Stronger targeted poisoning attacks against malware detection

Shintaro Narisada, Shoichiro Sasaki, Seira Hidano, Toshihiro Uchibayashi, Takuo Suganuma, Masahiro Hiji, Shinsaku Kiyomoto

研究成果: 書籍/レポート タイプへの寄稿会議への寄与

1 被引用数 (Scopus)

抄録

Attacks on machine learning systems such as malware detectors and recommendation systems are becoming a major threat. Data poisoning attacks are the primary method used; they inject a small amount of poisoning points into a training set of the machine learning model, aiming to degrade the overall accuracy of the model. Targeted data poisoning is a variant of data poisoning attacks that injects malicious data into the model to cause a misclassification of the targeted input data while keeping almost the same overall accuracy as the unpoisoned model. Sasaki et al. first applied targeted data poisoning to malware detection and proposed an algorithm to generate poisoning points to misclassify targeted malware as goodware. Their algorithm achieved 85 % an attack success rate by adding 15 % poisoning points for malware dataset with continuous variables while restricting the increase in the test error on nontargeted data to at most 10 %. In this paper, we consider common defensive methods called data sanitization defenses, against targeted data poisoning and propose a defense-aware attack algorithm. Moreover, we propose a stronger targeted poisoning algorithm based on the theoretical analysis of the optimal attack strategy proposed by Steinhardt et al. The computational cost of our algorithm is much less than that of existing targeted poisoning algorithms. As a result, our new algorithm achieves a 91 % attack success rate for malware dataset with continuous variables by adding the same 15 % poisoning points and is approximately 103 times faster in terms of the computational time needed to generate poison data than Sasaki’s algorithm.

本文言語英語
ホスト出版物のタイトルCryptology and Network Security - 19th International Conference, CANS 2020, Vienna, Austria, December 14–16, 2020, Proceedings
編集者Stephan Krenn, Haya Shulman, Serge Vaudenay
出版社Springer Science and Business Media Deutschland GmbH
ページ65-84
ページ数20
ISBN(印刷版)9783030654108
DOI
出版ステータス出版済み - 2020
イベント19th International Conference on Cryptology and Network Security, CANS 2020 - Vienna, オーストリア
継続期間: 12月 14 202012月 16 2020

出版物シリーズ

名前Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
12579 LNCS
ISSN(印刷版)0302-9743
ISSN(電子版)1611-3349

会議

会議19th International Conference on Cryptology and Network Security, CANS 2020
国/地域オーストリア
CityVienna
Period12/14/2012/16/20

!!!All Science Journal Classification (ASJC) codes

  • 理論的コンピュータサイエンス
  • コンピュータ サイエンス(全般)

フィンガープリント

「Stronger targeted poisoning attacks against malware detection」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル