        Adversarial Machine Learning for Network Security


        報告題目:Adversarial Machine Learning for Network Security

        報告人:石怡 首席研究員




        摘要:With the rapid growth of machine learning applications in communication networks, it is essential to understand the security issues associated with machine learning. In this talk, we choose a slow-based Deep Neural Network (DNN) classifier as a target and study various attacks on this target classifier. The target classifier detects malicious HTTP traffic (i.e., bots, C&C, etc.). We first launch an exploratory attack under a black box assumption against the target CNN classifier. We start from a simple case that the attacker can collect the same set of features used in the target classifier and then consider the case that the attacker can only collect a set of features based on its judgement. We also design the attacks with conditional Generative Adversarial Network (cGAN) to reduce the requirement on the amount of collected data. We show that the attacker can build its own classifier to predict the target classifier's classification results with about 93% accuracy. Once the exploratory attack is successful, we can perform further attacks, e.g., evasion attack and causative attack. We show that these attacks are very effective. Evasion atack can identify samples to double error probability of the target classifier while under causative attack, the new classifier makes classification errors on more than 60% of samples.


           石怡,1998年畢業于中國科技大學零零班獲取學士學位,2001年畢業于中科院軟件所(現中科院大學)獲取碩士學位,2003年畢業于美國弗吉利亞理工大學獲取第二個碩士學位,2007年畢業于美國弗吉利亞理工大學獲取博士學位?,F為IEEE高級會員,美國智能自動化公司首席研究員,美國弗吉利亞理工大學兼職教授。石怡博士是國際上知名的無線網絡優化專家,已經在IEEE Transactions on Mobile Computing等著名期刊上和IEEE INFOCOM等著名會議上發表論文150多篇,并主編出版專著1部,參與編寫專著5部。2006年,石博士以華盛頓區第一名的身份獲得由中國政府頒發的“國家優秀自費留學生”的獎勵;2008年和2011年,石博士的論文先后兩次在IEEE INFOCOM會議中獲得最佳論文獎及最佳論文入圍獎。石博士擔任IEEE Communications Surveys and Tutorials編輯,擔任過3個workshop的技術委員會主席和近50個國際會議的技術委員會委員,包括IEEE INFOCOM, ACM MobiHoc, IEEE MILCOM, IEEE ICC, IEEE WCNC, IEEE GLOBECOM等。