Junkun Yuan,Shaofang Zhou,Lanfen Lin,Feng Wang,Jia Cui

DOI: https://doi.org/10.3233/faia200388

2020-01-01

Abstract:For efficient malware detection, there are more and more deep learning methods based on raw software binaries. Recent studies show that deep learning models can easily be fooled to make a wrong decision by introducing subtle perturbations to inputs, which attracts a large influx of work in adversarial attacks. However, most of the existing attack methods are based on manual features (e.g., API calls) or in the white-box setting, making the attacks impractical in current real-world scenarios. In this work, we propose a novel attack framework called GAPGAN, which generates adversarial payloads (padding bytes) with generative adversarial networks (GANs). To the best of our knowledge, it is the first work that performs endto-end black-box attacks at the byte-level against deep learning based malware binaries detection. In our attack framework, we map input discrete malware binaries to continuous space, then feed it to the generator of GAPGAN to generate adversarial payloads. We append payloads to the original binaries to craft an adversarial sample while preserving its functionality. We propose to use a dynamic threshold for reducing the loss of the effectiveness of the payloads when mapping it from continuous format back to the original discrete format. For balancing the attention of the generator to the payloads and the adversarial samples, we use an automatic weight tuning strategy. We train GAPGAN with both malicious and benign software. Once the training is finished, the generator can generate an adversarial sample with only the input malware in less than twenty milliseconds. We apply GAPGAN to attack the state-of-the-art detector MalConv and achieve 100% attack success rate with only appending payloads of 2.5% of the total length of the data for detection. We also attack deep learning models with different structures under different defense methods. The experiments show that GAPGAN outperforms other state-of-the-art attack models in efficiency and effectiveness.

Pouya Samangouei,Maya Kabkab,Rama Chellappa

DOI: https://doi.org/10.48550/arXiv.1805.06605

2018-05-17

Computer Vision and Pattern Recognition

Abstract:In recent years, deep neural network approaches have been widely adopted for machine learning tasks, including classification. However, they were shown to be vulnerable to adversarial perturbations: carefully crafted small perturbations can cause misclassification of legitimate images. We propose Defense-GAN, a new framework leveraging the expressive capability of generative models to defend deep neural networks against such attacks. Defense-GAN is trained to model the distribution of unperturbed images. At inference time, it finds a close output to a given image which does not contain the adversarial changes. This output is then fed to the classifier. Our proposed method can be used with any classification model and does not modify the classifier structure or training procedure. It can also be used as a defense against any attack as it does not assume knowledge of the process for generating the adversarial examples. We empirically show that Defense-GAN is consistently effective against different attack methods and improves on existing defense strategies. Our code has been made publicly available at https://github.com/kabkabm/defensegan

Guanxiong Liu,Issa Khalil,Abdallah Khreishah

DOI: https://doi.org/10.48550/arXiv.1903.02585

IF: 5.414

2019-03-06

Machine Learning

Abstract:Machine learning models, especially neural network (NN) classifiers, are widely used in many applications including natural language processing, computer vision and cybersecurity. They provide high accuracy under the assumption of attack-free scenarios. However, this assumption has been defied by the introduction of adversarial examples -- carefully perturbed samples of input that are usually misclassified. Many researchers have tried to develop a defense against adversarial examples; however, we are still far from achieving that goal. In this paper, we design a Generative Adversarial Net (GAN) based adversarial training defense, dubbed GanDef, which utilizes a competition game to regulate the feature selection during the training. We analytically show that GanDef can train a classifier so it can defend against adversarial examples. Through extensive evaluation on different white-box adversarial examples, the classifier trained by GanDef shows the same level of test accuracy as those trained by state-of-the-art adversarial training defenses. More importantly, GanDef-Comb, a variant of GanDef, could utilize the discriminator to achieve a dynamic trade-off between correctly classifying original and adversarial examples. As a result, it achieves the highest overall test accuracy when the ratio of adversarial examples exceeds 41.7%.

