Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653049
Jaime C. Acosta, Stephanie Medina, J. Ellis, Luisana Clarke, Veronica Rivas, Allison Newcomb
Cybersecurity network data curation is the collection, labeling, and packaging of datasets that contain artifacts that are important in the cybersecurity domain. These assets are essential for cybersecurity research and key for defense technologies and systems to detect and respond to anomalies caused by adversaries. However, tools for data curation are lacking in all domains of cybersecurity, including enterprise and the military. Curation fuels empirical research and validation of protection, detection, and prevention techniques. Closing the gap will require the development of research-driven tools and technologies that facilitate and enforce not only collection and labeling, but also standardization and distribution. This paper describes a novel tool, called the Network Data Curation Toolkit (NDCT), which simplifies the process of collecting network traffic, keystrokes, mouse clicks; allows network packet labeling; automatically generates intrusion detection rules; and provides a visualization of results. Moreover, the tool has a built-in mechanism for exporting all data into a single distributable file. The tool is modular to allow extension and to facilitate its incorporation into existing workflows. We demonstrate the use of NDCT in two case studies. We first show how NDCT can augment cybersecurity exercises by having participants label their network data. We then describe a separate system that was embedded with the NDCT, which provides a workspace, allowing users to curate data through a multi-session environment, including generating intrusion detection rules for malware.
{"title":"Network Data Curation Toolkit: Cybersecurity Data Collection, Aided-Labeling, and Rule Generation","authors":"Jaime C. Acosta, Stephanie Medina, J. Ellis, Luisana Clarke, Veronica Rivas, Allison Newcomb","doi":"10.1109/MILCOM52596.2021.9653049","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653049","url":null,"abstract":"Cybersecurity network data curation is the collection, labeling, and packaging of datasets that contain artifacts that are important in the cybersecurity domain. These assets are essential for cybersecurity research and key for defense technologies and systems to detect and respond to anomalies caused by adversaries. However, tools for data curation are lacking in all domains of cybersecurity, including enterprise and the military. Curation fuels empirical research and validation of protection, detection, and prevention techniques. Closing the gap will require the development of research-driven tools and technologies that facilitate and enforce not only collection and labeling, but also standardization and distribution. This paper describes a novel tool, called the Network Data Curation Toolkit (NDCT), which simplifies the process of collecting network traffic, keystrokes, mouse clicks; allows network packet labeling; automatically generates intrusion detection rules; and provides a visualization of results. Moreover, the tool has a built-in mechanism for exporting all data into a single distributable file. The tool is modular to allow extension and to facilitate its incorporation into existing workflows. We demonstrate the use of NDCT in two case studies. We first show how NDCT can augment cybersecurity exercises by having participants label their network data. We then describe a separate system that was embedded with the NDCT, which provides a workspace, allowing users to curate data through a multi-session environment, including generating intrusion detection rules for malware.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"116 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126388123","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9652912
V. Kanth, Chad A. Bollmann, M. Tummala, J. McEachen
As digital trust has declined, services purporting to provide privacy and anonymity have become increasingly popular in today's online environment. While there are several examples of these types of applications, blockchain-based services like Bitcoin and Ethereum have emerged as a potential answer to some of these privacy concerns. Unfortunately, many of the same features that facilitate that privacy and anonymity can also be leveraged by nefarious actors to transmit and store information covertly. These features can also be used by government and military organizations for communications purposes. In this paper, we present a generic information hiding model incorporating anonymity that builds on existing classical steganographic models like the Prisoners' Problem. We then analyze our model with regards to blockchain protocols and present a novel blockchain-based address embedding scheme. Finally, we implement our scheme using the Ethereum platform.
{"title":"A Novel Adaptable Framework for Covert Communications in Anonymized Protocols","authors":"V. Kanth, Chad A. Bollmann, M. Tummala, J. McEachen","doi":"10.1109/MILCOM52596.2021.9652912","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9652912","url":null,"abstract":"As digital trust has declined, services purporting to provide privacy and anonymity have become increasingly popular in today's online environment. While there are several examples of these types of applications, blockchain-based services like Bitcoin and Ethereum have emerged as a potential answer to some of these privacy concerns. Unfortunately, many of the same features that facilitate that privacy and anonymity can also be leveraged by nefarious actors to transmit and store information covertly. These features can also be used by government and military organizations for communications purposes. In this paper, we present a generic information hiding model incorporating anonymity that builds on existing classical steganographic models like the Prisoners' Problem. We then analyze our model with regards to blockchain protocols and present a novel blockchain-based address embedding scheme. Finally, we implement our scheme using the Ethereum platform.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125963290","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653052
Colin Samplawski, Benjamin M. Marlin
Recent work has demonstrated the success of end-to-end transformer-based object detection models. These models achieve predictive performance that is competitive with current state-of-the-art detection model frameworks without many of the hand-crafted components needed by previous models (such as non-maximal suppression and anchor boxes). In this paper, we provide the first benchmarking study of transformer-based detection models focused on real-time and edge deployment. We show that transformer-based detection model architectures can achieve 30FPS detection rates on NVIDIA Jetson edge hardware and exceed 40FPS on desktop hardware. However, we observe that achieving these latency levels within the design space that we specify results in a drop in predictive performance, particularly on smaller objects. We conclude by discussing potential next steps for improving the edge and IoT deployment performance of this interesting new class of models.
{"title":"Towards Transformer-Based Real-Time Object Detection at the Edge: A Benchmarking Study","authors":"Colin Samplawski, Benjamin M. Marlin","doi":"10.1109/MILCOM52596.2021.9653052","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653052","url":null,"abstract":"Recent work has demonstrated the success of end-to-end transformer-based object detection models. These models achieve predictive performance that is competitive with current state-of-the-art detection model frameworks without many of the hand-crafted components needed by previous models (such as non-maximal suppression and anchor boxes). In this paper, we provide the first benchmarking study of transformer-based detection models focused on real-time and edge deployment. We show that transformer-based detection model architectures can achieve 30FPS detection rates on NVIDIA Jetson edge hardware and exceed 40FPS on desktop hardware. However, we observe that achieving these latency levels within the design space that we specify results in a drop in predictive performance, particularly on smaller objects. We conclude by discussing potential next steps for improving the edge and IoT deployment performance of this interesting new class of models.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128005036","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653042
I. Dagres, A. Polydoros, A. L. Moustakas
Distributed Beam-Forming (DBF) is a promising technique for increasing range and throughput in cooperative wireless networks. It is known, however, that DBF is sensitive to carrier-synchronization (“synch”) errors among the spatially separated RF oscillators in the distinct transmitting radios as well as errors due to independently occurring Doppler spread (fading) in each contributing link. We analyze here the statistical behavior of the resulting time-dependent beamforming gain as a function of these synch errors and dynamics-induced Doppler spread. A Gamma-distribution approximation is employed and compared to simulation for the resulting gains and system performance. The proposed statistics can subsequently be employed for optimizing the design parameters of a DBF protocol (frame period, pilot length, resynch period) for given pre-specified capacity or link-outage constraints.
{"title":"Performance Analysis of Distributed Beamforming in Wireless Networks: The Effect of Synchronization and Doppler spread","authors":"I. Dagres, A. Polydoros, A. L. Moustakas","doi":"10.1109/MILCOM52596.2021.9653042","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653042","url":null,"abstract":"Distributed Beam-Forming (DBF) is a promising technique for increasing range and throughput in cooperative wireless networks. It is known, however, that DBF is sensitive to carrier-synchronization (“synch”) errors among the spatially separated RF oscillators in the distinct transmitting radios as well as errors due to independently occurring Doppler spread (fading) in each contributing link. We analyze here the statistical behavior of the resulting time-dependent beamforming gain as a function of these synch errors and dynamics-induced Doppler spread. A Gamma-distribution approximation is employed and compared to simulation for the resulting gains and system performance. The proposed statistics can subsequently be employed for optimizing the design parameters of a DBF protocol (frame period, pilot length, resynch period) for given pre-specified capacity or link-outage constraints.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"82 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133702000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653035
Zeenat Afroze, Mohanad Mohsen, D. Matolak, Hudson Dye
Millimeter wave (mmWave) communication systems can offer unprecedented data rates, but typically employ directional antennas to ensure adequate link range, and in non-line-of-sight (NLOS) regions, must often “search” in the angular domain for a signal of significant strength. In this paper we quantify some channel characteristics for indoor settings in the 90 GHz band, focusing on LOS-to-NLOS transitions. Our results are empirical, based upon measurements using a 500-MHz bandwidth signal. These channel transitions can present some of the most challenging conditions to link reliability. We quantify the range and rate of change of angle of arrival of the strongest multipath component, root mean-square delay spread, and stationarity distance. For these transitions, path loss changes of 13 dB and strongest-component angle of arrival changes up to 100 degrees were found over distances of a few cm.
{"title":"Indoor 90 GHz Channel Measurement Results for LOS to NLOS Transitions","authors":"Zeenat Afroze, Mohanad Mohsen, D. Matolak, Hudson Dye","doi":"10.1109/MILCOM52596.2021.9653035","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653035","url":null,"abstract":"Millimeter wave (mmWave) communication systems can offer unprecedented data rates, but typically employ directional antennas to ensure adequate link range, and in non-line-of-sight (NLOS) regions, must often “search” in the angular domain for a signal of significant strength. In this paper we quantify some channel characteristics for indoor settings in the 90 GHz band, focusing on LOS-to-NLOS transitions. Our results are empirical, based upon measurements using a 500-MHz bandwidth signal. These channel transitions can present some of the most challenging conditions to link reliability. We quantify the range and rate of change of angle of arrival of the strongest multipath component, root mean-square delay spread, and stationarity distance. For these transitions, path loss changes of 13 dB and strongest-component angle of arrival changes up to 100 degrees were found over distances of a few cm.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"97 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133855559","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653062
Manveen Kaur, R. Amin, Jim Martin
This work presents a measurement study that evaluates a novel Information Centric Networking (ICN)-enabled Hybrid Unmanned Aerial Vehicle (UAV) System called IH-UAS. IH-UAS leverages ICN along with an innovative system model integrating broker-based publish-subscribe message dissemination with a decentralized architecture to form an ad hoc (infrastructure-less) UAS to carry out military missions. The overarching research goal that drives this study is to design a system that pushes decision-making to the UAV swarm on the battlefield such that mission tasks are completed more reliably and in less time than traditional centralized UAV-based missions. We use theoretical and measurement-based analysis to validate the system. Through experiments conducted using a simplified variant of a Coordinated Search and Tracking (CSAT) application in IH-UAS, we demonstrate that IH-UAS performs better than the same application operating in a traditional centralized solution. We also show that the broker placement and the number of brokers are critical to application performance.
{"title":"The Design and Validation of ICN-Enabled Hybrid Unmanned Aerial System","authors":"Manveen Kaur, R. Amin, Jim Martin","doi":"10.1109/MILCOM52596.2021.9653062","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653062","url":null,"abstract":"This work presents a measurement study that evaluates a novel Information Centric Networking (ICN)-enabled Hybrid Unmanned Aerial Vehicle (UAV) System called IH-UAS. IH-UAS leverages ICN along with an innovative system model integrating broker-based publish-subscribe message dissemination with a decentralized architecture to form an ad hoc (infrastructure-less) UAS to carry out military missions. The overarching research goal that drives this study is to design a system that pushes decision-making to the UAV swarm on the battlefield such that mission tasks are completed more reliably and in less time than traditional centralized UAV-based missions. We use theoretical and measurement-based analysis to validate the system. Through experiments conducted using a simplified variant of a Coordinated Search and Tracking (CSAT) application in IH-UAS, we demonstrate that IH-UAS performs better than the same application operating in a traditional centralized solution. We also show that the broker placement and the number of brokers are critical to application performance.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125689297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653090
Kyoung-Min Park, Eunji Lee, Jinwook Kim, Jaehoon Jung, Seong-Cheol Kim
Wireless ad-hoc network which has not been supported by centralized infrastructure is widely used because of its utilitarian ability. Thanks to a low-complex aspect, It is favorable for IoBT (Internet of Battlefield Things) applications. Propagation channel analysis prior to the network configuration is required to the appropriate sensor deployment. Although experimental approaches warrant an accuracy, ray-tracing simulator is employed because site measurements are highly prohibitive and labor-absorbing. The scattering mechanisms are tough to be implemented by a ray-tracing simulator, which often causes low accuracy in harsh areas, such as subterranean environments. In this paper, the surface scattering theory that considers an incident wave at a rough boundary as the radiation source is exploited to revise the existing ray-tracing simulator. The accuracy of the revised simulator is verified by the channel sounding conducted in the subterranean area which has much roughness. The measurement result indicates that a propagation channel could be well analyzed by employing the surface scattering theory for the ray-tracing based channel analysis.
