Youtube search... ...Google search

• Cybersecurity
  • Cybersecurity References
  • Government Services
  • Defense
• Capabilities
• Boolean Satisfiability (SAT) Problem/Satisfiability Modulo Theories (SMT) Solvers
• Defenses Against Adversarial Attacks

______________________________________________________

• Cleverhans - library for benchmarking the vulnerability of machine learning models to adversarial examples blog
• Adversarial Machine Learning for Anti-Malware Software | nababora @ GitHub
• Deep-pwning/Metasploit | Clarence Chio
• EvadeML.org | University of Virginia
• AdversariaLib: An Open-source Library for the Security Evaluation of Machine Learning Algorithms Under Attack
• Pattern Recognition and Applications Lab (PRA Lab)
  • AdversariaLib | PRA Lab
  • Adversarial label flip attacks against Support Vector Machines (ALFASVMLib) | PRA Lab

Adversarial examples are inputs to machine learning models that an attacker has intentionally designed to cause the model to make a mistake; they’re like optical illusions for machines. Myth: An attacker must have access to the model to generate adversarial examples. Fact: Adversarial examples generalize across models trained to perform the same task, even if those models have different architectures and were trained on a different training set. This means an attacker can train their own model, generate adversarial examples against it, and then deploy those adversarial examples against a model they do not have access to. -Deep Learning Adversarial Examples – Clarifying Misconceptions | Goodfellow et al.

Data Poisoning

Youtube search... ...Google search

• Defending against the Label-flipping Attack in Federated Learning | Najeeb Moharram Jebreel, Josep Domingo-Ferrer, David Sánchez and Alberto Blanco-Justicia

Data poisoning or model poisoning attacks involve polluting a machine learning model's training data. Data poisoning is considered an integrity attack because tampering with the training data impacts the model's ability to output correct predictions. Other types of attacks can be similarly classified based on their impact:

• Confidentiality, where the attackers can infer potentially confidential information about the training data by feeding inputs to the model
• Availability, where the attackers disguise their inputs to trick the model in order to evade correct classification
• Replication, where attackers can reverse-engineer the model in order to replicate it and analyze it locally to prepare attacks or exploit it for their own financial gain

The difference between an attack that is meant to evade a model's prediction or classification and a poisoning attack is persistence: with poisoning, the attacker's goal is to get their inputs to be accepted as training data. The length of the attack also differs because it depends on the model's training cycle; it might take weeks for the attacker to achieve their poisoning goal.

Data poisoning can be achieved either in a blackbox scenario against classifiers that rely on user feedback to update their learning or in a whitebox scenario where the attacker gains access to the model and its private training data, possibly somewhere in the supply chain if the training data is collected from multiple sources. [How data poisoning attacks corrupt machine learning models. How data poisoning attacks corrupt machine learning models | Lucian Constantin - CSO