Jean Carlo Soto

DOI: https://doi.org/10.5377/innovare.v12i1.15956

2023-04-15

Abstract:Introduction. Every day we are exposed to all kinds of cyber-threats when we browse the internet, compromising the confidentiality, integrity, and availability of our devices. Cyber-attacks have become more sophisticated and cyber attackers require less technical knowledge to execute such attacks. An automated and well-defined process to counter these attacks becomes urgent. The study aim was to solve this problem. Methods. A model was developed to analyze the information in Packet Capture (PCAP) files and classify network connections as either benign or malicious (malware generated). This software used two methods: traditional machine learning algorithms and neural networks. Our experiments were carried out using the Intrusion Detection Evaluation Dataset (CICIDS2017), which contains labeled samples of PCAP files. We experimented using both raw and standardized data. The classification results were evaluated using recall, precision, F1-score, and accuracy metrics. Results. These were satisfactory for both methods, obtaining more than 95% in the F1-score and recall metric, indicating a low number of false negatives. Conclusion. It was found that data standardization had a favorable impact on all metrics and should be used carefully. Overall, our experiments showed that malicious network traffic can be successfully detected using automated methods achieving above 95% of F1-score in the K-Nearest Neighbors algorithm (K-NN) classifier.

English Else

Zong Fan,Xiaohui Zhang,Su Ruan,Wade Thorstad,Hiram Gay,Pengfei Song,Xiaowei Wang,Hua Li

DOI: https://doi.org/10.1002/mp.17320

2024-07-30

Abstract:Background: Deep learning (DL) techniques have been extensively applied in medical image classification. The unique characteristics of medical imaging data present challenges, including small labeled datasets, severely imbalanced class distribution, and significant variations in imaging quality. Recently, generative adversarial network (GAN)-based classification methods have gained attention for their ability to enhance classification accuracy by incorporating realistic GAN-generated images as data augmentation. However, the performance of these GAN-based methods often relies on high-quality generated images, while large amounts of training data are required to train GAN models to achieve optimal performance. Purpose: In this study, we propose an adversarial learning-based classification framework to achieve better classification performance. Innovatively, GAN models are employed as supplementary regularization terms to support classification, aiming to address the challenges described above. Methods: The proposed classification framework, GAN-DL, consists of a feature extraction network (F-Net), a classifier, and two adversarial networks, specifically a reconstruction network (R-Net) and a discriminator network (D-Net). The F-Net extracts features from input images, and the classifier uses these features for classification tasks. R-Net and D-Net have been designed following the GAN architecture. R-Net employs the extracted feature to reconstruct the original images, while D-Net is tasked with the discrimination between the reconstructed image and the original images. An iterative adversarial learning strategy is designed to guide model training by incorporating multiple network-specific loss functions. These loss functions, serving as supplementary regularization, are automatically derived during the reconstruction process and require no additional data annotation. Results: To verify the model's effectiveness, we performed experiments on two datasets, including a COVID-19 dataset with 13 958 chest x-ray images and an oropharyngeal squamous cell carcinoma (OPSCC) dataset with 3255 positron emission tomography images. Thirteen classic DL-based classification methods were implemented on the same datasets for comparison. Performance metrics included precision, sensitivity, specificity, and F 1 $F_1$ -score. In addition, we conducted ablation studies to assess the effects of various factors on model performance, including the network depth of F-Net, training image size, training dataset size, and loss function design. Our method achieved superior performance than all comparative methods. On the COVID-19 dataset, our method achieved 95.4 % ± 0.6 % $95.4\%\pm 0.6\%$ , 95.3 % ± 0.9 % $95.3\%\pm 0.9\%$ , 97.7 % ± 0.4 % $97.7\%\pm 0.4\%$ , and 95.3 % ± 0.9 % $95.3\%\pm 0.9\%$ in terms of precision, sensitivity, specificity, and F 1 $F_1$ -score, respectively. It achieved 96.2 % ± 0.7 % $96.2\%\pm 0.7\%$ across all these metrics on the OPSCC dataset. The study to investigate the effects of two adversarial networks highlights the crucial role of D-Net in improving model performance. Ablation studies further provide an in-depth understanding of our methodology. Conclusion: Our adversarial-based classification framework leverages GAN-based adversarial networks and an iterative adversarial learning strategy to harness supplementary regularization during training. This design significantly enhances classification accuracy and mitigates overfitting issues in medical image datasets. Moreover, its modular design not only demonstrates flexibility but also indicates its potential applicability to various clinical contexts and medical imaging applications.

