subject:(Adversarial attacks)

University of Illinois – Urbana-Champaign

1. Agarwal, Rishika. Adversarial attacks and defenses for generative models.

Degree: MS, Computer Science, 2019, University of Illinois – Urbana-Champaign

► Adversarial Machine learning is a field of research lying at the intersection of Machine Learning and Security, which studies vulnerabilities of Machine learning models that… (more)

Subjects/Keywords: Adversarial Machine learning; generative models; attacks; defenses

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Agarwal, R. (2019). Adversarial attacks and defenses for generative models. (Thesis). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/104943

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Agarwal, Rishika. “Adversarial attacks and defenses for generative models.” 2019. Thesis, University of Illinois – Urbana-Champaign. Accessed March 07, 2021. http://hdl.handle.net/2142/104943.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Agarwal, Rishika. “Adversarial attacks and defenses for generative models.” 2019. Web. 07 Mar 2021.

Vancouver:

Agarwal R. Adversarial attacks and defenses for generative models. [Internet] [Thesis]. University of Illinois – Urbana-Champaign; 2019. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/2142/104943.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Agarwal R. Adversarial attacks and defenses for generative models. [Thesis]. University of Illinois – Urbana-Champaign; 2019. Available from: http://hdl.handle.net/2142/104943

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Texas A&M University

2. He, Yukun. Robust Dynamical Step Adversarial Training Defense for Deep Neural Networks.

Degree: MS, Computer Engineering, 2018, Texas A&M University

URL: http://hdl.handle.net/1969.1/174606

► Although machine learning (ML) algorithms show impressive performance on computer vision tasks, neural networks are still vulnerable to adversarial examples. Adversarial examples typically stay indistinguishable… (more)

Subjects/Keywords: Adversarial Attacks; Adversarial Training; PGD; Dynamical Step; Neural Network; Defense

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

He, Y. (2018). Robust Dynamical Step Adversarial Training Defense for Deep Neural Networks. (Masters Thesis). Texas A&M University. Retrieved from http://hdl.handle.net/1969.1/174606

Chicago Manual of Style (16^th Edition):

He, Yukun. “Robust Dynamical Step Adversarial Training Defense for Deep Neural Networks.” 2018. Masters Thesis, Texas A&M University. Accessed March 07, 2021. http://hdl.handle.net/1969.1/174606.

MLA Handbook (7^th Edition):

He, Yukun. “Robust Dynamical Step Adversarial Training Defense for Deep Neural Networks.” 2018. Web. 07 Mar 2021.

Vancouver:

He Y. Robust Dynamical Step Adversarial Training Defense for Deep Neural Networks. [Internet] [Masters thesis]. Texas A&M University; 2018. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/1969.1/174606.

Council of Science Editors:

He Y. Robust Dynamical Step Adversarial Training Defense for Deep Neural Networks. [Masters Thesis]. Texas A&M University; 2018. Available from: http://hdl.handle.net/1969.1/174606

University of Michigan

3. Xiao, Chaowei. Machine Learning in Adversarial Environments.

Degree: PhD, Computer Science & Engineering, 2020, University of Michigan

URL: http://hdl.handle.net/2027.42/162944

► Machine Learning, especially Deep Neural Nets (DNNs), has achieved great success in a variety of applications. Unlike classical algorithms that could be formally analyzed, there… (more)

▼ Machine Learning, especially Deep Neural Nets (DNNs), has achieved great success in a variety of applications. Unlike classical algorithms that could be formally analyzed, there is less understanding of neural network-based learning algorithms. This lack of understanding through either formal methods or empirical observations results in potential vulnerabilities that could be exploited by adversaries. This also hinders the deployment and adoption of learning methods in security-critical systems. Recent works have demonstrated that DNNs are vulnerable to carefully crafted adversarial perturbations. We refer to data instances with added adversarial perturbations as “adversarial examples”. Such adversarial examples can mislead DNNs to produce adversary-selected results. Furthermore, it can cause a DNN system to misbehavior in unexpected and potentially dangerous ways. In this context, in this thesis, we focus on studying the security problem of current DNNs from the viewpoints of both attack and defense. First, we explore the space of attacks against DNNs during the test time. We revisit the integrity of Lp regime and propose a new and rigorous threat model of adversarial examples. Based on this new threat model, we present the technique to generate adversarial examples in the digital space. Second, we study the physical consequence of adversarial examples in the 3D and physical spaces. We first study the vulnerabilities of various vision systems by simulating the photo0taken process by using the physical renderer. To further explore the physical consequence in the real world, we select the safety-critical application of autonomous driving as the target system and study the vulnerability of the LiDAR-perceptual module. These studies show the potentially severe consequences of adversarial examples and raise awareness on its risks. Last but not least, we develop solutions to defend against adversarial examples. We propose a consistency-check based method to detect adversarial examples by leveraging property of either the learning model or the data. We show two examples in the segmentation task (leveraging learning model) and video data (leveraging the data), respectively. Advisors/Committee Members: Liu, Mingyan (committee member), Corso, Jason (committee member), Fouhey, David Ford (committee member), Li, Bo (committee member), Prakash, Atul (committee member).

Subjects/Keywords: adversarial machine learning; security; adversarial attacks; adversarial examples; defense; Computer Science; Engineering

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Xiao, C. (2020). Machine Learning in Adversarial Environments. (Doctoral Dissertation). University of Michigan. Retrieved from http://hdl.handle.net/2027.42/162944

Chicago Manual of Style (16^th Edition):

Xiao, Chaowei. “Machine Learning in Adversarial Environments.” 2020. Doctoral Dissertation, University of Michigan. Accessed March 07, 2021. http://hdl.handle.net/2027.42/162944.

MLA Handbook (7^th Edition):

Xiao, Chaowei. “Machine Learning in Adversarial Environments.” 2020. Web. 07 Mar 2021.

Vancouver:

Xiao C. Machine Learning in Adversarial Environments. [Internet] [Doctoral dissertation]. University of Michigan; 2020. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/2027.42/162944.

Council of Science Editors:

Xiao C. Machine Learning in Adversarial Environments. [Doctoral Dissertation]. University of Michigan; 2020. Available from: http://hdl.handle.net/2027.42/162944

Vanderbilt University

4. -4180-995X. Enhancing the Robustness of Deep Neural Networks Against Security Threats Using Radial Basis Functions.

Degree: MS, Computer Science, 2020, Vanderbilt University

URL: http://hdl.handle.net/1803/10082

► The ability of deep neural networks (DNNs) to achieve state-of-the-art performance on complicated tasks has increased their adoption in safety-critical cyber physical systems (CPS). However,… (more)

Subjects/Keywords: Neural Network Robustness; Anomalies; Adversarial Attacks; Poisoning Attacks; Radial Basis Functions

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

-4180-995X. (2020). Enhancing the Robustness of Deep Neural Networks Against Security Threats Using Radial Basis Functions. (Masters Thesis). Vanderbilt University. Retrieved from http://hdl.handle.net/1803/10082

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

Chicago Manual of Style (16^th Edition):

-4180-995X. “Enhancing the Robustness of Deep Neural Networks Against Security Threats Using Radial Basis Functions.” 2020. Masters Thesis, Vanderbilt University. Accessed March 07, 2021. http://hdl.handle.net/1803/10082.

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

MLA Handbook (7^th Edition):

-4180-995X. “Enhancing the Robustness of Deep Neural Networks Against Security Threats Using Radial Basis Functions.” 2020. Web. 07 Mar 2021.

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

Vancouver:

-4180-995X. Enhancing the Robustness of Deep Neural Networks Against Security Threats Using Radial Basis Functions. [Internet] [Masters thesis]. Vanderbilt University; 2020. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/1803/10082.

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

Council of Science Editors:

-4180-995X. Enhancing the Robustness of Deep Neural Networks Against Security Threats Using Radial Basis Functions. [Masters Thesis]. Vanderbilt University; 2020. Available from: http://hdl.handle.net/1803/10082

Note: this citation may be lacking information needed for this citation format:
Author name may be incomplete

San Jose State University

5. Mani, Nag. On Adversarial Attacks on Deep Learning Models.

Degree: MS, Computer Science, 2019, San Jose State University

URL: https://doi.org/10.31979/etd.49ee-sknc ; https://scholarworks.sjsu.edu/etd_projects/742

► With recent advancements in the field of artificial intelligence, deep learning has created a niche in the technology space and is being actively used… (more)

Subjects/Keywords: image neural net attacks; adversarial retraining techniques; Artificial Intelligence and Robotics

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Mani, N. (2019). On Adversarial Attacks on Deep Learning Models. (Masters Thesis). San Jose State University. Retrieved from https://doi.org/10.31979/etd.49ee-sknc ; https://scholarworks.sjsu.edu/etd_projects/742

Chicago Manual of Style (16^th Edition):

Mani, Nag. “On Adversarial Attacks on Deep Learning Models.” 2019. Masters Thesis, San Jose State University. Accessed March 07, 2021. https://doi.org/10.31979/etd.49ee-sknc ; https://scholarworks.sjsu.edu/etd_projects/742.

MLA Handbook (7^th Edition):

Mani, Nag. “On Adversarial Attacks on Deep Learning Models.” 2019. Web. 07 Mar 2021.

Vancouver:

Mani N. On Adversarial Attacks on Deep Learning Models. [Internet] [Masters thesis]. San Jose State University; 2019. [cited 2021 Mar 07]. Available from: https://doi.org/10.31979/etd.49ee-sknc ; https://scholarworks.sjsu.edu/etd_projects/742.

Council of Science Editors:

Mani N. On Adversarial Attacks on Deep Learning Models. [Masters Thesis]. San Jose State University; 2019. Available from: https://doi.org/10.31979/etd.49ee-sknc ; https://scholarworks.sjsu.edu/etd_projects/742

University of Illinois – Chicago

6. Biradar, Sachin G. User-Centric Adversarial Perturbations to Protect Privacy in Social Networks.

Degree: 2019, University of Illinois – Chicago

URL: http://hdl.handle.net/10027/23723

► Social media has completely pervaded our lives in the past few years with increased accessibility to the internet. They have drastically changed the way people… (more)

▼ Social media has completely pervaded our lives in the past few years with increased accessibility to the internet. They have drastically changed the way people interact with one another, with users posting extensively on every facet of their lives on these websites. These social networks have become a treasure trove of data, which consequently has led to rapid advancements in the field of social media mining. In the interest of personalizing user experience, highly performant and specialized machine learning models have been developed that have the ability to learn behavioral patterns of users and make reliable predictions about them. However, there have been cases of several organizations leveraging this data to predict user preferences and classify them without the express permission of the users themselves. This has raised huge privacy concerns among users of these social networks. Social networks are typically represented as graphs, with the users being the nodes of the graph and the connections between them being the edges. Recent research has shown how effective deep learning is at analyzing this graph data and accurately performing node (user) classification. This, however, also presents an opportunity to effectively "fool" these models into incorrectly classifying users by making relatively minor changes to their data, a technique commonly known as adversarial example generation. The users in social networks however have no control over other nodes or links between them so they cannot change the whole graph to protect their privacy. But they do have control over their own profile information and friendship links so we propose an user-centric algorithm that shall suggest minimal changes only in user profiles and their links that would result in conventional models misclassifying their node. We find that the algorithm is successful in finding small user-centric adversarial perturbations consistently leading to a strong decrease in performance of graph convolutional networks. This is therefore a viable approach by which users can ensure that their sensitive information remains truly private and cannot be reliably used to any end without their explicit approval. Advisors/Committee Members: Zheleva, Elena (advisor), Kanich, Chris (committee member), Caragea, Cornelia (committee member), Zheleva, Elena (chair).

Subjects/Keywords: Privacy; Social Networks; Adversarial Attacks; Fooling Algorithm; Graph Convolutional Networks

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Biradar, S. G. (2019). User-Centric Adversarial Perturbations to Protect Privacy in Social Networks. (Thesis). University of Illinois – Chicago. Retrieved from http://hdl.handle.net/10027/23723

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Biradar, Sachin G. “User-Centric Adversarial Perturbations to Protect Privacy in Social Networks.” 2019. Thesis, University of Illinois – Chicago. Accessed March 07, 2021. http://hdl.handle.net/10027/23723.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Biradar, Sachin G. “User-Centric Adversarial Perturbations to Protect Privacy in Social Networks.” 2019. Web. 07 Mar 2021.

Vancouver:

Biradar SG. User-Centric Adversarial Perturbations to Protect Privacy in Social Networks. [Internet] [Thesis]. University of Illinois – Chicago; 2019. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/10027/23723.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Biradar SG. User-Centric Adversarial Perturbations to Protect Privacy in Social Networks. [Thesis]. University of Illinois – Chicago; 2019. Available from: http://hdl.handle.net/10027/23723

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Washington

7. Burkard, Cody. Can Intelligent Hyperparameter Selection Improve Resistance to Adversarial Examples?.

Degree: 2017, University of Washington

URL: http://hdl.handle.net/1773/39901

► Convolutional Neural Networks and Deep Learning classification systems in general have been shown to be vulnerable to attack by specially crafted data samples that appear… (more)

Subjects/Keywords: Adversarial Examples; Adversarial Machine Learning; Evasion Attacks; Machine Learning; Neural Networks; Security; Computer science; To Be Assigned

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Burkard, C. (2017). Can Intelligent Hyperparameter Selection Improve Resistance to Adversarial Examples?. (Thesis). University of Washington. Retrieved from http://hdl.handle.net/1773/39901

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Burkard, Cody. “Can Intelligent Hyperparameter Selection Improve Resistance to Adversarial Examples?.” 2017. Thesis, University of Washington. Accessed March 07, 2021. http://hdl.handle.net/1773/39901.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Burkard, Cody. “Can Intelligent Hyperparameter Selection Improve Resistance to Adversarial Examples?.” 2017. Web. 07 Mar 2021.

Vancouver:

Burkard C. Can Intelligent Hyperparameter Selection Improve Resistance to Adversarial Examples?. [Internet] [Thesis]. University of Washington; 2017. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/1773/39901.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Burkard C. Can Intelligent Hyperparameter Selection Improve Resistance to Adversarial Examples?. [Thesis]. University of Washington; 2017. Available from: http://hdl.handle.net/1773/39901

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Toronto

8. Bose, Avishek. Adversarial Attacks on Face Detectors using Neural Net based Constrained Optimization.

Degree: 2018, University of Toronto

URL: http://hdl.handle.net/1807/91439

►

Adversarial attacks involve adding, small, often imperceptible, perturbations to inputs with the goal of getting a machine learning model to misclassifying them. While many different… (more)

Subjects/Keywords: Adversarial Attacks; Computer Vision; Face Detection; Faster R-CNN; Machine Learning; Neural Networks; 0800

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Bose, A. (2018). Adversarial Attacks on Face Detectors using Neural Net based Constrained Optimization. (Masters Thesis). University of Toronto. Retrieved from http://hdl.handle.net/1807/91439

Chicago Manual of Style (16^th Edition):

Bose, Avishek. “Adversarial Attacks on Face Detectors using Neural Net based Constrained Optimization.” 2018. Masters Thesis, University of Toronto. Accessed March 07, 2021. http://hdl.handle.net/1807/91439.

MLA Handbook (7^th Edition):

Bose, Avishek. “Adversarial Attacks on Face Detectors using Neural Net based Constrained Optimization.” 2018. Web. 07 Mar 2021.

Vancouver:

Bose A. Adversarial Attacks on Face Detectors using Neural Net based Constrained Optimization. [Internet] [Masters thesis]. University of Toronto; 2018. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/1807/91439.

Council of Science Editors:

Bose A. Adversarial Attacks on Face Detectors using Neural Net based Constrained Optimization. [Masters Thesis]. University of Toronto; 2018. Available from: http://hdl.handle.net/1807/91439

King Abdullah University of Science and Technology

9. Alfarra, Motasem. Applications of Tropical Geometry in Deep Neural Networks.

Degree: Computer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division, 2020, King Abdullah University of Science and Technology

URL: http://hdl.handle.net/10754/662473

► This thesis tackles the problem of understanding deep neural network with piece- wise linear activation functions. We leverage tropical geometry, a relatively new field in… (more)

Subjects/Keywords: Deep Learning; Deep Neural Networks; Tropical Geometry; Network Pruning; Lottery Ticket Hypothesis; Adversarial Attacks

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Alfarra, M. (2020). Applications of Tropical Geometry in Deep Neural Networks. (Thesis). King Abdullah University of Science and Technology. Retrieved from http://hdl.handle.net/10754/662473

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Alfarra, Motasem. “Applications of Tropical Geometry in Deep Neural Networks.” 2020. Thesis, King Abdullah University of Science and Technology. Accessed March 07, 2021. http://hdl.handle.net/10754/662473.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Alfarra, Motasem. “Applications of Tropical Geometry in Deep Neural Networks.” 2020. Web. 07 Mar 2021.

Vancouver:

Alfarra M. Applications of Tropical Geometry in Deep Neural Networks. [Internet] [Thesis]. King Abdullah University of Science and Technology; 2020. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/10754/662473.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Alfarra M. Applications of Tropical Geometry in Deep Neural Networks. [Thesis]. King Abdullah University of Science and Technology; 2020. Available from: http://hdl.handle.net/10754/662473

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

University of Melbourne

10. Yang, Tianci. Multi-observer approach for estimation and control under adversarial attacks.

Degree: 2019, University of Melbourne

URL: http://hdl.handle.net/11343/227777

► Traditional control systems composed of interconnected controllers, sensors, and actuators use point-to-point communication architectures. This is no longer suitable when new requirements – such as… (more)

▼ Traditional control systems composed of interconnected controllers, sensors, and actuators use point-to-point communication architectures. This is no longer suitable when new requirements – such as modularity, decentralisation of control, integrated diagnostics, quick and easy maintenance, and low cost – are necessary. To meet these requirements, Networked Control Systems (NCSs) have emerged as a technology that combines control, communication, and computation, and offers the necessary flexibility to meet new demands in distributed and large scale systems. However, these new architectures, especially wireless NCSs, are more susceptible to adversarial attacks. For instance, one of the most well-known examples of attacks on NCSs is the StuxNet virus that targeted Siemens' supervisory control and data acquisition systems which are used in many industrial processes. Another very recent incident is the attack on the Ukraine power grid system, where an adversarial attack caused a power outage affecting more than 80,000 people for almost 3 hours. These incidents (and many other not mentioned here) show that there is an acute need for strategic defence mechanisms to identify and deal with adversarial attacks on NCSs. In this thesis, based on sensor and actuator redundancy, we develop a ``multi-observer based estimation framework'' to address the problem of state estimation for discrete-time nonlinear systems with general dynamics under sensor and actuator false data injection attacks. Although there exist results in the literature addressing similar problems, in general, they are only applicable to some specific classes of nonlinear systems. To the best of the author's knowledge, a unifying estimation framework that works for general nonlinear systems in the presence of attacks has not been proposed. The estimation scheme provided here can be applied to a large class of nonlinear systems as long as a bank of observers with certain stability properties exist. Once an estimate of the system states is obtained from the multi-observer estimator, we provide detection and isolation algorithms for attack detection and for identifying attacked sensors and actuators. For nonlinear systems in the presence of sensor attacks, process disturbance and measurement noise, we detect and isolate attacked sensors by designing multiple observers and comparing their estimates. For noise-free nonlinear systems under sensor and actuator attacks, we isolate attacked sensors and actuators by reconstructing the attack signals. Furthermore, for LTI systems, we provide a simple yet effective control method to stabilize the system despite of sensor and actuator attacks by switching off the isolated actuators and closing the system loop with the proposed estimator and a switching output feedback controller. Finally, we use a class of nonlinear systems with positive-slope nonlinearities under sensor attacks and measurement noise as a detailed case study where we provide a deeper discussion about the tools that we propose. In particular, we give…

Subjects/Keywords: networked control systems; cyber-physical systems; adversarial attacks; sensor attacks; actuator attacks; control systems; multi-observer; attack detection and isolation; secure estimation

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Yang, T. (2019). Multi-observer approach for estimation and control under adversarial attacks. (Doctoral Dissertation). University of Melbourne. Retrieved from http://hdl.handle.net/11343/227777

Chicago Manual of Style (16^th Edition):

Yang, Tianci. “Multi-observer approach for estimation and control under adversarial attacks.” 2019. Doctoral Dissertation, University of Melbourne. Accessed March 07, 2021. http://hdl.handle.net/11343/227777.

MLA Handbook (7^th Edition):

Yang, Tianci. “Multi-observer approach for estimation and control under adversarial attacks.” 2019. Web. 07 Mar 2021.

Vancouver:

Yang T. Multi-observer approach for estimation and control under adversarial attacks. [Internet] [Doctoral dissertation]. University of Melbourne; 2019. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/11343/227777.

Council of Science Editors:

Yang T. Multi-observer approach for estimation and control under adversarial attacks. [Doctoral Dissertation]. University of Melbourne; 2019. Available from: http://hdl.handle.net/11343/227777

Delft University of Technology

11. Lelekas, Ioannis (author). Top-Down Networks: A coarse-to-fine reimagination of CNNs.

Degree: 2020, Delft University of Technology

URL: http://resolver.tudelft.nl/uuid:11888a7b-1e54-424d-9daa-8ff48de58345

► Biological vision adopts a coarse-to-fine information processing pathway, from initial visual detection and binding of salient features of a visual scene, to the enhanced and… (more)

Subjects/Keywords: Computer Vision; Deep Learning; Convolutional Neural Networks; Top-Down; Fine-to-Coarse; Coarse-to-Fine; Adversarial attacks; Adversarial robustness; Gradcam; Object localization

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Lelekas, I. (. (2020). Top-Down Networks: A coarse-to-fine reimagination of CNNs. (Masters Thesis). Delft University of Technology. Retrieved from http://resolver.tudelft.nl/uuid:11888a7b-1e54-424d-9daa-8ff48de58345

Chicago Manual of Style (16^th Edition):

Lelekas, Ioannis (author). “Top-Down Networks: A coarse-to-fine reimagination of CNNs.” 2020. Masters Thesis, Delft University of Technology. Accessed March 07, 2021. http://resolver.tudelft.nl/uuid:11888a7b-1e54-424d-9daa-8ff48de58345.

MLA Handbook (7^th Edition):

Lelekas, Ioannis (author). “Top-Down Networks: A coarse-to-fine reimagination of CNNs.” 2020. Web. 07 Mar 2021.

Vancouver:

Lelekas I(. Top-Down Networks: A coarse-to-fine reimagination of CNNs. [Internet] [Masters thesis]. Delft University of Technology; 2020. [cited 2021 Mar 07]. Available from: http://resolver.tudelft.nl/uuid:11888a7b-1e54-424d-9daa-8ff48de58345.

Council of Science Editors:

Lelekas I(. Top-Down Networks: A coarse-to-fine reimagination of CNNs. [Masters Thesis]. Delft University of Technology; 2020. Available from: http://resolver.tudelft.nl/uuid:11888a7b-1e54-424d-9daa-8ff48de58345

George Mason University

12. Bhat, Sahil. Defense Against Cache Based Micro-architectural Side Channel Attacks .

Degree: George Mason University

URL: http://hdl.handle.net/1920/11489

► To overcome the performance overheads incurred by the traditional software-based malware detection techniques, Hardware-assisted Malware Detection (HMD) using machine learning (ML) classi ers has emerged… (more)

▼ To overcome the performance overheads incurred by the traditional software-based malware detection techniques, Hardware-assisted Malware Detection (HMD) using machine learning (ML) classi ers has emerged as a panacea to detect malicious applications and secure the systems. To classify benign and malicious applications, HMD primarily relies on the gener- ated low-level micro-architectural events captured through Hardware Performance Counters (HPCs). Moreover, the hardware security domain in recent years has seen many state-of- the-art cache based side channel attacks (SCAs) which have posed and continue to pose threats to the integrity of our data. These attacks function by exploiting the side-channels which invariably leak important data during various operations of its (application) execution. These attacks have been successful to steal the private keys from RSA encryption by observing the sequence of operations. Shutting down the side channels is not a feasible approach due to various restrictions it would pose to system performance, hence it is neces- sary to reduce the entropy of the side channels to reduce the leakage and thus, thwart such attacks. This work creates an adversarial attack on the HMD systems to tamper the security by introducing the perturbations in the HPC traces with the aid of an adversarial sample generator application. To craft the attack, we rst deploy an adversarial sample predictor to predict the adversarial HPC pattern for a given application to be misclassi ed by the deployed ML classi er in the HMD. Further, as the attacker has no direct access to manipulate the HPCs generated during runtime, based on the output of the adversarial sample predictor, we devise an adversarial sample generator wrapped around a normal application to produce HPC patterns similar to the adversarial predictor HPC trace. As the crafted adversarial sample generator application does not have any malicious operations, it is not detectable with traditional signature-based malware detection solutions. With the proposed attack, malware detection accuracy has been reduced to 18.04% from 82.76%. We also propose a method to minimize the side channel leakage thus thwarting the attack. A wrapper code adds perturbations to the data leaked by the victim application thereby reducing entropy which makes the data on the attacker's side resemble leaked secret data but with perturbations added which makes it arduous to retrieve the original secret data. The wrapper code 'Entropy Shield' can be implemented to protect any encryption algorithm with only a few tweaks. Advisors/Committee Members: Homayoun, Houman (advisor).

Subjects/Keywords: side channel attacks; malware detection; hardware performance counters; hardware security; Flush + Reload; adversarial

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Bhat, S. (n.d.). Defense Against Cache Based Micro-architectural Side Channel Attacks . (Thesis). George Mason University. Retrieved from http://hdl.handle.net/1920/11489

Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Bhat, Sahil. “Defense Against Cache Based Micro-architectural Side Channel Attacks .” Thesis, George Mason University. Accessed March 07, 2021. http://hdl.handle.net/1920/11489.

Note: this citation may be lacking information needed for this citation format:
No year of publication.
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Bhat, Sahil. “Defense Against Cache Based Micro-architectural Side Channel Attacks .” Web. 07 Mar 2021.

Note: this citation may be lacking information needed for this citation format:
No year of publication.

Vancouver:

Bhat S. Defense Against Cache Based Micro-architectural Side Channel Attacks . [Internet] [Thesis]. George Mason University; [cited 2021 Mar 07]. Available from: http://hdl.handle.net/1920/11489.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.

Council of Science Editors:

Bhat S. Defense Against Cache Based Micro-architectural Side Channel Attacks . [Thesis]. George Mason University; Available from: http://hdl.handle.net/1920/11489

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
No year of publication.

13. Chen, Lingwei. Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks.

Degree: PhD, Lane Department of Computer Science and Electrical Engineering, 2019, West Virginia University

URL: https://doi.org/10.33915/etd.3844 ; https://researchrepository.wvu.edu/etd/3844

► With computing devices and the Internet being indispensable in people's everyday life, malware has posed serious threats to their security, making its detection of… (more)

▼ With computing devices and the Internet being indispensable in people's everyday life, malware has posed serious threats to their security, making its detection of utmost concern. To protect legitimate users from the evolving malware attacks, machine learning-based systems have been successfully deployed and offer unparalleled flexibility in automatic malware detection. In most of these systems, resting on the analysis of different content-based features either statically or dynamically extracted from the file samples, various kinds of classifiers are constructed to detect malware. However, besides content-based features, file-to-file relations, such as file co-existence, can provide valuable information in malware detection and make evasion harder. To better understand the properties of file-to-file relations, we construct the file co-existence graph. Resting on the constructed graph, we investigate the semantic relatedness among files, and leverage graph inference, active learning and graph representation learning for malware detection. Comprehensive experimental results on the real sample collections from Comodo Cloud Security Center demonstrate the effectiveness of our proposed learning paradigms. As machine learning-based detection systems become more widely deployed, the incentive for defeating them increases. Therefore, we go further insight into the arms race between adversarial malware attack and defense, and aim to enhance the security of machine learning-based malware detection systems. In particular, we first explore the adversarial attacks under different scenarios (i.e., different levels of knowledge the attackers might have about the targeted learning system), and define a general attack strategy to thoroughly assess the adversarial behaviors. Then, considering different skills and capabilities of the attackers, we propose the corresponding secure-learning paradigms to counter the adversarial attacks and enhance the security of the learning systems while not compromising the detection accuracy. We conduct a series of comprehensive experimental studies based on the real sample collections from Comodo Cloud Security Center and the promising results demonstrate the effectiveness of our proposed secure-learning models, which can be readily applied to other detection tasks. Advisors/Committee Members: Yanfang Ye, Donald Adjeroh, Donald Adjeroh.

Subjects/Keywords: Malware Detection; Machine Learning; Data Mining; File-to-file Relations; Adversarial Attacks and Defenses; Information Security

…4.17 Different scenarios of the adversarial attacks. With the direction of the inward arrow… …the adversarial attacks are depicted with the knowledge of (X, D̂), (X, D… …of AdvAttack and other adversarial attacks: OriginalClassifier (0), different… …adversarial attacks (Method 1 - 4) and AdvAttack (5)… …opponents. To be resilient against the malware attacks, we analyze the general adversarial…

10 more images…

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Chen, L. (2019). Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks. (Doctoral Dissertation). West Virginia University. Retrieved from https://doi.org/10.33915/etd.3844 ; https://researchrepository.wvu.edu/etd/3844

Chicago Manual of Style (16^th Edition):

Chen, Lingwei. “Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks.” 2019. Doctoral Dissertation, West Virginia University. Accessed March 07, 2021. https://doi.org/10.33915/etd.3844 ; https://researchrepository.wvu.edu/etd/3844.

MLA Handbook (7^th Edition):

Chen, Lingwei. “Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks.” 2019. Web. 07 Mar 2021.

Vancouver:

Chen L. Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks. [Internet] [Doctoral dissertation]. West Virginia University; 2019. [cited 2021 Mar 07]. Available from: https://doi.org/10.33915/etd.3844 ; https://researchrepository.wvu.edu/etd/3844.

Council of Science Editors:

Chen L. Intelligent Malware Detection Using File-to-file Relations and Enhancing its Security against Adversarial Attacks. [Doctoral Dissertation]. West Virginia University; 2019. Available from: https://doi.org/10.33915/etd.3844 ; https://researchrepository.wvu.edu/etd/3844

14. Sanchez Vicarte, Jose Rodrigo. Game of threads: Enabling asynchronous poisoning attacks.

Degree: MS, Electrical & Computer Engr, 2019, University of Illinois – Urbana-Champaign

URL: http://hdl.handle.net/2142/106293

► As data sizes continue to grow at an unprecedented rate, machine learning training is being forced to adopt asynchronous training algorithms to maintain performance and… (more)

Subjects/Keywords: adversarial machine learning trusted execution environment SGX operating systems multi-processing asynchronous stochastic gradient descent poisoning attacks machine learning

…implications of asynchronous training algorithms on machine learning model integrity in adversarial… …TEEs should in theory defeat integrity attacks given even a supervisor level adversary. For… …conventional poisoning attacks [25, 26, 27, 28, 29, 30], which attempt to influence model… …TEEs, this work introduces asynchronous poisoning attacks (APAs), which show how… …integrity attacks are still possible even when asynchronous training runs within TEEs.1 APAs are…

7 more images…

Record Details Similar Records Cite « Share

❌

APA · Chicago · MLA · Vancouver · CSE | Export to Zotero / EndNote / Reference Manager

APA (6^th Edition):

Sanchez Vicarte, J. R. (2019). Game of threads: Enabling asynchronous poisoning attacks. (Thesis). University of Illinois – Urbana-Champaign. Retrieved from http://hdl.handle.net/2142/106293

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Chicago Manual of Style (16^th Edition):

Sanchez Vicarte, Jose Rodrigo. “Game of threads: Enabling asynchronous poisoning attacks.” 2019. Thesis, University of Illinois – Urbana-Champaign. Accessed March 07, 2021. http://hdl.handle.net/2142/106293.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

MLA Handbook (7^th Edition):

Sanchez Vicarte, Jose Rodrigo. “Game of threads: Enabling asynchronous poisoning attacks.” 2019. Web. 07 Mar 2021.

Vancouver:

Sanchez Vicarte JR. Game of threads: Enabling asynchronous poisoning attacks. [Internet] [Thesis]. University of Illinois – Urbana-Champaign; 2019. [cited 2021 Mar 07]. Available from: http://hdl.handle.net/2142/106293.

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

Council of Science Editors:

Sanchez Vicarte JR. Game of threads: Enabling asynchronous poisoning attacks. [Thesis]. University of Illinois – Urbana-Champaign; 2019. Available from: http://hdl.handle.net/2142/106293

Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation

		in
And / Or
		in
And / Or
		in
And / Or
		in

Open Access Theses and Dissertations