Xinjing Liu,Zhuo Ma,Yang Liu,Zhan Qin,Junwei Zhang,Zhuzhu Wang

DOI: https://doi.org/10.1007/978-3-031-17140-6_30

2022-01-01

Abstract:Recent works developed an emerging attack, called Model Stealing (MS), to steal the functionalities of remote models, rendering the privacy of cloud-based machine learning services under threat. In this paper, we propose a new defense against MS attacks, using Semantic Inspection (called SeInspect). SeInspect mainly achieves two breakthroughs in this line of work. First, state-of-the-art MS attacks tend to craft malicious queries within a distribution close to benign ones. Such a characteristic increases the stealthiness of these attacks and makes them able to circumvent most of the existing MS defenses. In SeInspect, we introduce a semantic feature based detection method to amplify the query distribution discrepancy between malicious and benign users. Thus, SeInspect can detect stealthy MS attacks with a higher detection rate than existing defenses. Second, in our evaluation, we notice that existing defenses cause significantly increased response latency of model service due to repetfitive user-by-user inspection (e.g., increased by 7.01 times for PRADA, EuroS&P 2019). To mitigate the problem, we propose to analyze semantic features with a two-layer defense mechanism. The first layer can achieve a "quickshot" on users in batches and pick out all potentially malicious users. Then, the second layer identifies the attacker in a user-by-user manner. In our evaluation, we experiment with SeInspect on eight typical MS attacks. The result shows that SeInspect can detect two more attacks than prior works while reducing latency by at least 54.00%.

Chenlong Zhang,Senlin Luo,Limin Pan,Chuan Lu,Zhao Zhang

DOI: https://doi.org/10.1016/j.compeleceng.2024.109266

IF: 4.152

2024-05-05

Computers & Electrical Engineering

Abstract:Reduced distinguishability significantly challenges the detection of Model Stealing (MS). Existing methods for identifying MS attacks exhibit key limitations: (1) Sample-level detection methods that use fixed feature thresholds often inadvertently include benign samples or overlook malicious ones; (2) Distribution-level detection methods with static divergence benchmarks may misclassify benign query samples that deviate from these benchmarks This paper introduces GuardNet, an innovative model stealing detection method. By combining boundary features with inter-sample distance features, GuardNet more precisely identifies malicious sample pairs and employs distribution divergences to adjust decision thresholds, thus enhancing its detection capabilities. The method incorporates a variational autoencoder to reconstruct query samples and uses the Wasserstein distance between pre- and post-reconstruction samples as a measure of distribution divergences, effectively minimizing the influence of distribution shifts on benign query samples. Experimental results indicate that this approach significantly reduces the number of adversarial queries and markedly decreases false positives.

engineering, electrical & electronic,computer science, interdisciplinary applications, hardware & architecture

Yiming Li,Linghui Zhu,Xiaojun Jia,Yong Jiang,Shu-Tao Xia,Xiaochun Cao

DOI: https://doi.org/10.1609/aaai.v36i2.20036

2022-01-01

Proceedings of the AAAI Conference on Artificial Intelligence

Abstract:Obtaining a well-trained model involves expensive data collection and training procedures, therefore the model is a valuable intellectual property. Recent studies revealed that adversaries can `steal' deployed models even when they have no training samples and can not get access to the model parameters or structures. Currently, there were some defense methods to alleviate this threat, mostly by increasing the cost of model stealing. In this paper, we explore the defense from another angle by verifying whether a suspicious model contains the knowledge of defender-specified external features. Specifically, we embed the external features by tempering a few training samples with style transfer. We then train a meta-classifier to determine whether a model is stolen from the victim. This approach is inspired by the understanding that the stolen models should contain the knowledge of features learned by the victim model. We examine our method on both CIFAR-10 and ImageNet datasets. Experimental results demonstrate that our method is effective in detecting different types of model stealing simultaneously, even if the stolen model is obtained via a multi-stage stealing process. The codes for reproducing main results are available at Github (https://github.com/zlh-thu/StealingVerification).

Kaisheng Fan,Weizhe Zhang,Guangrui Liu,Hui He

DOI: https://doi.org/10.1186/s42400-023-00171-y

2023-01-01

Abstract:Intrusion detection systems are increasingly using machine learning. While machine learning has shown excellent performance in identifying malicious traffic, it may increase the risk of privacy leakage. This paper focuses on implementing a model stealing attack on intrusion detection systems. Existing model stealing attacks are hard to implement in practical network environments, as they either need private data of the victim dataset or frequent access to the victim model. In this paper, we propose a novel solution called Fast Model Stealing Attack (FMSA) to address the problem in the field of model stealing attacks. We also highlight the risks of using ML-NIDS in network security. First, meta-learning frameworks are introduced into the model stealing algorithm to clone the victim model in a black-box state. Then, the number of accesses to the target model is used as an optimization term, resulting in minimal queries to achieve model stealing. Finally, adversarial training is used to simulate the data distribution of the target model and achieve the recovery of privacy data. Through experiments on multiple public datasets, compared to existing state-of-the-art algorithms, FMSA reduces the number of accesses to the target model and improves the accuracy of the clone model on the test dataset to 88.9% and the similarity with the target model to 90.1%. We can demonstrate the successful execution of model stealing attacks on the ML-NIDS system even with protective measures in place to limit the number of anomalous queries.

Haifeng Lin,Qilin Xue,Jiayin Feng,Di Bai

DOI: https://doi.org/10.1016/j.dcan.2022.09.021

IF: 6.348

2023-02-01

Digital Communications and Networks

Abstract:With the rapid development of the Internet of Things (IoT), there are several challenges pertaining to security in IoT applications. Compared with the characteristics of the traditional Internet, the IoT has many problems, such as large assets, complex and diverse structures, and lack of computing resources. Traditional network intrusion detection systems cannot meet the security needs of IoT applications. In view of this situation, this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance. Usually, traditional intrusion detection algorithms require considerable time for training, and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes; therefore, it is necessary to study intrusion detection algorithms with low weights, short training time, and high detection accuracy for deployment and application on cloud nodes. An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats. This paper discusses the problems related to IoT intrusion prevention in cloud computing environments. Based on the analysis of cloud computing security threats, this study extensively explores IoT intrusion detection, cloud node monitoring, and intrusion response in cloud computing environments by using cloud computing, an improved extreme learning machine, and other methods. We use the Multi-Feature Extraction Extreme Learning Machine (MFE-ELM) algorithm for cloud computing, which adds a multi-feature extraction process to cloud servers, and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes. In our simulation experiments, a classical dataset for intrusion detection is selected as a test, and test steps such as data preprocessing, feature engineering, model training, and result analysis are performed. The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes. Furthermore, it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time, so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.

Zeyu Li,Yuwen Pu,Xuhong Zhang,Yu Li,Jinbao Li,Shouling Ji

DOI: https://doi.org/10.24963/ijcai.2024/48

2024-01-01

Abstract:The model extraction attack is an attack pattern aimed at stealing well-trained machine learning models' functionality or privacy information. With the gradual popularization of AI-related technologies in daily life, various well-trained models are being deployed. As a result, these models are considered valuable assets and attractive to model extraction attackers. Currently, the academic community primarily focuses on defense for model extraction attacks in the context of classification, with little attention to the more commonly used task scenario of object detection. Therefore, we propose a detection framework targeting model extraction attacks against object detection models in this paper. The framework first locates suspicious users based on feature coverage in query traffic and uses an active verification module to confirm whether the identified suspicious users are attackers. Through experiments conducted in multiple task scenarios, we validate the effectiveness and detection efficiency of the proposed method.

Yueqin Ge,Yali Gao,Xiaoyong Li,Binsi Cai,Jinwen Xi,Shui Yu

DOI: https://doi.org/10.1109/jiot.2024.3413580

2024-01-01

Abstract:In the Internet of Things (IoT) scenario, the device diversity and data sparsity present a significant challenge for malicious traffic detection, notably the "small sample problem" where insufficient data hampers the performance of the deep learning methods that depend on large volumes of labeled data for training. Transfer learning (TL) has the capability to transfer knowledge from a label-rich but heterogeneous domain to a label-sparse domain, making it a powerful tool for addressing challenges in IoT malicious traffic detection. To address these challenges, we introduce the EMTD-SSC model, a novel enhanced malicious traffic detection model that leverages TL under small sample conditions in IoT environments. Initially, our approach includes a comprehensive labeled data set that merges a small-scale IoT intrusion detection domain with the traditional intrusion detection domain to enrich semantic information transfer from the source to target domains. The EMTD-SSC model employs dual residual convolutional autoencoders for robust feature extraction and transfer, incorporating skip connections to expedite the model convergence and minimize information loss. Furthermore, to optimize transfer efficiency, we minimize the multilayer multi kernel maximum mean discrepancy (MLMK-MMD) across corresponding network layers, facilitating effective domain adaptation. Through unsupervised training and subsequent fine tuning on the target domain data, the model significantly enhances anomaly detection capabilities. Extensive experiments on the two well-known public data sets demonstrate that the EMTD-SSC model's effectiveness, achieving an impressive 94.8% accuracy in the binary classification tasks.

Ruitao Feng,Sen Li,Sen Chen,Mengmeng Ge,Xuewei Li,Xiaohong Li

DOI: https://doi.org/10.1145/3652032.3657577

2024-01-01

Abstract:Current methods for classifying IoT malware predominantly utilize binary and family classifications. However, these outcomes lack the detailed granularity to describe malicious behavior comprehensively. This limitation poses challenges for security analysts, failing to support further analysis and timely preventive actions. To achieve fine-grained malicious behavior identification in the lurking stage of IoT malware, we propose MaGraMal. This approach, leveraging masked graph representation, supplements traditional classification methodology, empowering analysts with critical insights for rapid responses. Through the empirical study, which took three person-months, we identify and summarize four fine-grained malicious behaviors during the lurking stage, constructing an annotated dataset. Our evaluation of 224 algorithm combinations results in an optimized model for IoT malware, achieving an accuracy of 75.83%. The maximum improvement brought by the hybrid features and graph masking achieves 5% and 4.16%, respectively. The runtime overhead analysis showcases MaGraMal’s superiority over the existing dynamic analysis-based detection tool (12x faster). This pioneering work combines machine learning and static features for malicious behavior profiling.

Mingcheng Ling,Weimin Qi,Di Chang,Xia Zhang,Chi Zhang

DOI: https://doi.org/10.1117/12.2690061

2023-01-01

Abstract:As the security issues of Internet of Things (IoTs) are rapidly evolving, machine learning techniques are increasingly adopted for detecting and preventing cyber threats. Recent machine learning based approaches (e.g., anomaly detection, intrusion detection, and predictive analytics) are being utilized in IoTs security. With the proliferation of IoTs devices, it is crucial to develop scalable and effective security solutions to keep pace with the changing threat landscape. This paper proposes a novel NSM (Network Sparsification Modeling) approach for identifying and categorizing cybersecurity threats in the cloud and IoTs environment. The proposed NSM algorithm is to optimize the Kullback-Leilber divergence based on higher-order spanning k-tree modeling process. The NSM model is capable of detecting cybersecurity threats in the cloud and IoTs setting by converting raw data into a meaningful format. The performance of the NSM model was evaluated using CICIDS 2017 dataset. The testing results prove that NSM model is state-of-the-art by outperforming others. Future deep-learning approaches are capable to integrate in the ML-based NSM model for further enhancement.

Yilei Wang,Chunmei Li,Yiting Zhang,Tao Li,Jianting Ning,Keke Gai,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/jiot.2024.3367689

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:Cryptojacking is a new type of Internet of Things (IoT) attack, where an attacker hijacks the computing power of IoT devices, such as wireless routers, smart TVs, set-top boxes, or cameras, to mine cryptocurrencies, e.g., PyRoMineIoT. The attackers launch selfish mining-like (SM-like) attacks to obtain lucrative mining rewards with the stolen computing power, once the power exceeds a threshold. Generally, a single deep learning (DL) model with a single feature (e.g., fork height) is trained to detect SM-like attacks. However, the existing model fails to detect every SM-like attack since the model training ignores other distinctive features (e.g., mining rewards and blocking rate) of SM-like attacks. In this article, SM-NEEDLE, an ensemble DL (NEEDLE) method is proposed to detect SM-like attacks. More specifically, the distinctive features are extracted from the blockchain system, where SM-like simulators emulate the strategies of SM-like attacks. Further, to circumvent the local optima problem caused by the single DL model (e.g., Back-Propagation Neural Network, BPNN), the SM-NEEDLE trains multiple BPNNs with these distinctive features. Evaluation results indicate the accuracy and false negative rate (FNR) of SM-NEEDLE for detecting SM-like attacks (including SM1 and its variants) are 98.9% and 1.48%, respectively. That is, 98.9% of SM-like attacks are correctly identified and only 1.48% of attacks are undetectable.

Dawit Dejene Bikila,Jan Čapek

DOI: https://doi.org/10.1016/j.future.2024.107630

IF: 7.307

2024-12-03

Future Generation Computer Systems

Abstract:The number of Internet of Things (IoT) device connections is increasing rapidly as IoT applications are vital in any operation. IoT must maintain safe internet access that withstands various malicious attacks for instance Recon, Mirai, Distributed Denial of Service (DDoS), and Spoofing which has gained much attention. Intelligently changing and zero-day attacks are emerging every day. This highlights the need for intelligent security solutions tailored specifically to this technology. Various Machine Learning (ML) based approaches have been utilized for intrusion detection to tackle IoT attacks. However, the flaws of current attack detection and feature extraction techniques result in low detection accuracy. Thus, it hindered their real-world applications and highlighted the need for a lightweight and computationally robust model trained and assessed on a recent datasets. Therefore, this work proposed an attack detection model trained and validated using the CICIoT2023 and CICIDS2017 datasets. Initially, data preprocessing is done then features are extracted by using an unsupervised Elastic Deep Autoencoder (EDA) with optimum hyperparameters. Further, the Extreme Gradient Boosting (XGBoost) binary classifier is tuned by the Grey Wolf Optimizer (GWO) and fed extracted feature sets to classify attacks. The results of the experiments show the effectiveness of our model with a higher detection accuracy in both datasets. Finally, the performance comparison confirmed that the results of the proposed work is competitive with other state-of-the-art method in securing IoT infrastructures.

computer science, theory & methods

Mohanad Sarhan,Siamak Layeghy,Marius Portmann

DOI: https://doi.org/10.48550/arXiv.2108.12732

2022-11-23

Abstract:Internet of Things (IoT) networks have become an increasingly attractive target of cyberattacks. Powerful Machine Learning (ML) models have recently been adopted to implement network intrusion detection systems to protect IoT networks. For the successful training of such ML models, selecting the right data features is crucial, maximising the detection accuracy and computational efficiency. This paper comprehensively analyses feature sets' importance and predictive power for detecting network attacks. Three feature selection algorithms: chi-square, information gain and correlation, have been utilised to identify and rank data features. The attributes are fed into two ML classifiers: deep feed-forward and random forest, to measure their attack detection performance. The experimental evaluation considered three datasets: UNSW-NB15, CSE-CIC-IDS2018, and ToN-IoT in their proprietary flow format. In addition, the respective variants in NetFlow format were also considered, i.e., NF-UNSW-NB15, NF-CSE-CIC-IDS2018, and NF-ToN-IoT. The experimental evaluation explored the marginal benefit of adding individual features. Our results show that the accuracy initially increases rapidly with adding features but converges quickly to the maximum. This demonstrates a significant potential to reduce the computational and storage cost of intrusion detection systems while maintaining near-optimal detection accuracy. This has particular relevance in IoT systems, with typically limited computational and storage resources.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Wenjuan Lian,Guoqing Nie,Yanyan Kang,Bin Jia,Yang Zhang

DOI: https://doi.org/10.23919/jcc.2022.02.014

2022-02-01

China Communications

Abstract:In recent years, with the increase in the price of cryptocurrencies, the number of malicious cryptomining software has increased significantly. With their powerful spreading ability, cryptomining malware can unknowingly occupy our resources, harm our interests, and damage more legitimate assets. However, although current traditional rule-based malware detection methods have a low false alarm rate, they have a relatively low detection rate when faced with a large volume of emerging malware. Even though common machine learning-based or deep learning-based methods have certain ability to learn and detect unknown malware, the characteristics they learn are single and independent, and cannot be learned adaptively. Aiming at the above problems, we propose a deep learning model with multi-input of multi-modal features, which can simultaneously accept digital features and image features on different dimensions. The model in turn includes parallel learning of three sub-models and ensemble learning of another specific sub-model. The four sub-models can be processed in parallel on different devices and can be further applied to edge computing environments. The model can adaptively learn multi-modal features and output prediction results. The detection rate of our model is as high as 97.01% and the false alarm rate is only 0.63%. The experimental results prove the advantage and effectiveness of the proposed method.

telecommunications

Peifeng Liang,Lina Yang,Zenggang Xiong,Xuemin Zhang,Gang Liu

DOI: https://doi.org/10.1109/jiot.2024.3369034

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) technology and systems have penetrated every aspect of our lives and generated enormous economic benefits. At the same time, research on the data security of IoT systems has been one of the key topics in IoT fields. Network attacks and intrusions have become the main threats to the data security of the IoTs, which have become the main obstacles to the development and application of the IoTs. In this article, we propose an intrusions and attack detection model to ensure the data security of IoT systems by using the Transformer model and multiwavelets learning. Based on the architecture of IoT systems, we first proposed a multi-level intrusion detection model to detect attack data in the cloud layer and edge terminal layer. In this detection model, a Transformer model and discrete wavelet transform (DWT) based approach is proposed to ensure the effectiveness and accuracy of the model. To extract and make full use of frequency information of traffic data in an IoT network, we embed DWT technique and multiwavelets learning into the Transformer model to propose a novel DWT-based Transformer architecture, which achieves outstanding performance in detecting intrusion actions. Simulating on IoT system in laboratory environment, the proposed security prediction model achieves pretty good performance in predicting intrusion actions.

computer science, information systems,telecommunications,engineering, electrical & electronic

Run Yang,Hui He,Yixiao Xu,Bangzhou Xin,Yulong Wang,Yue Qu,Weizhe Zhang

DOI: https://doi.org/10.1016/j.comnet.2023.109724

IF: 5.493

2023-01-01

Computer Networks

Abstract:The Internet of Things (IoT) is increasingly utilized in daily life and industrial production, particularly in critical infrastructures. IoT cybersecurity has an effect on people’s safety, national security, and economic growth. However, the traditional cloud-based centralized intrusion detection methods cannot satisfy the demands for data privacy, network load, and timely response. In this article, we proposed an efficient intrusion detection method based on cloud–edge collaboration. The approach can reduce computational workload to speed up model training, prevent data privacy leakage, enrich training data, and detect attacks unknown to local edge devices. Specifically, stacked sparse autoencoder (SSAE) is first utilized for data dimensionality reduction to overcome the bottleneck of resource constraints on edge devices. Second, considering the long-term serial characteristics of IoT traffic data, the temporal convolutional network (TCN) model is employed to detect attack; Finally, the cloud–edge collaboration architecture based on federated learning is used to coordinate multi-party training intrusion detection models. It fills the gap of missed detection by intrusion detection models due to data silos. Experiments show that our method reduced the training time, storage and memory required for the model training process by more than 50%, respectively, but the detection accuracy is close to centralized trained models. The model trained based on cloud–edge collaboration can identify attacks unknown to local edge devices.

Lei Cui,Lei Guo,Longxiang Gao,Borui Cai,Youyang Qu,Yipeng Zhou,Shui Yu

DOI: https://doi.org/10.1109/tii.2021.3089976

IF: 12.3

2022-01-01

IEEE Transactions on Industrial Informatics

Abstract:The advanced metering infrastructure in modern networked smart homes brings various advantages, such as multiple pricing and energy scheduling. However, smart homes are vulnerable to many cyberattacks, and the most striking one is energy theft. Researchers have developed many countermeasures, fostered by advanced machine learning (ML) techniques. Nevertheless, recent advances are not robust enough in practice, partially due to the vulnerabilities of employed ML algorithms. Given a group of smart homes, in this article, we present a covert electricity theft strategy through mimicking normal consumption patterns and compromising neighboring meters concurrently. Such attack is almost impossible to be detected by existing solutions as the manipulated data have little deviation against honest usage records. To address this threat, we initially identify and define two levels of consumption deviations: home-level and interpersonal-level, respectively. Then, we design a feature extraction scheme that can capture the correlation between attacks and honest customers. Finally, we develop a new deep learning-based detection model. Extensive experiments based on real-world datasets show that the presented attack could evade existing mainstream detectors but still gain high profits. In addition, the proposed countermeasure outperforms state-of-the-art detection methods.

Afsaneh Mahanipour,Hana Khamfroush

2024-04-30

Abstract:The integration of Internet of Things (IoT) applications in our daily lives has led to a surge in data traffic, posing significant security challenges. IoT applications using cloud and edge computing are at higher risk of cyberattacks because of the expanded attack surface from distributed edge and cloud services, the vulnerability of IoT devices, and challenges in managing security across interconnected systems leading to oversights. This led to the rise of ML-based solutions for intrusion detection systems (IDSs), which have proven effective in enhancing network security and defending against diverse threats. However, ML-based IDS in IoT systems encounters challenges, particularly from noisy, redundant, and irrelevant features in varied IoT datasets, potentially impacting its performance. Therefore, reducing such features becomes crucial to enhance system performance and minimize computational costs. This paper focuses on improving the effectiveness of ML-based IDS at the edge level by introducing a novel method to find a balanced trade-off between cost and accuracy through the creation of informative features in a two-tier edge-user IoT environment. A hybrid Binary Quantum-inspired Artificial Bee Colony and Genetic Programming algorithm is utilized for this purpose. Three IoT intrusion detection datasets, namely NSL-KDD, UNSW-NB15, and BoT-IoT, are used for the evaluation of the proposed approach.

Cryptography and Security,Machine Learning,Neural and Evolutionary Computing

Xiaoheng Deng,Haowen Tang,Xinjun Pei,Deng Li,Kaiping Xue

DOI: https://doi.org/10.1109/tifs.2023.3318947

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the coming of the Internet of Things (IoT) era, malware attacks targeting IoT networks have posed serious threats to users. Recently, the emerging of edge computing have paved the way for new data processing paradigms in IoT networks, but it is still a challenge for deploying malware detection systems on the IoT devices. This paper develops an IoT malware detection system based on trust hybrid user-edge evaluation, namely MDHE. This system decomposes a large and complex deep learning model into two parts, which are deployed on edge servers and end devices, respectively. Specifically, a trust evaluation mechanism is used to select the trusted devices to participate the model training. Moreover, we develop a private feature generation that leverages a graph mining technology to extract the subgraph features, which then are perturbed by leveraging the differential privacy technology to prevent user privacy from leaking. Finally, we reconstruct the perturbed features on edge server, and propose a Capsule Network (CapsNet) to identify malware. Experimental results show that MDHE can effectively detect malware. Specifically, it can reduce sensitive inference while maintaining the utility of data.

computer science, theory & methods,engineering, electrical & electronic

Ali Ghubaish,Zebo Yang,Aiman Erbad,Raj Jain

2024-04-20

Abstract:Intrusion detection systems (IDS) for the Internet of Things (IoT) systems can use AI-based models to ensure secure communications. IoT systems tend to have many connected devices producing massive amounts of data with high dimensionality, which requires complex models. Complex models have notorious problems such as overfitting, low interpretability, and high computational complexity. Adding model complexity penalty (i.e., regularization) can ease overfitting, but it barely helps interpretability and computational efficiency. Feature engineering can solve these issues; hence, it has become critical for IDS in large-scale IoT systems to reduce the size and dimensionality of data, resulting in less complex models with excellent performance, smaller data storage, and fast detection. This paper proposes a new feature engineering method called LEMDA (Light feature Engineering based on the Mean Decrease in Accuracy). LEMDA applies exponential decay and an optional sensitivity factor to select and create the most informative features. The proposed method has been evaluated and compared to other feature engineering methods using three IoT datasets and four AI/ML models. The results show that LEMDA improves the F1 score performance of all the IDS models by an average of 34% and reduces the average training and detection times in most cases.

Cryptography and Security,Artificial Intelligence,Machine Learning

Xueluan Gong,Qian Wang,Yanjiao Chen,Wang Yang,Xinchang Jiang

DOI: https://doi.org/10.1109/mcom.001.2000196

IF: 9.03

2020-12-01

IEEE Communications Magazine

Abstract:Machine learning models have achieved state-of-the-art performance in various fields, from image classification to speech recognition. However, such models are trained with a large amount of sensitive training data, and are typically computationally expensive to build. As a result, many cloud providers (e.g., Google) have launched machine-learning-as-a-service, which helps clients benefit from the sophisticated cloud-based machine learning models via accessing public APIs. Such a business paradigm significantly expedites and simplifies the development circles. Unfortunately, the commercial value of such cloud-based machine learning models motivates attackers to conduct model extraction attacks for free use or as a springboard to conduct other attacks (e.g., craft adversarial examples in black-box settings). In this article, we conduct a thorough investigation of existing approaches to model extraction attacks and defenses on cloud-based models. We classify the state-of-the-art attack schemes into two categories based on whether the attacker aims to steal the property (i.e., parameters, hyperparameters, and architecture) or the functionality of the model. We also categorize defending schemes into two groups based on whether the scheme relies on output disturbance or query observation. We not only present a detailed survey of each method, but also demonstrate the comparison of both attack and defense approaches via experiments. We highlight several future directions in both model extraction attacks and its defenses, which shed light on possible avenues for further studies.

telecommunications,engineering, electrical & electronic