Muhammad Rehan Naeem,Rashid Amin,Sultan S Alshamrani,Abdullah Alshehri

DOI: https://doi.org/10.1155/2022/6294058

2022-04-21

Abstract:The most often reported danger to computer security is malware. Antivirus company AV-Test Institute reports that more than 5 million malware samples are created each day. A malware classification method is frequently required to prioritize these occurrences because security teams cannot address all of that malware at once. Malware's variety, volume, and sophistication are all growing at an alarming rate. Hackers and attackers routinely design systems that can automatically rearrange and encrypt their code to escape discovery. Traditional machine learning approaches, in which classifiers learn based on a hand-crafted feature vector, are ineffective for classifying malware. Recently, deep convolutional neural networks (CNNs) successfully identified and classified malware. To categorize malware, a smart system has been suggested in this research. A novel model of deep learning is introduced to categorize malware families and multiclassification. The malware file is converted to a grayscale picture, and the image is then classified using a convolutional neural network. To evaluate the performance of our technique, we used a Microsoft malware dataset of 10,000 samples with nine distinct classifications. The findings stood out among the deep learning models with 99.97% accuracy for nine malware types.

Kathrin Grosse,Praveen Manoharan,Nicolas Papernot,Michael Backes,Patrick McDaniel

DOI: https://doi.org/10.48550/arXiv.1702.06280

2017-02-21

Cryptography and Security

Abstract:Machine Learning (ML) models are applied in a variety of tasks such as network intrusion detection or Malware classification. Yet, these models are vulnerable to a class of malicious inputs known as adversarial examples. These are slightly perturbed inputs that are classified incorrectly by the ML model. The mitigation of these adversarial inputs remains an open problem. As a step towards understanding adversarial examples, we show that they are not drawn from the same distribution than the original data, and can thus be detected using statistical tests. Using thus knowledge, we introduce a complimentary approach to identify specific inputs that are adversarial. Specifically, we augment our ML model with an additional output, in which the model is trained to classify all adversarial inputs. We evaluate our approach on multiple adversarial example crafting methods (including the fast gradient sign and saliency map methods) with several datasets. The statistical test flags sample sets containing adversarial inputs confidently at sample sizes between 10 and 100 data points. Furthermore, our augmented model either detects adversarial examples as outliers with high accuracy (> 80%) or increases the adversary's cost - the perturbation added - by more than 150%. In this way, we show that statistical properties of adversarial examples are essential to their detection.

Wenbo Zheng,Lan Yan,Chao Gou,Fei‐Yue Wang

DOI: https://doi.org/10.1002/int.22372

IF: 8.993

2021-01-26

International Journal of Intelligent Systems

Abstract:<p>Adversarial images generated by generative adversarial networks are not close to any existing benign images, and contain nonrobust features that have been identified as critical to the robustness of a machine learning model. Since adversarial images have an underlying distribution that differs from normal images, these kinds of images can offer valuable features for training a robust model. To deal with these special features, we focus on a novel machine learning task of adversarial images classification, where adversarial images can be used to investigate the problem of classifying adversarial images themselves. In the setting of this novel task, adversarial images are the ONLY kind of data used in training and testing, rather than not just a set of testing images as usual. To this end, we propose a novel spatial–frequency ensemble relation network with generative adversarial learning. First, we present a spatial–frequency ensemble representation learning to extract the feature of training images. Second, we design a meta‐learning‐based relation model to gain the relationship between images. Third, to achieve a robust model, we utilize generative adversarial learning and transform the relationship into a Jacobian matrix. Finally, we design a discriminator model that determines whether an adversarial image is from the matching category or not. Experimental results demonstrate that our approach achieves significantly higher performance compared with other state‐of‐the‐arts.</p>

computer science, artificial intelligence

Ekin D. Cubuk,Barret Zoph,Samuel S. Schoenholz,Quoc V. Le

DOI: https://doi.org/10.48550/arXiv.1711.02846

2017-11-08

Abstract:It is becoming increasingly clear that many machine learning classifiers are vulnerable to adversarial examples. In attempting to explain the origin of adversarial examples, previous studies have typically focused on the fact that neural networks operate on high dimensional data, they overfit, or they are too linear. Here we argue that the origin of adversarial examples is primarily due to an inherent uncertainty that neural networks have about their predictions. We show that the functional form of this uncertainty is independent of architecture, dataset, and training protocol; and depends only on the statistics of the logit differences of the network, which do not change significantly during training. This leads to adversarial error having a universal scaling, as a power-law, with respect to the size of the adversarial perturbation. We show that this universality holds for a broad range of datasets (MNIST, CIFAR10, ImageNet, and random data), models (including state-of-the-art deep networks, linear models, adversarially trained networks, and networks trained on randomly shuffled labels), and attacks (FGSM, step l.l., PGD). Motivated by these results, we study the effects of reducing prediction entropy on adversarial robustness. Finally, we study the effect of network architectures on adversarial sensitivity. To do this, we use neural architecture search with reinforcement learning to find adversarially robust architectures on CIFAR10. Our resulting architecture is more robust to white \emph{and} black box attacks compared to previous attempts.

Machine Learning

Quincy Card,Kshitiz Aryal,Maanak Gupta

2024-05-07

Abstract:In recent years, there has been a surge in malware attacks across critical infrastructures, requiring further research and development of appropriate response and remediation strategies in malware detection and classification. Several works have used machine learning models for malware classification into categories, and deep neural networks have shown promising results. However, these models have shown its vulnerabilities against intentionally crafted adversarial attacks, which yields misclassification of a malicious file. Our paper explores such adversarial vulnerabilities of neural network based malware classification system in the dynamic and online analysis environments. To evaluate our approach, we trained Feed Forward Neural Networks (FFNN) to classify malware categories based on features obtained from dynamic and online analysis environments. We use the state-of-the-art method, SHapley Additive exPlanations (SHAP), for the feature attribution for malware classification, to inform the adversarial attackers about the features with significant importance on classification decision. Using the explainability-informed features, we perform targeted misclassification adversarial white-box evasion attacks using the Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) attacks against the trained classifier. Our results demonstrated high evasion rate for some instances of attacks, showing a clear vulnerability of a malware classifier for such attacks. We offer recommendations for a balanced approach and a benchmark for much-needed future research into evasion attacks against malware classifiers, and develop more robust and trustworthy solutions.

Cryptography and Security

Sudarshana Kerenalli,Vamsidhar Yendapalli,Mylarareddy Chinnaiah

DOI: https://doi.org/10.21512/commit.v17i2.8761

2023-09-06

CommIT (Communication and Information Technology) Journal

Abstract:In court, criminal investigations and identity management tools, like check-in and payment logins, face videos, and photos, are used as evidence more frequently. Although deeply falsified information may be found using deep learning classifiers, block-box decisionmaking makes forensic investigation in criminal trials more challenging. Therefore, the research suggests a three-step classification technique to classify the deceptive deepfake image content. The research examines the visual assessments of an EfficientNet and Shifted Window Transformer (SWinT) hybrid model based on Convolutional Neural Network (CNN) and Transformer architectures. The classifier generality is improved in the first stage using a different augmentation. Then, the hybrid model is developed in the second step by combining the EfficientNet and Shifted Window Transformer architectures. Next, the GradCAM approach for assessing human understanding demonstrates deepfake visual interpretation. In 14,204 images for the validation set, there are 7,096 fake photos and 7,108 real images. In contrast to focusing only on a few discrete face parts, the research shows that the entire deepfake image should be investigated. On a custom dataset of real, Generative Adversarial Networks (GAN)-generated, and human-altered web photos, the proposed method achieves an accuracy of 98.45%, a recall of 99.12%, and a loss of 0.11125. The proposed method successfully distinguishes between real and manipulated images. Moreover, the presented approach can assist investigators in clarifying the composition of the artificially produced material.

Alexander Matyasko,Lap-Pui Chau

DOI: https://doi.org/10.48550/arXiv.1810.12576

IF: 5.414

2018-10-30

Machine Learning

Abstract:Ideally, what confuses neural network should be confusing to humans. However, recent experiments have shown that small, imperceptible perturbations can change the network prediction. To address this gap in perception, we propose a novel approach for learning robust classifier. Our main idea is: adversarial examples for the robust classifier should be indistinguishable from the regular data of the adversarial target. We formulate a problem of learning robust classifier in the framework of Generative Adversarial Networks (GAN), where the adversarial attack on classifier acts as a generator, and the critic network learns to distinguish between regular and adversarial images. The classifier cost is augmented with the objective that its adversarial examples should confuse the adversary critic. To improve the stability of the adversarial mapping, we introduce adversarial cycle-consistency constraint which ensures that the adversarial mapping of the adversarial examples is close to the original. In the experiments, we show the effectiveness of our defense. Our method surpasses in terms of robustness networks trained with adversarial training. Additionally, we verify in the experiments with human annotators on MTurk that adversarial examples are indeed visually confusing. Codes for the project are available at https://github.com/aam-at/adversary_critic.

Casey Kneale,Kolia Sadeghi

DOI: https://doi.org/10.48550/arXiv.1907.11129

IF: 5.414

2019-07-25

Machine Learning

Abstract:On the path to establishing a global cybersecurity framework where each enterprise shares information about malicious behavior, an important question arises. How can a machine learning representation characterizing a cyber attack on one network be used to detect similar attacks on other enterprise networks if each networks has wildly different distributions of benign and malicious traffic? We address this issue by comparing the results of naively transferring a model across network domains and using CORrelation ALignment, to our novel adversarial Siamese neural network. Our proposed model learns attack representations that are more invariant to each network's particularities via an adversarial approach. It uses a simple ranking loss that prioritizes the labeling of the most egregious malicious events correctly over average accuracy. This is appropriate for driving an alert triage workflow wherein an analyst only has time to inspect the top few events ranked highest by the model. In terms of accuracy, the other approaches fail completely to detect any malicious events when models were trained on one dataset are evaluated on another for the first 100 events. While, the method presented here retrieves sizable proportions of malicious events, at the expense of some training instabilities due in adversarial modeling. We evaluate these approaches using 2 publicly available networking datasets, and suggest areas for future research.

Fahad Shamshad,Koushik Srivatsan,Karthik Nandakumar

2023-06-23

Abstract:The ability of generative models to produce highly realistic synthetic face images has raised security and ethical concerns. As a first line of defense against such fake faces, deep learning based forensic classifiers have been developed. While these forensic models can detect whether a face image is synthetic or real with high accuracy, they are also vulnerable to adversarial attacks. Although such attacks can be highly successful in evading detection by forensic classifiers, they introduce visible noise patterns that are detectable through careful human scrutiny. Additionally, these attacks assume access to the target model(s) which may not always be true. Attempts have been made to directly perturb the latent space of GANs to produce adversarial fake faces that can circumvent forensic classifiers. In this work, we go one step further and show that it is possible to successfully generate adversarial fake faces with a specified set of attributes (e.g., hair color, eye size, race, gender, etc.). To achieve this goal, we leverage the state-of-the-art generative model StyleGAN with disentangled representations, which enables a range of modifications without leaving the manifold of natural images. We propose a framework to search for adversarial latent codes within the feature space of StyleGAN, where the search can be guided either by a text prompt or a reference image. We also propose a meta-learning based optimization strategy to achieve transferable performance on unknown target models. Extensive experiments demonstrate that the proposed approach can produce semantically manipulated adversarial fake faces, which are true to the specified attribute set and can successfully fool forensic face classifiers, while remaining undetectable by humans. Code: <a class="link-external link-https" href="https://github.com/koushiksrivats/face_attribute_attack" rel="external noopener nofollow">this https URL</a>.

Computer Vision and Pattern Recognition,Cryptography and Security,Machine Learning

Faiza Babar Khan,Muhammad Hanif Durad,Asifullah Khan,Farrukh Aslam Khan,Muhammad Rizwan,Aftab Ali

DOI: https://doi.org/10.1109/access.2024.3358454

IF: 3.9

2024-03-02

IEEE Access

Abstract:The cyber realm is overwhelmed with dynamic malware that promptly penetrates all defense mechanisms, operates unapprehended to the user, and covertly causes damage to sensitive data. The current generation of cyber users is being victimized by the interpolation of malware each day due to the pervasive progression of Internet connectivity. Malware is dispersed to infiltrate the security, privacy, and integrity of the system. Conventional malware detection systems do not have the potential to detect novel malware without the accessibility of their signatures, which gives rise to a high False Negative Rate (FNR). Previously, there were numerous attempts to address the issue of malware detection, but none of them effectively combined the capabilities of signature-based and machine learning-based detection engines. To address this issue, we have developed an integrated Anti-Malware System (AMS) architecture that incorporates both conventional signature-based detection and AI-based detection modules. Our approach employs a Generative Adversarial Network (GAN) based Malware Classifier Optimizer (MCOGAN) framework, which can optimize a malware classifier. This framework utilizes GANs to generate fabricated benign files that can be used to train external discriminators for optimization purposes. We describe our proposed framework and anti-malware system in detail to provide a better understanding of how a malware detection system works. We evaluate our approach using the Figshare dataset and state-of-the-art models as discriminators. Our results showcase enhanced malware detection performance, yielding a 10% performance boost, thus affirming the efficacy of our approach compared to existing models.

computer science, information systems,telecommunications,engineering, electrical & electronic

Langalibalele Lunga,Suhas Sreehari

2024-11-04

Abstract:Machine learning models are prone to adversarial attacks, where inputs can be manipulated in order to cause misclassifications. While previous research has focused on techniques like Generative Adversarial Networks (GANs), there's limited exploration of GANs and Synthetic Minority Oversampling Technique (SMOTE) in text and image classification models to perform adversarial attacks. Our study addresses this gap by training various machine learning models and using GANs and SMOTE to generate additional data points aimed at attacking text classification models. Furthermore, we extend our investigation to face recognition models, training a Convolutional Neural Network(CNN) and subjecting it to adversarial attacks with fast gradient sign perturbations on key features identified by GradCAM, a technique used to highlight key image characteristics CNNs use in classification. Our experiments reveal a significant vulnerability in classification models. Specifically, we observe a 20 % decrease in accuracy for the top-performing text classification models post-attack, along with a 30 % decrease in facial recognition accuracy. This highlights the susceptibility of these models to manipulation of input data. Adversarial attacks not only compromise the security but also undermine the reliability of machine learning systems. By showcasing the impact of adversarial attacks on both text classification and face recognition models, our study underscores the urgent need for develop robust defenses against such vulnerabilities.

Cryptography and Security,Artificial Intelligence,Computer Vision and Pattern Recognition,Machine Learning

Andrei-Grigore Mari,Daniel Zinca,Virgil Dobrota

DOI: https://doi.org/10.3390/s23031315

IF: 3.9

2023-01-25

Sensors

Abstract:Intrusion detection and prevention are two of the most important issues to solve in network security infrastructure. Intrusion detection systems (IDSs) protect networks by using patterns to detect malicious traffic. As attackers have tried to dissimulate traffic in order to evade the rules applied, several machine learning-based IDSs have been developed. In this study, we focused on one such model involving several algorithms and used the NSL-KDD dataset as a benchmark to train and evaluate its performance. We demonstrate a way to create adversarial instances of network traffic that can be used to evade detection by a machine learning-based IDS. Moreover, this traffic can be used for training in order to improve performance in the case of new attacks. Thus, a generative adversarial network (GAN)—i.e., an architecture based on a deep-learning algorithm capable of creating generative models—was implemented. Furthermore, we tested the IDS performance using the generated adversarial traffic. The results showed that, even in the case of the GAN-generated traffic (which could successfully evade IDS detection), by using the adversarial traffic in the testing process, we could improve the machine learning-based IDS performance.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xu Wang,Yuan Wu

2024-05-28

Abstract:Adversarial training has been instrumental in advancing multi-domain text classification (MDTC). Traditionally, MDTC methods employ a shared-private paradigm, with a shared feature extractor for domain-invariant knowledge and individual private feature extractors for domain-specific knowledge. Despite achieving state-of-the-art results, these methods grapple with the escalating model parameters due to the continuous addition of new domains. To address this challenge, we introduce the Stochastic Adversarial Network (SAN), which innovatively models the parameters of the domain-specific feature extractor as a multivariate Gaussian distribution, as opposed to a traditional weight vector. This design allows for the generation of numerous domain-specific feature extractors without a substantial increase in model parameters, maintaining the model's size on par with that of a single domain-specific extractor. Furthermore, our approach integrates domain label smoothing and robust pseudo-label regularization to fortify the stability of adversarial training and to refine feature discriminability, respectively. The performance of our SAN, evaluated on two leading MDTC benchmarks, demonstrates its competitive edge against the current state-of-the-art methodologies. The code is available at <a class="link-external link-https" href="https://github.com/wangxu0820/SAN" rel="external noopener nofollow">this https URL</a>.

Computation and Language,Machine Learning

Ehsan Nowroozi,Ali Dehghantanha,Reza M. Parizi,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1016/j.cose.2020.102092

2021-01-01

Abstract:<p>Image forensic plays a crucial role in both criminal investigations (e.g., dissemination of fake images to spread racial hate or false narratives about specific ethnicity groups) and civil litigation (e.g., defamation). Increasingly, machine learning approaches are also utilized in image forensics. However, there are also a number of limitations and vulnerabilities associated with machine learning-based approaches, for example how to detect adversarial (image) examples, with real-world consequences (e.g., inadmissible evidence, or wrongful conviction). Therefore, with a focus on image forensics, this paper surveys techniques that can be used to enhance the robustness of machine learning-based binary manipulation detectors in various adversarial scenarios.</p>

computer science, information systems

Naibo Zhu,Guangyu Zhao,Yang Yang,Han Yang,Zhi Liu

DOI: https://doi.org/10.1109/access.2023.3280421

IF: 3.9

2023-01-01

IEEE Access

Abstract:Using deep learning and machine learning techniques for network intrusion detection is of great significance for enhancing the defense capability of network security systems. Given the characteristics of generative adversarial networks, such as the approximate consistency of generated samples with the input data distribution but with a random distribution within a certain bounded interval, and in response to the problem of insufficient classification performance and detection omission caused by the imbalance of different degrees of data categories and quantities in network intrusion traffic, and in light of the fact that the effectiveness of existing classification algorithms based on unbalanced traffic data still has some room for improvement, this paper proposes a network intrusion detection strategy based on auxiliary classifier generative adversarial networks. The data expansion experiments are conducted with the intrusion detection dataset NSL-KDD. The data are classified into twenty-three categories before and after the expansion by binary classification validation. The results show that the expansion of the generated samples for unbalanced network traffic data improve the subsequent recognition effect significantly. Finally, five classification performance index verification experiments are conducted. The results prove that the strategy of this paper performs better in accuracy, precision, recall rate and F-value indexes, and is capable of obtaining a large number of features from limited samples and inferring complete data distribution based on fewer features. The model as a whole has stronger generalization ability and defense effect.

computer science, information systems,telecommunications,engineering, electrical & electronic