Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
119 tokens/sec
GPT-4o
56 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
6 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Improving behavior based authentication against adversarial attack using XAI (2402.16430v2)

Published 26 Feb 2024 in cs.CR and cs.HC

Abstract: In recent years, machine learning models, especially deep neural networks, have been widely used for classification tasks in the security domain. However, these models have been shown to be vulnerable to adversarial manipulation: small changes learned by an adversarial attack model, when applied to the input, can cause significant changes in the output. Most research on adversarial attacks and corresponding defense methods focuses only on scenarios where adversarial samples are directly generated by the attack model. In this study, we explore a more practical scenario in behavior-based authentication, where adversarial samples are collected from the attacker. The generated adversarial samples from the model are replicated by attackers with a certain level of discrepancy. We propose an eXplainable AI (XAI) based defense strategy against adversarial attacks in such scenarios. A feature selector, trained with our method, can be used as a filter in front of the original authenticator. It filters out features that are more vulnerable to adversarial attacks or irrelevant to authentication, while retaining features that are more robust. Through comprehensive experiments, we demonstrate that our XAI based defense strategy is effective against adversarial attacks and outperforms other defense strategies, such as adversarial training and defensive distillation.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (27)
  1. I. Vaccari, G. Chiola, M. Aiello, M. Mongelli, and E. Cambiaso, “Mqttset, a new dataset for machine learning techniques on mqtt,” Sensors, vol. 20, no. 22, 2020. [Online]. Available: https://www.mdpi.com/1424-8220/20/22/6578
  2. M. Aiello, M. Mongelli, and G. Papaleo, “Dns tunneling detection through statistical fingerprints of protocol messages and machine learning,” International Journal of Communication Systems, vol. 28, no. 14, 2015.
  3. W. Jin, Y. Li, H. Xu, Y. Wang, and J. Tang, “Adversarial attacks and defenses on graphs: A review and empirical study,” 2020.
  4. Y. Pacheco and W. Sun, “Adversarial machine learning: A comparative study on contemporary intrusion detection datasets,” in 7th International Conference on Information Systems Security and Privacy, 2021.
  5. S. Sabour, Y. Cao, F. Faghri, and D. J. Fleet, “The limitations of deep learning in adversarial settings.”
  6. B. D. Mittelstadt, C. Russell, and S. Wachter, “Explaining explanations in AI,” CoRR, vol. abs/1811.01439, 2018. [Online]. Available: http://arxiv.org/abs/1811.01439
  7. Z. C. Lipton, “The mythos of model interpretability: In machine learning, the concept of interpretability is both important and slippery.” Queue, vol. 16, no. 3, pp. 31–57, 2018.
  8. D. Silver, J. Schrittwieser, K. Simonyan, I. Antonoglou, A. Huang, A. Guez, T. Hubert, L. Baker, M. Lai, A. Bolton et al., “Mastering the game of go without human knowledge,” nature, vol. 550, no. 7676, pp. 354–359, 2017.
  9. M. Du, N. Liu, and X. Hu, “Techniques for interpretable machine learning,” Communications of the ACM, vol. 63, no. 1, pp. 68–77, 2019.
  10. P. Dabkowski and Y. Gal, “Real time image saliency for black box classifiers,” Advances in neural information processing systems, vol. 30, 2017.
  11. J. Chen, L. Song, M. Wainwright, and M. Jordan, “Learning to explain: An information-theoretic perspective on model interpretation,” in International Conference on Machine Learning.   PMLR, 2018, pp. 883–892.
  12. J. Yoon, J. Jordon, and M. van der Schaar, “Invase: Instance-wise variable selection using neural networks,” in International Conference on Learning Representations, 2018.
  13. W. Fu, M. Wang, M. Du, N. Liu, S. Hao, and X. Hu, “Differentiated explanation of deep neural networks with skewed distributions,” IEEE Transactions on Pattern Analysis and Machine Intelligence, 2021.
  14. J. Mathew, F. R. Sarlegna, P.-M. Bernier, and F. R. Danion, “Handedness matters for motor control but not for prediction,” eneuro, vol. 6, no. 3, 2019.
  15. D. Qin, G. Amariucai, D. Qiao, Y. Guan, and S. Fu, “A Comprehensive and Reliable Feature Attribution Method: Double-sided Remove and Reconstruct (DoRaR),” arXiv e-prints, p. arXiv:2310.17945, Oct. 2023.
  16. S. Fu, D. Qin, G. Amariucai, D. Qiao, Y. Guan, and A. Smiley, “Artificial intelligence meets kinesthetic intelligence: Mouse-based user authentication based on hybrid human-machine learning,” in Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security, 2022, pp. 1034–1048.
  17. I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” in 3rd International Conference on Learning Representations, ICLR 2015, San Diego, CA, USA, May 7-9, 2015, Conference Track Proceedings, Y. Bengio and Y. LeCun, Eds., 2015. [Online]. Available: http://arxiv.org/abs/1412.6572
  18. S.-M. Moosavi-Dezfooli, A. Fawzi, and P. Frossard, “Deepfool: A simple and accurate method to fool deep neural networks,” in 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2016, pp. 2574–2582.
  19. C. Szegedy, W. Zaremba, I. Sutskever, J. Bruna, D. Erhan, I. Goodfellow, and R. Fergus, “Intriguing properties of neural networks,” Computer Science, 2013.
  20. N. Papernot, P. Mcdaniel, X. Wu, S. Jha, and A. Swami, “Distillation as a defense to adversarial perturbations against deep neural networks,” in 2016 IEEE Symposium on Security and Privacy (SP), 2016.
  21. G. Hinton, O. Vinyals, and J. Dean, “Distilling the knowledge in a neural network,” Computer Science, vol. 14, no. 7, pp. 38–39, 2015.
  22. N. Carlini and D. Wagner, “Towards evaluating the robustness of neural networks,” 2016.
  23. B. Biggio, G. Fumera, and F. Roli, “Evade hard multiple classifier systems,” Studies in Computational Intelligence, 2009.
  24. Battista, Biggio, Giorgio, Fumera, Fabio, and Roli, “Security evaluation of pattern classifiers under attack,” IEEE Transactions on Knowledge and Data Engineering, 2013.
  25. B. Li and Y. Vorobeychik, “Feature cross-substitution in adversarial classification,” in Neural Information Processing Systems, 2014.
  26. Fei, Zhang, Patrick, P, K, Chan, Battista, Biggio, Daniel, and S, “Adversarial feature selection against evasion attacks.” IEEE Transactions on Cybernetics, 2016.
  27. Z. Yin, F. Wang, W. Liu, and S. Chawla, “Sparse feature attacks in adversarial learning,” IEEE Transactions on Knowledge and Data Engineering, vol. 30, no. 6, pp. 1164–1177, 2018.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Dong Qin (8 papers)
  2. George Amariucai (13 papers)
  3. Daji Qiao (12 papers)
  4. Yong Guan (18 papers)
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets