability. Feature-level transfer-based attacks improve the transferability of AEs by disrupting intermediate features. They target the intermediate layer of the model and use feature importance metrics to find these features. However, current methods overfit feature importance metrics to surrogate models, which results in poor sharing of the importance metrics across models and insufficient destruction of deep features. This work demonstrates the trade-off between feature importance metrics and feature corruption generalization, and categorizes feature destructive causes of misclassification. This work proposes a generative framework named PTNAA to guide the destruction of deep features across models, thus improving the transferability of AEs. Specifically, the method introduces path methods into integrated gradients. It selects path functions using only a priori knowledge and approximates neuron attribution using nonuniform sampling. In addition, it measures neurons based on the attribution results and performs feature-level attacks to remove inherent features of the image. Extensive experiments demonstrate the effectiveness of the proposed method. The code is available at https://github.com/lounwb/PTNAA. [ABSTRACT FROM AUTHOR]

Published

2024

2. Channel-augmented joint transformation for transferable adversarial attacks.

Author

Zheng, Desheng, Ke, Wuping, Li, Xiaoyu, Zhang, Shibin, Yin, Guangqiang, Qian, Weizhong, Zhou, Yong, Min, Fan, and Yang, Shan

Subjects

ARTIFICIAL neural networks, RATE setting

Abstract

Deep neural networks (DNNs) are vulnerable to adversarial examples that fool the models with tiny perturbations. Although adversarial attacks have achieved incredible attack success rates in the white-box setting, most existing adversaries often exhibit weak transferability in the black-box setting, especially for models with defense mechanisms. In this work, we reveal the cross-model channel redundancy and channel invariance of DNNs and thus propose two channel-augmented methods to improve the transferability of adversarial examples, namely, the channel transformation (CT) method and the channel-invariant Patch (CIP) method. Specifically, channel transformation shuffles and rewrites channels to enhance cross-model feature redundancy in convolution, and channel-invariant patches distinctly weaken different channels to achieve loss-preserving transformation. We compute the aggregated gradients of the transformed dataset to create adversaries with higher transferability. In addition, the two proposed methods can be naturally combined with each other and with almost all other gradient-based methods to further improve performance. Empirical results on the ImageNet dataset demonstrate that our attack methods exhibit higher transferability and achieve higher attack success rates than state-of-the-art gradient-based attacks. Specifically, our attack improves the average attack success rate from 86.9% to 91.0% on normally trained models and from 44.6% to 68.3% on adversarially trained models. [ABSTRACT FROM AUTHOR]

Published

2024

3. An interpretability security framework for intelligent decision support systems based on saliency map.

Author

Zhang, Denghui, Gu, Zhaoquan, Ren, Lijing, and Shafiq, Muhammad

Subjects

*DECISION support systems, *BIG data, *ARTIFICIAL intelligence, *MODERN society, *TRUST

Abstract

Benefiting from the high-speed transmission and super-low latency, the Fifth Generation (5G) networks are playing an important role in contemporary society. The accessibility and friendly experience provided by 5G results in the generation of massive data, which are recklessly transmitted in various forms and in turn, promote the development of big data and intelligent decision support systems (DSS). Although AI (Artificial Intelligence) can boost DSS to obtain high recognition performance on large-scale data, an adversarial sample generated by deliberately adding subtle noise to a clear sample will cause AI models to give false output with high confidence, which increases concerns about AI. It is necessary to enhance its interpretability and security when adopting AI in areas where decision-making is crucial. In this paper, we study the challenges posed by the next-generation DSS in the era of 5G and big data. To build trust in AI, the saliency map is adopted as a visualization method to reveal the vulnerability of neural networks. The visualization method is further taken to identify imperceptible adversarial samples and reasons for the misclassification of high-accuracy models. Finally, we conduct extensive experiments on large-scale datasets to verify the effectiveness of the visualization method in enhancing AI security for 5G-enabled DSS. [ABSTRACT FROM AUTHOR]

Published

2023

4. FMSA: a meta-learning framework-based fast model stealing attack technique against intelligent network intrusion detection systems.

Author

Fan, Kaisheng, Zhang, Weizhe, Liu, Guangrui, and He, Hui

Subjects

INTELLIGENT networks, DENIAL of service attacks, DATA privacy, THEFT, COMPUTER network security, MACHINE learning, AUTOMOBILE theft

Abstract

Intrusion detection systems are increasingly using machine learning. While machine learning has shown excellent performance in identifying malicious traffic, it may increase the risk of privacy leakage. This paper focuses on implementing a model stealing attack on intrusion detection systems. Existing model stealing attacks are hard to implement in practical network environments, as they either need private data of the victim dataset or frequent access to the victim model. In this paper, we propose a novel solution called Fast Model Stealing Attack (FMSA) to address the problem in the field of model stealing attacks. We also highlight the risks of using ML-NIDS in network security. First, meta-learning frameworks are introduced into the model stealing algorithm to clone the victim model in a black-box state. Then, the number of accesses to the target model is used as an optimization term, resulting in minimal queries to achieve model stealing. Finally, adversarial training is used to simulate the data distribution of the target model and achieve the recovery of privacy data. Through experiments on multiple public datasets, compared to existing state-of-the-art algorithms, FMSA reduces the number of accesses to the target model and improves the accuracy of the clone model on the test dataset to 88.9% and the similarity with the target model to 90.1%. We can demonstrate the successful execution of model stealing attacks on the ML-NIDS system even with protective measures in place to limit the number of anomalous queries. [ABSTRACT FROM AUTHOR]

Published

2023

5. VulnerGAN: a backdoor attack through vulnerability amplification against machine learning-based network intrusion detection systems.

Author

Liu, Guangrui, Zhang, Weizhe, Li, Xinjie, Fan, Kaisheng, and Yu, Shui

Abstract

Machine learning-based network intrusion detection systems (ML-NIDS) are extensively used for network security against unknown attacks. Existing intrusion detection systems can effectively defend traditional network attacks, however, they face AI based threats. The current known AI attacks cannot balance the escape rate and attack effectiveness. In addition, the time cost of existing AI attacks is very high. In this paper, we propose a backdoor attack called VulnerGAN, which features high concealment, high aggressiveness, and high timeliness. The backdoor can make the specific attack traffic bypass the detection of ML-NIDS without affecting the performance of ML-NIDS in identifying other attack traffic. VulnerGAN uses generative adversarial networks (GAN) to calculate poisoning and adversarial samples based on machine learning model vulnerabilities. It can make traditional network attack traffic escape black-box online ML-NIDS. At the same time, model extraction and fuzzing test are used to enhance the convergence of VulnerGAN. Compared with the state-of-the-art algorithms, the VulnerGAN backdoor attack increases 33.28% in concealment, 18.48% in aggressiveness, and 46.32% in timeliness. [ABSTRACT FROM AUTHOR]

Published

2022