Recent research efforts on adversarial ML have begun to investigate problem-space attacks, focusing on the generation of real evasive objects in domains where, unlike images, there is no clear inverse mapping to the feature space (e.g., malware). However, the design, comparison, and real-world implications of problem-space attacks remain underexplored.
In this talk, I will present two major contributions from our recent IEEE S&P 2020 paper [1]. First, I will present our novel reformulation of adversarial ML evasion attacks in the problem-space (also known as realizable attacks). This requires us to consider and reason about additional constraints that feature-space attacks ignore, which shed light on the relationship between feature-space and problem-space attacks. Second, building on our reformulation, I will present a novel problem-space attack for generating end-to-end evasive Android malware, showing that it is feasible to generate evasive malware at scale, while evading state-of-the-art defenses.
[1] Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, Lorenzo Cavallaro. “Intriguing Properties of Adversarial ML Attacks in the Problem Space”. IEEE Symp. Security & Privacy (Oakland), 2020.
Note the changed time.
Feargus is a PhD cybersecurity student in the Information Security Group at Royal Holloway, University of London and a Visiting Scholar at the Systems Security Research Lab at King’s College London. His research explores the limitations of machine learning when applied to security settings.
Feargus was recently a visiting student at The Alan Turing Institute, the UK’s national institute for data science and artificial intelligence, and has twice interned at Facebook, with the Abusive Accounts and Compromised Accounts teams respectively, where he developed novel techniques for detecting and measuring harmful behaviour on social media platforms.
He is also the author and maintainer of TESSERACT, a framework and Python library for performing sound ML-based evaluations without experimental bias, and a core author and maintainer of TRANSCEND, a framework for detecting concept drift using conformal evaluation.