{"title":"Ray-tracing based Channel Modeling for Rough-boundary Environments","authors":"Kyoung-Min Park, Eunji Lee, Jinwook Kim, Jaehoon Jung, Seong-Cheol Kim","doi":"10.1109/MILCOM52596.2021.9653090","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653090","url":null,"abstract":"Wireless ad-hoc network which has not been supported by centralized infrastructure is widely used because of its utilitarian ability. Thanks to a low-complex aspect, It is favorable for IoBT (Internet of Battlefield Things) applications. Propagation channel analysis prior to the network configuration is required to the appropriate sensor deployment. Although experimental approaches warrant an accuracy, ray-tracing simulator is employed because site measurements are highly prohibitive and labor-absorbing. The scattering mechanisms are tough to be implemented by a ray-tracing simulator, which often causes low accuracy in harsh areas, such as subterranean environments. In this paper, the surface scattering theory that considers an incident wave at a rough boundary as the radiation source is exploited to revise the existing ray-tracing simulator. The accuracy of the revised simulator is verified by the channel sounding conducted in the subterranean area which has much roughness. The measurement result indicates that a propagation channel could be well analyzed by employing the surface scattering theory for the ray-tracing based channel analysis.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124237685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9652914
Dongxin Liu, Peng Wang, Tianshi Wang, T. Abdelzaher
This paper presents a semi-supervised learning framework that is new in being designed for automatic modulation classification (AMC). By carefully utilizing unlabeled signal data with a self-supervised contrastive-learning pre-training step, our framework achieves higher performance given smaller amounts of labeled data, thereby largely reducing the labeling burden of deep learning. We evaluate the performance of our semi-supervised framework on a public dataset. The evaluation results demonstrate that our semi-supervised approach significantly outperforms supervised frameworks thereby substantially enhancing our ability to train deep neural networks for automatic modulation classification in a manner that leverages unlabeled data.
{"title":"Self-Contrastive Learning based Semi-Supervised Radio Modulation Classification","authors":"Dongxin Liu, Peng Wang, Tianshi Wang, T. Abdelzaher","doi":"10.1109/MILCOM52596.2021.9652914","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9652914","url":null,"abstract":"This paper presents a semi-supervised learning framework that is new in being designed for automatic modulation classification (AMC). By carefully utilizing unlabeled signal data with a self-supervised contrastive-learning pre-training step, our framework achieves higher performance given smaller amounts of labeled data, thereby largely reducing the labeling burden of deep learning. We evaluate the performance of our semi-supervised framework on a public dataset. The evaluation results demonstrate that our semi-supervised approach significantly outperforms supervised frameworks thereby substantially enhancing our ability to train deep neural networks for automatic modulation classification in a manner that leverages unlabeled data.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"646 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120885850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9652947
Ahmed Abdou, Ryan Sheatsley, Yohan Beugin, Tyler J. Shipp, P. Mcdaniel
Machine Learning is becoming a pivotal aspect of many systems today, offering newfound performance on classification and prediction tasks, but this rapid integration also comes with new unforeseen vulnerabilities. To harden these systems the ever-growing field of Adversarial Machine Learning has proposed new attack and defense mechanisms. However, a great asymmetry exists as these defensive methods can only provide security to certain models and lack scalability, computational efficiency, and practicality due to overly restrictive constraints. Moreover, newly introduced attacks can easily bypass defensive strategies by making subtle alterations. In this paper, we study an alternate approach inspired by honeypots to detect adversaries. Our approach yields learned models with an embedded watermark. When an adversary initiates an interaction with our model, attacks are encouraged to add this predetermined watermark stimulating detection of adversarial examples. We show that HoneyModels can reveal 69.5% of adversaries attempting to attack a Neural Network while preserving the original functionality of the model. HoneyModels offer an alternate direction to secure Machine Learning that slightly affects the accuracy while encouraging the creation of watermarked adversarial samples detectable by the HoneyModel but indistinguishable from others for the adversary.
{"title":"HoneyModels: Machine Learning Honeypots","authors":"Ahmed Abdou, Ryan Sheatsley, Yohan Beugin, Tyler J. Shipp, P. Mcdaniel","doi":"10.1109/MILCOM52596.2021.9652947","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9652947","url":null,"abstract":"Machine Learning is becoming a pivotal aspect of many systems today, offering newfound performance on classification and prediction tasks, but this rapid integration also comes with new unforeseen vulnerabilities. To harden these systems the ever-growing field of Adversarial Machine Learning has proposed new attack and defense mechanisms. However, a great asymmetry exists as these defensive methods can only provide security to certain models and lack scalability, computational efficiency, and practicality due to overly restrictive constraints. Moreover, newly introduced attacks can easily bypass defensive strategies by making subtle alterations. In this paper, we study an alternate approach inspired by honeypots to detect adversaries. Our approach yields learned models with an embedded watermark. When an adversary initiates an interaction with our model, attacks are encouraged to add this predetermined watermark stimulating detection of adversarial examples. We show that HoneyModels can reveal 69.5% of adversaries attempting to attack a Neural Network while preserving the original functionality of the model. HoneyModels offer an alternate direction to secure Machine Learning that slightly affects the accuracy while encouraging the creation of watermarked adversarial samples detectable by the HoneyModel but indistinguishable from others for the adversary.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122497686","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-11-29DOI: 10.1109/MILCOM52596.2021.9653040
R. Izmailov, Peter Lin, S. Venkatesan, Shridatt Sugrim
Adversarial evasion attacks challenge the integrity of machine learning models by creating out-of-distribution samples that are then consistently misclassified. With a variety of detection and mitigation approaches proposed already, more sophisticated attacks typically defeat them. One of the most promising group of such approaches is based on creating multiple diversified models and leverage their ensemble properties for detection and mitigation of attacks. However, such approaches entail heavy computational cost for designing and training a significant number of models. The paper proposes (i) a combinatorial boosting of the number of diversified models that provides an exponentially expanded scope of reliable decisions, and (ii) robust methods for fusion of the resulting models and their combinations towards enhanced decisions in both benign and adversarial scenarios. Several versions of the approach were implemented and tested for network intrusion detection and color image classification tasks; the results show significant increase of resiliency against evasion attacks with low impact on benign performance.
{"title":"Combinatorial Boosting of Ensembles of Diversified Classifiers for Defense Against Evasion Attacks","authors":"R. Izmailov, Peter Lin, S. Venkatesan, Shridatt Sugrim","doi":"10.1109/MILCOM52596.2021.9653040","DOIUrl":"https://doi.org/10.1109/MILCOM52596.2021.9653040","url":null,"abstract":"Adversarial evasion attacks challenge the integrity of machine learning models by creating out-of-distribution samples that are then consistently misclassified. With a variety of detection and mitigation approaches proposed already, more sophisticated attacks typically defeat them. One of the most promising group of such approaches is based on creating multiple diversified models and leverage their ensemble properties for detection and mitigation of attacks. However, such approaches entail heavy computational cost for designing and training a significant number of models. The paper proposes (i) a combinatorial boosting of the number of diversified models that provides an exponentially expanded scope of reliable decisions, and (ii) robust methods for fusion of the resulting models and their combinations towards enhanced decisions in both benign and adversarial scenarios. Several versions of the approach were implemented and tested for network intrusion detection and color image classification tasks; the results show significant increase of resiliency against evasion attacks with low impact on benign performance.","PeriodicalId":187645,"journal":{"name":"MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121529818","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: