-
Blockchain based solution design for Energy Exchange Platform
Authors:
Atharv Bhadange,
Rohan Doshi,
Tanmay Karmarkar,
Snehal Shintre
Abstract:
It is observed that users have higher requirements for fairness, transparency, and privacy of transactions of energy exchanges that occur across platforms like Indian Energy Exchange (IEX) and Power Exchange India Limited (PXIL). As a decentralized distributed accounting system, blockchain is characterized by traceability, security, credibility, and non-tampering of transactions, which can meet th…
▽ More
It is observed that users have higher requirements for fairness, transparency, and privacy of transactions of energy exchanges that occur across platforms like Indian Energy Exchange (IEX) and Power Exchange India Limited (PXIL). As a decentralized distributed accounting system, blockchain is characterized by traceability, security, credibility, and non-tampering of transactions, which can meet the needs of integrated energy and multi-energy transactions. Based on the research on the application of blockchain technology in the field of integrated energy services, this solution proposes an integrated energy trading process based on smart contracts and explores the application of blockchain technology in integrated energy services.
△ Less
Submitted 25 November, 2022;
originally announced November 2022.
-
Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes
Authors:
Keane Lucas,
Mahmood Sharif,
Lujo Bauer,
Michael K. Reiter,
Saurabh Shintre
Abstract:
Motivated by the transformative impact of deep neural networks (DNNs) in various domains, researchers and anti-virus vendors have proposed DNNs for malware detection from raw bytes that do not require manual feature engineering. In this work, we propose an attack that interweaves binary-diversification techniques and optimization frameworks to mislead such DNNs while preserving the functionality o…
▽ More
Motivated by the transformative impact of deep neural networks (DNNs) in various domains, researchers and anti-virus vendors have proposed DNNs for malware detection from raw bytes that do not require manual feature engineering. In this work, we propose an attack that interweaves binary-diversification techniques and optimization frameworks to mislead such DNNs while preserving the functionality of binaries. Unlike prior attacks, ours manipulates instructions that are a functional part of the binary, which makes it particularly challenging to defend against. We evaluated our attack against three DNNs in white- and black-box settings, and found that it often achieved success rates near 100%. Moreover, we found that our attack can fool some commercial anti-viruses, in certain cases with a success rate of 85%. We explored several defenses, both new and old, and identified some that can foil over 80% of our evasion attempts. However, these defenses may still be susceptible to evasion by attacks, and so we advocate for augmenting malware-detection systems with methods that do not rely on machine learning.
△ Less
Submitted 25 October, 2021; v1 submitted 19 December, 2019;
originally announced December 2019.
-
Deep Detector Health Management under Adversarial Campaigns
Authors:
Javier Echauz,
Keith Kenemer,
Sarfaraz Hussein,
Jay Dhaliwal,
Saurabh Shintre,
Slawomir Grzonkowski,
Andrew Gardner
Abstract:
Machine learning models are vulnerable to adversarial inputs that induce seemingly unjustifiable errors. As automated classifiers are increasingly used in industrial control systems and machinery, these adversarial errors could grow to be a serious problem. Despite numerous studies over the past few years, the field of adversarial ML is still considered alchemy, with no practical unbroken defenses…
▽ More
Machine learning models are vulnerable to adversarial inputs that induce seemingly unjustifiable errors. As automated classifiers are increasingly used in industrial control systems and machinery, these adversarial errors could grow to be a serious problem. Despite numerous studies over the past few years, the field of adversarial ML is still considered alchemy, with no practical unbroken defenses demonstrated to date, leaving PHM practitioners with few meaningful ways of addressing the problem. We introduce turbidity detection as a practical superset of the adversarial input detection problem, co** with adversarial campaigns rather than statistically invisible one-offs. This perspective is coupled with ROC-theoretic design guidance that prescribes an inexpensive domain adaptation layer at the output of a deep learning model during an attack campaign. The result aims to approximate the Bayes optimal mitigation that ameliorates the detection model's degraded health. A proactively reactive type of prognostics is achieved via Monte Carlo simulation of various adversarial campaign scenarios, by sampling from the model's own turbidity distribution to quickly deploy the correct mitigation during a real-world campaign.
△ Less
Submitted 18 November, 2019;
originally announced November 2019.
-
Gradient Similarity: An Explainable Approach to Detect Adversarial Attacks against Deep Learning
Authors:
Jasjeet Dhaliwal,
Saurabh Shintre
Abstract:
Deep neural networks are susceptible to small-but-specific adversarial perturbations capable of deceiving the network. This vulnerability can lead to potentially harmful consequences in security-critical applications. To address this vulnerability, we propose a novel metric called \emph{Gradient Similarity} that allows us to capture the influence of training data on test inputs. We show that \emph…
▽ More
Deep neural networks are susceptible to small-but-specific adversarial perturbations capable of deceiving the network. This vulnerability can lead to potentially harmful consequences in security-critical applications. To address this vulnerability, we propose a novel metric called \emph{Gradient Similarity} that allows us to capture the influence of training data on test inputs. We show that \emph{Gradient Similarity} behaves differently for normal and adversarial inputs, and enables us to detect a variety of adversarial attacks with a near perfect ROC-AUC of 95-100\%. Even white-box adversaries equipped with perfect knowledge of the system cannot bypass our detector easily. On the MNIST dataset, white-box attacks are either detected with a high ROC-AUC of 87-96\%, or require very high distortion to bypass our detector.
△ Less
Submitted 27 June, 2018;
originally announced June 2018.
-
Detecting Adversarial Samples from Artifacts
Authors:
Reuben Feinman,
Ryan R. Curtin,
Saurabh Shintre,
Andrew B. Gardner
Abstract:
Deep neural networks (DNNs) are powerful nonlinear architectures that are known to be robust to random perturbations of the input. However, these models are vulnerable to adversarial perturbations--small input changes crafted explicitly to fool the model. In this paper, we ask whether a DNN can distinguish adversarial samples from their normal and noisy counterparts. We investigate model confidenc…
▽ More
Deep neural networks (DNNs) are powerful nonlinear architectures that are known to be robust to random perturbations of the input. However, these models are vulnerable to adversarial perturbations--small input changes crafted explicitly to fool the model. In this paper, we ask whether a DNN can distinguish adversarial samples from their normal and noisy counterparts. We investigate model confidence on adversarial samples by looking at Bayesian uncertainty estimates, available in dropout neural networks, and by performing density estimation in the subspace of deep features learned by the model. The result is a method for implicit adversarial detection that is oblivious to the attack algorithm. We evaluate this method on a variety of standard datasets including MNIST and CIFAR-10 and show that it generalizes well across different architectures and attacks. Our findings report that 85-93% ROC-AUC can be achieved on a number of standard classification tasks with a negative class that consists of both normal and noisy samples.
△ Less
Submitted 15 November, 2017; v1 submitted 1 March, 2017;
originally announced March 2017.
