Pub Date : 2024-09-01Epub Date: 2024-01-22DOI: 10.1109/tdsc.2024.3356811
Ahmed Akhtar, Masoud Barati, Basit Shafiq, Omer Rana, Ayesha Afzal, Jaideep Vaidya, Shafay Shamail
The use of blockchain technology has been proposed to provide auditable access control for individual resources. Unlike the case where all resources are owned by a single organization, this work focuses on distributed applications such as business processes and distributed workflows. These applications are often composed of multiple resources/services that are subject to the security and access control policies of different organizational domains. Here, blockchains provide an attractive decentralized solution to provide auditability. However, the underlying access control policies may have event-driven constraints and can be overlapping in terms of the component conditions/rules as well as events. Existing work cannot handle event-driven constraints and does not sufficiently account for overlaps leading to significant overhead in terms of cost and computation time for evaluating authorizations over the blockchain. In this work, we propose an automata-theoretic approach for generating a cost-efficient composite access control policy. We reduce this composite policy generation problem to the standard weighted set cover problem. We show that the composite policy correctly captures all the local access control policies and reduces the policy evaluation cost over the blockchain. We have implemented the initial prototype of our approach using Ethereum as the underlying blockchain and empirically validated the effectiveness and efficiency of our approach. Ablation studies were conducted to determine the impact of changes in individual service policies on the overall cost.
{"title":"Blockchain Based Auditable Access Control For Business Processes With Event Driven Policies.","authors":"Ahmed Akhtar, Masoud Barati, Basit Shafiq, Omer Rana, Ayesha Afzal, Jaideep Vaidya, Shafay Shamail","doi":"10.1109/tdsc.2024.3356811","DOIUrl":"https://doi.org/10.1109/tdsc.2024.3356811","url":null,"abstract":"<p><p>The use of blockchain technology has been proposed to provide auditable access control for individual resources. Unlike the case where all resources are owned by a single organization, this work focuses on distributed applications such as business processes and distributed workflows. These applications are often composed of multiple resources/services that are subject to the security and access control policies of different organizational domains. Here, blockchains provide an attractive decentralized solution to provide auditability. However, the underlying access control policies may have event-driven constraints and can be overlapping in terms of the component conditions/rules as well as events. Existing work cannot handle event-driven constraints and does not sufficiently account for overlaps leading to significant overhead in terms of cost and computation time for evaluating authorizations over the blockchain. In this work, we propose an automata-theoretic approach for generating a cost-efficient composite access control policy. We reduce this composite policy generation problem to the standard weighted set cover problem. We show that the composite policy correctly captures all the local access control policies and reduces the policy evaluation cost over the blockchain. We have implemented the initial prototype of our approach using Ethereum as the underlying blockchain and empirically validated the effectiveness and efficiency of our approach. Ablation studies were conducted to determine the impact of changes in individual service policies on the overall cost.</p>","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"21 5","pages":"4699-4716"},"PeriodicalIF":7.0,"publicationDate":"2024-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11466010/pdf/","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142464053","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-12-14DOI: 10.1109/TDSC.2023.3334516
Jämes Ménétrey, Marcelo Pasin, Pascal Felber, V. Schiavoni, Giovanni Mazzeo, Arne Hollum, Darshan Vaydia
In real-world scenarios, trusted execution environments (TEEs) frequently host applications that lack the trust of the infrastructure provider, as well as data owners who have specifically outsourced their data for remote processing. We present Twine, a trusted runtime for running WebAssembly-compiled applications within TEEs, establishing a two-way sandbox. Twine leverages memory safety guarantees of WebAssembly (Wasm) and abstracts the complexity of TEEs, empowering the execution of legacy and language-agnostic applications. It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O. Additionally, through built-in TEE mechanisms, Twine delivers attestation capabilities to ensure the integrity of the runtime and the OS services supplied to the application. We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions. A case study involving fintech company Credora reveals that Twine can be deployed in production with reasonable performance trade-offs, ranging from a 0.7x slowdown to a 1.17x speedup compared to native run time. Finally, we identify performance improvement through library optimisation, showcasing one such adjustment that leads up to 4.1x speedup. Twine is open-source and has been upstreamed into the original Wasm runtime, WAMR.
{"title":"A Comprehensive Trusted Runtime for WebAssembly with Intel SGX","authors":"Jämes Ménétrey, Marcelo Pasin, Pascal Felber, V. Schiavoni, Giovanni Mazzeo, Arne Hollum, Darshan Vaydia","doi":"10.1109/TDSC.2023.3334516","DOIUrl":"https://doi.org/10.1109/TDSC.2023.3334516","url":null,"abstract":"In real-world scenarios, trusted execution environments (TEEs) frequently host applications that lack the trust of the infrastructure provider, as well as data owners who have specifically outsourced their data for remote processing. We present Twine, a trusted runtime for running WebAssembly-compiled applications within TEEs, establishing a two-way sandbox. Twine leverages memory safety guarantees of WebAssembly (Wasm) and abstracts the complexity of TEEs, empowering the execution of legacy and language-agnostic applications. It extends the standard WebAssembly system interface (WASI), providing controlled OS services, focusing on I/O. Additionally, through built-in TEE mechanisms, Twine delivers attestation capabilities to ensure the integrity of the runtime and the OS services supplied to the application. We evaluate its performance using general-purpose benchmarks and real-world applications, showing it compares on par with state-of-the-art solutions. A case study involving fintech company Credora reveals that Twine can be deployed in production with reasonable performance trade-offs, ranging from a 0.7x slowdown to a 1.17x speedup compared to native run time. Finally, we identify performance improvement through library optimisation, showcasing one such adjustment that leads up to 4.1x speedup. Twine is open-source and has been upstreamed into the original Wasm runtime, WAMR.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"15 2","pages":""},"PeriodicalIF":7.3,"publicationDate":"2023-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139002834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2022.3233862
Pinchang Zhang, Yulin Teng, Yulong Shen, Xiaohong Jiang, Fu Xiao
This article proposes a tag-based approach for physical (PHY)-layer authentication in a reconfigurable intelligent surface (RIS) communication system. We first extract the intrinsic PHY-layer features of RIS communication systems in terms of channel gain and background noise, and then apply these PHY-layer features, a random signal as well as the private key of the transmitter to construct a robust cover tag signal against the impersonation attack. We adopt an asymmetric cryptography technique to encrypt tagged signals and to resist against unauthorized detection and tampering attacks during the transmission process. The receiver then applies the maximum a-posteriori (MAP) ratio test to conduct authentication based on the received tag signal, a reference tag signal transmitted in training phase and the knowledge of distributions of the channel gain, background noise and the random signal. We also provide security analysis to demonstrate how the proposed scheme can resist unauthorized detection, tampering attacks, etc. With the help of tools of the MAP ratio test, maximum likelihood estimation, we further analyze the distribution of the test statistics and derive analytical models for the false alarm and detection probabilities. Finally, extensive simulations are conducted to verify the theoretical results and to illustrate the performance of the proposed scheme.
{"title":"Tag-Based PHY-Layer Authentication for RIS-Assisted Communication Systems","authors":"Pinchang Zhang, Yulin Teng, Yulong Shen, Xiaohong Jiang, Fu Xiao","doi":"10.1109/tdsc.2022.3233862","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3233862","url":null,"abstract":"This article proposes a tag-based approach for physical (PHY)-layer authentication in a reconfigurable intelligent surface (RIS) communication system. We first extract the intrinsic PHY-layer features of RIS communication systems in terms of channel gain and background noise, and then apply these PHY-layer features, a random signal as well as the private key of the transmitter to construct a robust cover tag signal against the impersonation attack. We adopt an asymmetric cryptography technique to encrypt tagged signals and to resist against unauthorized detection and tampering attacks during the transmission process. The receiver then applies the maximum a-posteriori (MAP) ratio test to conduct authentication based on the received tag signal, a reference tag signal transmitted in training phase and the knowledge of distributions of the channel gain, background noise and the random signal. We also provide security analysis to demonstrate how the proposed scheme can resist unauthorized detection, tampering attacks, etc. With the help of tools of the MAP ratio test, maximum likelihood estimation, we further analyze the distribution of the test statistics and derive analytical models for the false alarm and detection probabilities. Finally, extensive simulations are conducted to verify the theoretical results and to illustrate the performance of the proposed scheme.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4778-4792"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62409154","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2022.3228908
Lingling Lu, Z. Wen, Ye Yuan, Binru Dai, Peng Qian, Changting Lin, Qinming He, Zhenguang Liu, Jianhai Chen, R. Ranjan
Blockchain, a distributed and shared ledger, provides a credible and transparent solution to increase application auditability by querying the immutable records written in the ledger. Unfortunately, existing query APIs offered by the blockchain are inflexible and unscalable. Some studies propose off-chain solutions to provide more flexible and scalable query services. However, the query service providers (SPs) may deliver fake results without executing the real computation tasks and collude to cheat users. In this article, we propose a novel intelligent blockchain analytics platform termed iQuery, in which we design a game theory based smart contract to ensure the trustworthiness of the query results at a reasonable monetary cost. Furthermore, the contract introduces the second opinion game that employs a randomized SP selection approach coupled with non-ordered asynchronous querying primitive to prevent collusion. We achieve a fixed price equilibrium, destroy the economic foundation of collusion, and can incentivize all rational SPs to act diligently with proper financial rewards. In particular, iQuery can flexibly support semantic and analytical queries for generic consortium or public blockchains, achieving query scalability to massive blockchain data. Extensive experimental evaluations show that iQuery is significantly faster than state-of-the-art systems. Specifically, in terms of the conditional, analytical, and multi-origin query semantics, iQuery is 2 ×, 7 ×, and 1.5 × faster than advanced blockchain and blockchain databases. Meanwhile, to guarantee 100% trustworthiness, only two copies of query results need to be verified in iQuery, while iQuery's latency is $2 sim 134$2∼134 × smaller than the state-of-the-art systems.
{"title":"iQuery: A Trustworthy and Scalable Blockchain Analytics Platform","authors":"Lingling Lu, Z. Wen, Ye Yuan, Binru Dai, Peng Qian, Changting Lin, Qinming He, Zhenguang Liu, Jianhai Chen, R. Ranjan","doi":"10.1109/tdsc.2022.3228908","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3228908","url":null,"abstract":"Blockchain, a distributed and shared ledger, provides a credible and transparent solution to increase application auditability by querying the immutable records written in the ledger. Unfortunately, existing query APIs offered by the blockchain are inflexible and unscalable. Some studies propose off-chain solutions to provide more flexible and scalable query services. However, the query service providers (SPs) may deliver fake results without executing the real computation tasks and collude to cheat users. In this article, we propose a novel intelligent blockchain analytics platform termed <sc>iQuery</sc>, in which we design a game theory based smart contract to ensure the trustworthiness of the query results at a reasonable monetary cost. Furthermore, the contract introduces the second opinion game that employs a randomized SP selection approach coupled with non-ordered asynchronous querying primitive to prevent collusion. We achieve a fixed price equilibrium, destroy the economic foundation of collusion, and can incentivize all rational SPs to act diligently with proper financial rewards. In particular, <sc>iQuery</sc> can flexibly support semantic and analytical queries for generic consortium or public blockchains, achieving query scalability to massive blockchain data. Extensive experimental evaluations show that <sc>iQuery</sc> is significantly faster than state-of-the-art systems. Specifically, in terms of the conditional, analytical, and multi-origin query semantics, <sc>iQuery</sc> is 2 ×, 7 ×, and 1.5 × faster than advanced blockchain and blockchain databases. Meanwhile, to guarantee 100% trustworthiness, only two copies of query results need to be verified in <sc>iQuery</sc>, while <sc>iQuery</sc>'s latency is <inline-formula><tex-math notation=\"LaTeX\">$2 sim 134$</tex-math><alternatives><mml:math><mml:mrow><mml:mn>2</mml:mn><mml:mo>∼</mml:mo><mml:mn>134</mml:mn></mml:mrow></mml:math><inline-graphic xlink:href=\"wen-ieq1-3228908.gif\"/></alternatives></inline-formula> × smaller than the state-of-the-art systems.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4578-4592"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62407390","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Acquiring and analyzing exploits, which take advantage of vulnerabilities to conduct malicious actions, are crucial for victims (and defenders) when responding to system compromising incidents. However, exploits are sensitive and valuable assets that are not available to victims. The most common resource available for victims to investigate is network traffic, which covers the exploitation period. Thus reconstructing exploits from network traffic is demanded. In practice, the reconstruction process is performed manually, thus inefficient and non-scalable. In this article, we present an automated solution TAICHI to reconstruct exploits from network traffic, able to generate replica exploits and facilitate timely incident analysis. By nature, a working exploit has to satisfy (1) path constraints which ensure the program path same as the original exploit's is explored and the same vulnerability is triggered, and (2) exploit constraints which ensure the same exploitation strategy is applied, e.g., to bypass deployed defenses or to stitch multiple gadgets together. We propose a hybrid solution to this problem by integrating techniques including multi-version execution (MVE), dynamic taint analysis (DTA), and concolic execution. We have implemented a prototype of TAICHI on x86 and x86-64 Linux and tested it on the Cyber Grand Challenge (CGC) dataset, several Capture the Flag (CTF) challenges, and Metasploit exploit modules targeting real world applications. The evaluation results showed that TAICHI could reconstruct exploits efficiently with a high success rate. Moreover, it could be applied to production environments without disrupting running services, and could reconstruct exploits even if only one round of exploitation traffic is available.
{"title":"TAICHI: Transform Your Secret Exploits Into Mine From a Victim’s Perspective","authors":"Zhongyu Pei, Xingman Chen, Songtao Yang, Haixin Duan, Chao Zhang","doi":"10.1109/tdsc.2022.3191693","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3191693","url":null,"abstract":"Acquiring and analyzing exploits, which take advantage of vulnerabilities to conduct malicious actions, are crucial for victims (and defenders) when responding to system compromising incidents. However, exploits are sensitive and valuable assets that are not available to victims. The most common resource available for victims to investigate is network traffic, which covers the exploitation period. Thus reconstructing exploits from network traffic is demanded. In practice, the reconstruction process is performed manually, thus inefficient and non-scalable. In this article, we present an automated solution TAICHI to reconstruct exploits from network traffic, able to generate replica exploits and facilitate timely incident analysis. By nature, a working exploit has to satisfy (1) path constraints which ensure the program path same as the original exploit's is explored and the same vulnerability is triggered, and (2) exploit constraints which ensure the same exploitation strategy is applied, e.g., to bypass deployed defenses or to stitch multiple gadgets together. We propose a hybrid solution to this problem by integrating techniques including multi-version execution (MVE), dynamic taint analysis (DTA), and concolic execution. We have implemented a prototype of TAICHI on x86 and x86-64 Linux and tested it on the Cyber Grand Challenge (CGC) dataset, several Capture the Flag (CTF) challenges, and Metasploit exploit modules targeting real world applications. The evaluation results showed that TAICHI could reconstruct exploits efficiently with a high success rate. Moreover, it could be applied to production environments without disrupting running services, and could reconstruct exploits even if only one round of exploitation traffic is available.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"5278-5292"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62406244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2023.3239615
Mingyan Xiao, Ming Li, Jennifer Jie Zhang
Data is becoming the world's most valuable asset and the ultimate renewable resource. This phenomenon has led to online personal data markets where data owners and collectors engage in the data sale and purchase. From the collector's standpoint, a key question is how to set a proper pricing rule that brings profitable tradings. One feasible solution is to set the price slightly above the owner's data cost. Nonetheless, data cost is generally unknown by the collector as being the owner's private information. To bridge this gap, we propose a novel learning algorithm, modified stochastic gradient descent (MSGD) that infers the owner's cost model from her interactions with the collector. To protect owners’ data privacy during trading, we employ the framework of local differential privacy (LDP) that allows owners to perturb their genuine data and trading behaviors. The vital challenge is how the collector can derive the accurate cost model from noisy knowledge gathered from owners. For this, MSGD relies on auxiliary parameters to correct biased gradients caused by noise. We formally prove that the proposed MSGD algorithm produces a sublinear regret of $mathcal {O}(T^{frac{5}{6}}sqrt{log (T^{frac{1}{3}})})$O(T56log(T13)). The effectiveness of our design is further validated via a series of in-person experiments that involve 30 volunteers.
{"title":"Locally Differentially Private Personal Data Markets Using Contextual Dynamic Pricing Mechanism","authors":"Mingyan Xiao, Ming Li, Jennifer Jie Zhang","doi":"10.1109/tdsc.2023.3239615","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3239615","url":null,"abstract":"Data is becoming the world's most valuable asset and the ultimate renewable resource. This phenomenon has led to online personal data markets where data owners and collectors engage in the data sale and purchase. From the collector's standpoint, a key question is how to set a proper pricing rule that brings profitable tradings. One feasible solution is to set the price slightly above the owner's data cost. Nonetheless, data cost is generally unknown by the collector as being the owner's private information. To bridge this gap, we propose a novel learning algorithm, modified stochastic gradient descent (MSGD) that infers the owner's cost model from her interactions with the collector. To protect owners’ data privacy during trading, we employ the framework of local differential privacy (LDP) that allows owners to perturb their genuine data and trading behaviors. The vital challenge is how the collector can derive the accurate cost model from noisy knowledge gathered from owners. For this, MSGD relies on auxiliary parameters to correct biased gradients caused by noise. We formally prove that the proposed MSGD algorithm produces a sublinear regret of <inline-formula><tex-math notation=\"LaTeX\">$mathcal {O}(T^{frac{5}{6}}sqrt{log (T^{frac{1}{3}})})$</tex-math><alternatives><mml:math><mml:mrow><mml:mi mathvariant=\"script\">O</mml:mi><mml:mo>(</mml:mo><mml:msup><mml:mi>T</mml:mi><mml:mfrac><mml:mn>5</mml:mn><mml:mn>6</mml:mn></mml:mfrac></mml:msup><mml:msqrt><mml:mrow><mml:mo form=\"prefix\">log</mml:mo><mml:mo>(</mml:mo><mml:msup><mml:mi>T</mml:mi><mml:mfrac><mml:mn>1</mml:mn><mml:mn>3</mml:mn></mml:mfrac></mml:msup><mml:mo>)</mml:mo></mml:mrow></mml:msqrt><mml:mo>)</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"xiao-ieq1-3239615.gif\"/></alternatives></inline-formula>. The effectiveness of our design is further validated via a series of in-person experiments that involve 30 volunteers.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"5043-5055"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410028","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Federated learning (FL) protects training data in clients by collaboratively training local machine learning models of clients for a global model, instead of directly feeding the training data to the server. However, existing studies show that FL is vulnerable to various attacks, resulting in training data leakage or interfering with the model training. Specifically, an adversary can analyze local gradients and the global model to infer clients’ data, and poison local gradients to generate an inaccurate global model. It is extremely challenging to guarantee strong privacy protection of training data while ensuring the robustness of model training. None of the existing studies can achieve the goal. In this paper, we propose a robust privacy-preserving federated learning framework (PILE), which protects the privacy of local gradients and global models, while ensuring their correctness by gradient verification where the server verifies the computation process of local gradients. In PILE, we develop a verifiable perturbation scheme that makes confidential local gradients verifiable for gradient verification. In particular, we build two building blocks of zero-knowledge proofs for the gradient verification without revealing both local gradients and global models. We perform rigorous theoretical analysis that proves the security of PILE and evaluate PILE on both passive and active membership inference attacks. The experiment results show that the attack accuracy under PILE is between $[50.3%,50.9%]$[50.3%,50.9%], which is close to the random guesses. Particularly, compared to prior defenses that incur the accuracy losses ranging from 2% to 13%, the accuracy loss of PILE is negligible, i.e., only $pm 0.3%$±0.3% accuracy loss.
{"title":"PILE: Robust Privacy-Preserving Federated Learning via Verifiable Perturbations","authors":"Xiangyun Tang, Meng Shen, Qi Li, Liehuang Zhu, Tengfei Xue, Qiang Qu","doi":"10.1109/tdsc.2023.3239007","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3239007","url":null,"abstract":"Federated learning (FL) protects training data in clients by collaboratively training local machine learning models of clients for a global model, instead of directly feeding the training data to the server. However, existing studies show that FL is vulnerable to various attacks, resulting in training data leakage or interfering with the model training. Specifically, an adversary can analyze local gradients and the global model to infer clients’ data, and poison local gradients to generate an inaccurate global model. It is extremely challenging to guarantee strong privacy protection of training data while ensuring the robustness of model training. None of the existing studies can achieve the goal. In this paper, we propose a robust privacy-preserving federated learning framework (PILE), which protects the privacy of local gradients and global models, while ensuring their correctness by gradient verification where the server verifies the computation process of local gradients. In PILE, we develop a verifiable perturbation scheme that makes confidential local gradients verifiable for gradient verification. In particular, we build two building blocks of zero-knowledge proofs for the gradient verification without revealing both local gradients and global models. We perform rigorous theoretical analysis that proves the security of PILE and evaluate PILE on both passive and active membership inference attacks. The experiment results show that the attack accuracy under PILE is between <inline-formula><tex-math notation=\"LaTeX\">$[50.3%,50.9%]$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>[</mml:mo><mml:mn>50</mml:mn><mml:mo>.</mml:mo><mml:mn>3</mml:mn><mml:mo>%</mml:mo><mml:mo>,</mml:mo><mml:mn>50</mml:mn><mml:mo>.</mml:mo><mml:mn>9</mml:mn><mml:mo>%</mml:mo><mml:mo>]</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"tang-ieq1-3239007.gif\"/></alternatives></inline-formula>, which is close to the random guesses. Particularly, compared to prior defenses that incur the accuracy losses ranging from 2% to 13%, the accuracy loss of PILE is negligible, i.e., only <inline-formula><tex-math notation=\"LaTeX\">$pm 0.3%$</tex-math><alternatives><mml:math><mml:mrow><mml:mo>±</mml:mo><mml:mn>0</mml:mn><mml:mo>.</mml:mo><mml:mn>3</mml:mn><mml:mo>%</mml:mo></mml:mrow></mml:math><inline-graphic xlink:href=\"tang-ieq2-3239007.gif\"/></alternatives></inline-formula> accuracy loss.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"5005-5023"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410364","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2022.3233519
Wei Guo, Benedetta Tondi, Mauro Barni
We propose a stealthy clean-label video backdoor attack against Deep Learning (DL)-based models aiming at detecting a particular class of spoofing attacks, namely video rebroadcast attacks. The injected backdoor does not affect spoofing detection in normal conditions, but induces a misclassification in the presence of a specific triggering signal. The proposed backdoor relies on a temporal trigger altering the average chrominance of the video sequence. The backdoor signal is designed by taking into account the peculiarities of the Human Visual System (HVS) to reduce the visibility of the trigger, thus increasing the stealthiness of the backdoor. To force the network to look at the presence of the trigger in the challenging clean-label scenario, we choose the poisoned samples used for the injection of the backdoor following a so-called Outlier Poisoning Strategy (OPS). According to OPS, the triggering signal is inserted in the training samples that the network finds more difficult to classify. The effectiveness of the proposed backdoor attack and its generality are validated experimentally on different datasets and anti-spoofing rebroadcast detection architectures.
{"title":"A Temporal Chrominance Trigger for Clean-Label Backdoor Attack Against Anti-Spoof Rebroadcast Detection","authors":"Wei Guo, Benedetta Tondi, Mauro Barni","doi":"10.1109/tdsc.2022.3233519","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3233519","url":null,"abstract":"We propose a stealthy clean-label video backdoor attack against Deep Learning (DL)-based models aiming at detecting a particular class of spoofing attacks, namely video rebroadcast attacks. The injected backdoor does not affect spoofing detection in normal conditions, but induces a misclassification in the presence of a specific triggering signal. The proposed backdoor relies on a temporal trigger altering the average chrominance of the video sequence. The backdoor signal is designed by taking into account the peculiarities of the Human Visual System (HVS) to reduce the visibility of the trigger, thus increasing the stealthiness of the backdoor. To force the network to look at the presence of the trigger in the challenging clean-label scenario, we choose the poisoned samples used for the injection of the backdoor following a so-called Outlier Poisoning Strategy (OPS). According to OPS, the triggering signal is inserted in the training samples that the network finds more difficult to classify. The effectiveness of the proposed backdoor attack and its generality are validated experimentally on different datasets and anti-spoofing rebroadcast detection architectures.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136103084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Despite achieving exceptional performance, deep neural networks (DNNs) suffer from the harassment caused by adversarial examples, which are produced by corrupting clean examples with tiny perturbations. Many powerful defense methods have been presented such as training data augmentation and input reconstruction which, however, usually rely on the prior knowledge of the targeted models or attacks. In this paper, we propose a novel approach for detecting adversarial images, which can protect any pre-trained DNN classifiers and resist an endless stream of new attacks. Specifically, we first adopt a dual autoencoder to project images to a latent space. The dual autoencoder uses the self-supervised learning to ensure that small modifications to samples do not significantly alter their latent representations. Next, the mutual information neural estimation is utilized to enhance the discrimination of the latent representations. We then leverage the prior distribution matching to regularize the latent representations. To easily compare the representations of examples in the two spaces, and not rely on the prior knowledge of the targeted model, a simple fully connected neural network is used to embed the learned representations into an eigenspace, which is consistent with the output eigenspace of the targeted model. Through the distribution similarity of an input example in the two eigenspaces, we can judge whether the input example is adversarial or not. Extensive experiments on MNIST, CIFAR-10, and ImageNet show that the proposed method has superior defense performance and transferability than state-of-the-arts.
{"title":"Detecting Adversarial Examples on Deep Neural Networks with Mutual Information Neural Estimation","authors":"Song Gao, Ruxin Wang, Xiaoxuan Wang, Shui Yu, Yunyun Dong, Shao-qing Yao, Wei Zhou","doi":"10.1109/tdsc.2023.3241428","DOIUrl":"https://doi.org/10.1109/tdsc.2023.3241428","url":null,"abstract":"Despite achieving exceptional performance, deep neural networks (DNNs) suffer from the harassment caused by adversarial examples, which are produced by corrupting clean examples with tiny perturbations. Many powerful defense methods have been presented such as training data augmentation and input reconstruction which, however, usually rely on the prior knowledge of the targeted models or attacks. In this paper, we propose a novel approach for detecting adversarial images, which can protect any pre-trained DNN classifiers and resist an endless stream of new attacks. Specifically, we first adopt a dual autoencoder to project images to a latent space. The dual autoencoder uses the self-supervised learning to ensure that small modifications to samples do not significantly alter their latent representations. Next, the mutual information neural estimation is utilized to enhance the discrimination of the latent representations. We then leverage the prior distribution matching to regularize the latent representations. To easily compare the representations of examples in the two spaces, and not rely on the prior knowledge of the targeted model, a simple fully connected neural network is used to embed the learned representations into an eigenspace, which is consistent with the output eigenspace of the targeted model. Through the distribution similarity of an input example in the two eigenspaces, we can judge whether the input example is adversarial or not. Extensive experiments on MNIST, CIFAR-10, and ImageNet show that the proposed method has superior defense performance and transferability than state-of-the-arts.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"5168-5181"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62410172","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-01DOI: 10.1109/tdsc.2022.3233703
F. Kaiser, Uriel Dardik, Aviad Elitzur, Polina Zilberman, Nir Daniel, M. Wiens, F. Schultmann, Y. Elovici, Rami Puzis
Cyber threat intelligence on past attacks may help with attack reconstruction and the prediction of the course of an ongoing attack by providing deeper understanding of the tools and attack patterns used by attackers. Therefore, cyber security analysts employ threat intelligence, alert correlations, machine learning, and advanced visualizations in order to produce sound attack hypotheses. In this article, we present AttackDB, a multi-level threat knowledge base that combines data from multiple threat intelligence sources to associate high-level ATT&CK techniques with low-level telemetry found in behavioral malware reports. We also present the Attack Hypothesis Generator which relies on knowledge graph traversal algorithms and a variety of link prediction methods to automatically infer ATT&CK techniques from a set of observable artifacts. Results of experiments performed with 53K VirusTotal reports indicate that the proposed algorithms employed by the Attack Hypothesis Generator are able to produce accurate adversarial technique hypotheses with a mean average precision greater than 0.5 and area under the receiver operating characteristic curve of over 0.8 when it is implemented on the basis of AttackDB. The presented toolkit will help analysts to improve the accuracy of attack hypotheses and to automate the attack hypothesis generation process.
{"title":"Attack Hypotheses Generation Based on Threat Intelligence Knowledge Graph","authors":"F. Kaiser, Uriel Dardik, Aviad Elitzur, Polina Zilberman, Nir Daniel, M. Wiens, F. Schultmann, Y. Elovici, Rami Puzis","doi":"10.1109/tdsc.2022.3233703","DOIUrl":"https://doi.org/10.1109/tdsc.2022.3233703","url":null,"abstract":"Cyber threat intelligence on past attacks may help with attack reconstruction and the prediction of the course of an ongoing attack by providing deeper understanding of the tools and attack patterns used by attackers. Therefore, cyber security analysts employ threat intelligence, alert correlations, machine learning, and advanced visualizations in order to produce sound attack hypotheses. In this article, we present AttackDB, a multi-level threat knowledge base that combines data from multiple threat intelligence sources to associate high-level ATT&CK techniques with low-level telemetry found in behavioral malware reports. We also present the Attack Hypothesis Generator which relies on knowledge graph traversal algorithms and a variety of link prediction methods to automatically infer ATT&CK techniques from a set of observable artifacts. Results of experiments performed with 53K VirusTotal reports indicate that the proposed algorithms employed by the Attack Hypothesis Generator are able to produce accurate adversarial technique hypotheses with a mean average precision greater than 0.5 and area under the receiver operating characteristic curve of over 0.8 when it is implemented on the basis of AttackDB. The presented toolkit will help analysts to improve the accuracy of attack hypotheses and to automate the attack hypothesis generation process.","PeriodicalId":13047,"journal":{"name":"IEEE Transactions on Dependable and Secure Computing","volume":"1 1","pages":"4793-4809"},"PeriodicalIF":7.3,"publicationDate":"2023-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"62409085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号