ABSTRACT
With the spread of wireless application, huge amount of data is generated every day. Thanks to its elasticity, machine learning is becoming a fundamental brick in this field, and many of applications are developed with the use of it and the several techniques that it offers. However, machine learning suffers on different problems and people that use it often are not aware of the possible threats. Often, an adversary tries to exploit these vulnerabilities in order to obtain benefits; because of this, adversarial machine learning is becoming wide studied in the scientific community. In this paper, we show state-of-the-art adversarial techniques and possible countermeasures, with the aim of warning people regarding sensible argument related to the machine learning.
- M. Abadi, A. Agarwal, P. Barham, E. Brevdo, Z. Chen, C. Citro, G. S. Corrado, A. Davis, J. Dean, M. Devin, S. Ghemawat, I. Goodfellow, A. Harp, G. Irving, M. Isard, Y. Jia, R. Jozefowicz, L. Kaiser, M. Kudlur, J. Levenberg, D. Mané, R. Monga, S. Moore, D. Murray, C. Olah, M. Schuster, J. Shlens, B. Steiner, I. Sutskever, K. Talwar, P. Tucker, V. Vanhoucke, V. Vasudevan, F. Viégas, O. Vinyals, P. Warden, M. Wattenberg, M. Wicke, Y. Yu, and X. Zheng. TensorFlow: Large-scale machine learning on heterogeneous systems, 2015. Software available from tensorflow.org.Google Scholar
- A. Acar, H. Fereidooni, T. Abera, A. K. Sikder, M. Miettinen, H. Aksu, M. Conti, A.-R. Sadeghi, and A. S. Uluagac. Peek-a-boo: I see your smart home activities, even encrypted!, 2018.Google Scholar
- R. Arroyo-Valles, R. Alaiz-Rodriguez, A. Guerrero-Curieses, and J. Cid-Sueiro. Q-probabilistic routing in wireless sensor networks. In 2007 3rd International Conference on Intelligent Sensors, Sensor Networks and Information, pages 1--6, Dec 2007.Google ScholarCross Ref
- M. Barreno, B. Nelson, A. D. Joseph, and J. D. Tygar. The security of machine learning. Mach. Learn., 81(2):121--148, Nov. 2010. Google ScholarDigital Library
- M. Barreno, B. Nelson, R. Sears, A. D. Joseph, and J. D. Tygar. Can machine learning be secure? In Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security, ASIACCS '06, pages 16--25, New York, NY, USA, 2006. ACM. Google ScholarDigital Library
- B. Biggio, I. Corona, D. Maiorca, B. Nelson, N. Šrndić, P. Laskov, G. Giacinto, and F. Roli. Evasion attacks against machine learning at test time. In H. Blockeel, K. Kersting, S. Nijssen, and F. Železný, editors, Machine Learning and Knowledge Discovery in Databases, pages 387--402, Berlin, Heidelberg, 2013. Springer Berlin Heidelberg. Google ScholarDigital Library
- B. Biggio, G. Fumera, and F. Roli. Security evaluation of pattern classifiers under attack. IEEE Transactions on Knowledge and Data Engineering, 26(4):984--996, April 2014. Google ScholarDigital Library
- B. Biggio, B. Nelson, and P. Laskov. Poisoning attacks against support vector machines. In Proceedings of the 29th International Coference on International Conference on Machine Learning, ICML'12, pages 1467--1474, USA, 2012. Omnipress. Google ScholarDigital Library
- X. Cao and N. Z. Gong. Mitigating evasion attacks to deep neural networks via region-based classification. Proceedings of the 33rd Annual Computer Security Applications Conference on - ACSAC 2017, 2017. Google ScholarDigital Library
- A. Chakraborty, M. Alam, V. Dey, A. Chattopadhyay, and D. Mukhopadhyay. Adversarial attacks and defences: A survey, 2018.Google Scholar
- B. Chen, W. Carvalho, N. Baracaldo, H. Ludwig, B. Edwards, T. Lee, I. Molloy, and B. Srivastava. Detecting backdoor attacks on deep neural networks by activation clustering, 2018.Google Scholar
- F. Chollet et al. Keras. https://keras.io, 2015.Google Scholar
- M. Conti, Q. Q. Li, A. Maragno, and R. Spolaor. The dark side(-channel) of mobile devices: A survey on network traffic analysis. IEEE Communications Surveys & Tutorials, 20(4):2658âĂŞ2713, 2018.Google ScholarDigital Library
- M. Conti, L. V. Mancini, R. Spolaor, and N. V. Verde. Analyzing android encrypted network traffic to identify user actions. IEEE Transactions on Information Forensics and Security, 11(1):114--125, Jan 2016.Google ScholarDigital Library
- J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei. ImageNet: A Large-Scale Hierarchical Image Database. In CVPR09, 2009.Google ScholarCross Ref
- M. Fredrikson, S. Jha, and T. Ristenpart. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, CCS '15, pages 1322--1333, New York, NY, USA, 2015. ACM. Google ScholarDigital Library
- M. Fredrikson, E. Lantz, S. Jha, S. Lin, D. Page, and T. Ristenpart. Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing. In 23rd USENIX Security Symposium (USENIX Security 14), pages 17--32, San Diego, CA, 2014. USENIX Association. Google ScholarDigital Library
- I. J. Goodfellow, J. Shlens, and C. Szegedy. Explaining and harnessing adversarial examples. CoRR, abs/1412.6572, 2015.Google Scholar
- T. Gröndahl, L. Pajola, M. Juuti, M. Conti, and N. Asokan. All you need is "love": Evading hate speech detection. Proceedings of the 11th ACM Workshop on Artificial Intelligence and Security - AISec âĂŹ18, 2018. Google ScholarDigital Library
- T. Gu, B. Dolan-Gavitt, and S. Garg. Badnets: Identifying vulnerabilities in the machine learning model supply chain, 2017.Google Scholar
- C. Guestrin, P. Bodik, R. Thibaux, M. Paskin, and S. Madden. Distributed regression: an efficient framework for modeling sensor network data. In Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004, pages 1--10, April 2004. Google ScholarDigital Library
- M. Z. Hameed, A. Gyorgy, and D. Gunduz. Communication without interception: Defense against deep-learning-based modulation detection, 2019.Google Scholar
- L. Huang, A. D. Joseph, B. Nelson, B. I. Rubinstein, and J. D. Tygar. Adversarial machine learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence, AISec '11, pages 43--58, New York, NY, USA, 2011. ACM. Google ScholarDigital Library
- M. Juuti, S. Szyller, S. Marchal, and N. Asokan. Prada: Protecting against dnn model stealing attacks, 2018.Google Scholar
- A. Kurakin, I. Goodfellow, and S. Bengio. Adversarial examples in the physical world, 2016.Google Scholar
- A. Kurakin, I. Goodfellow, and S. Bengio. Adversarial machine learning at scale, 2016.Google Scholar
- Y. Lecun, L. Bottou, Y. Bengio, and P. Haffner. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86(11):2278--2324, Nov 1998.Google ScholarCross Ref
- T. Lee, B. Edwards, I. Molloy, and D. Su. Defending against machine learning model stealing attacks using deceptive perturbations, 2018.Google Scholar
- G. Li, P. Zhu, J. Li, Z. Yang, N. Cao, and Z. Chen. Security matters: A survey on adversarial machine learning, 2018.Google Scholar
- Y. Lin, X. Zhu, Z. Zheng, Z. Dou, and R. Zhou. The individual identification method of wireless device based on dimensionality reduction and machine learning. The Journal of Supercomputing, Dec 2017. Google ScholarDigital Library
- Q. Liu, P. Li, W. Zhao, W. Cai, S. Yu, and V. C. M. Leung. A survey on security threats and defensive techniques of machine learning: A data driven view. IEEE Access, 6:12103--12117, 2018.Google ScholarCross Ref
- Y. Liu, Y. Xie, and A. Srivastava. Neural trojans. In 2017 IEEE International Conference on Computer Design (ICCD), pages 45--48, Nov 2017.Google ScholarCross Ref
- Y. Lv, Y. Duan, W. Kang, Z. Li, and F. Wang. Traffic flow prediction with big data: A deep learning approach. IEEE Transactions on Intelligent Transportation Systems, 16(2):865--873, April 2015.Google ScholarDigital Library
- M. S. Mahdavinejad, M. Rezvan, M. Barekatain, P. Adibi, P. Barnaghi, and A. P. Sheth. Machine learning for internet of things data analysis: a survey. Digital Communications and Networks, 4(3):161--175, 2018.Google ScholarCross Ref
- Y. Meidan, M. Bohadana, A. Shabtai, J. D. Guarnizo, M. Ochoa, N. O. Tippenhauer, and Y. Elovici. Profiliot: A machine learning approach for iot device identification based on network traffic analysis. In Proceedings of the Symposium on Applied Computing, SAC '17, pages 506--509, New York, NY, USA, 2017. ACM. Google ScholarDigital Library
- M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. Sadeghi, and S. Tarkoma. Iot sentinel: Automated device-type identification for security enforcement in iot. In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pages 2177--2184, June 2017.Google ScholarCross Ref
- B. Nelson, M. Barreno, F. J. Chi, A. D. Joseph, B. I. P. Rubinstein, U. Saini, C. Sutton, J. D. Tygar, and K. Xia. Exploiting machine learning to subvert your spam filter. In Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, LEET'08, pages 7:1--7:9, Berkeley, CA, USA, 2008. USENIX Association. Google ScholarDigital Library
- T. D. Nguyen, S. Marchal, M. Miettinen, H. Fereidooni, N. Asokan, and A.-R. Sadeghi. DÃŔot: A federated self-learning anomaly detection system for iot, 2018.Google Scholar
- T. O'Shea and N. West. Radio machine learning dataset generation with gnu radio. Proceedings of the GNU Radio Conference, 1(1), 2016.Google Scholar
- T. J. OâĂŹShea, J. Corgan, and T. C. Clancy. Convolutional radio modulation recognition networks. Communications in Computer and Information Science, page 213âĂŞ226, 2016.Google Scholar
- N. Papernot, P. McDaniel, I. Goodfellow, S. Jha, Z. B. Celik, and A. Swami. Practical black-box attacks against machine learning. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS âĂŹ17, 2017. Google ScholarDigital Library
- A. Paudice, L. Muñoz-González, A. Gyorgy, and E. C. Lupu. Detection of adversarial training examples in poisoning attacks through anomaly detection. CoRR, abs/1802.03041, 2018.Google Scholar
- F. Pedregosa, G. Varoquaux, A. Gramfort, V. Michel, B. Thirion, O. Grisel, M. Blondel, P. Prettenhofer, R. Weiss, V. Dubourg, J. Vanderplas, A. Passos, D. Cournapeau, M. Brucher, M. Perrot, and E. Duchesnay. Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825--2830, 2011. Google ScholarDigital Library
- M. Sadeghi and E. G. Larsson. Adversarial attacks on deep-learning based radio signal classification. IEEE Wireless Communications Letters, 8(1):213âĂŞ216, Feb 2019.Google ScholarCross Ref
- M. Sadeghi and E. G. Larsson. Physical adversarial attacks against end-to-end autoencoder communication systems. IEEE Communications Letters, page 1âĂŞ1, 2019.Google Scholar
- A. Shareef, Y. Zhu, and M. Musavi. Localization using neural networks in wireless sensor networks. In Proceedings of the 1st International Conference on MOBILe Wireless MiddleWARE, Operating Systems, and Applications, MOBILWARE '08, pages 4:1--4:7, ICST, Brussels, Belgium, Belgium, 2007. ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering). Google ScholarDigital Library
- M. Sharif, S. Bhagavatula, L. Bauer, and M. K. Reiter. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS '16, pages 1528--1540, New York, NY, USA, 2016. ACM. Google ScholarDigital Library
- Y. Shi, T. Erpek, Y. E. Sagduyu, and J. H. Li. Spectrum data poisoning with adversarial deep learning. MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), Oct 2018.Google ScholarCross Ref
- Statista. Internet of things in the u.s. - statistics & facts.Google Scholar
- Statista. Number of smartphone users in the united states from 2010 to 2023 (in millions)*, 2019.Google Scholar
- A. Torralba and A. A. Efros. Unbiased look at dataset bias. In CVPR 2011, pages 1521--1528, June 2011. Google ScholarDigital Library
- F. Tramèr, F. Zhang, A. Juels, M. K. Reiter, and T. Ristenpart. Stealing machine learning models via prediction apis. In 25th USENIX Security Symposium (USENIX Security 16), pages 601--618, Austin, TX, 2016. USENIX Association. Google ScholarDigital Library
- B. Wang and N. Z. Gong. Stealing hyperparameters in machine learning. In 2018 IEEE Symposium on Security and Privacy (SP), pages 36--52, May 2018.Google ScholarCross Ref
- W. Wang, L. Wang, B. Tang, R. Wang, and A. Ye. A survey on adversarial attacks and defenses in text, 2019.Google Scholar
- X. Wang, L. Gao, and S. Mao. Csi phase fingerprinting for indoor localization with a deep learning approach. IEEE Internet of Things Journal, 3(6):1113--1123, Dec 2016.Google ScholarCross Ref
- E. Wulczyn, N. Thain, and L. Dixon. Ex machina. Proceedings of the 26th International Conference on World Wide Web - WWW âĂŹ17, 2017.Google ScholarDigital Library
- B. Yang, J. Yang, J. Xu, and D. Yang. Area localization algorithm for mobile nodes in wireless sensor networks based on support vector machines. In H. Zhang, S. Olariu, J. Cao, and D. B.Johnson, editors, Mobile Ad-Hoc and Sensor Networks, pages 561--571, Berlin, Heidelberg, 2007. Springer Berlin Heidelberg. Google ScholarDigital Library
- L. Yu, N. Wang, and X. Meng. Real-time forest fire detection with wireless sensor networks. In Proceedings. 2005 International Conference on Wireless Communications, Networking and Mobile Computing, 2005., volume 2, pages 1214--1217, Sep. 2005.Google Scholar
- Threat is in the Air: Machine Learning for Wireless Network Applications
Recommendations
Adversarial machine learning in IoT from an insider point of view
AbstractWith the rapid progress and significant successes in various applications, machine learning has been considered a crucial component in the Internet of Things ecosystem. However, machine learning models have recently been vulnerable to ...
SCRAP: Synthetically Composed Replay Attacks vs. Adversarial Machine Learning Attacks against Mouse-based Biometric Authentication
AISec'20: Proceedings of the 13th ACM Workshop on Artificial Intelligence and SecurityAdversarial attacks have gained popularity recently due to their simplicity and impact. Their applicability to diverse security scenarios is however less understood. In particular, in some scenarios, attackers may come up naturally with ad-hoc black-box ...
Vulnerability assessment of machine learning based malware classification models
GECCO '19: Proceedings of the Genetic and Evolutionary Computation Conference CompanionThe primary focus of the machine learning model is to train a system to achieve self-reliance. However, due to the absence of the inbuilt security functions the learning phase itself is not secured which allows attacker to exploit the security ...
Comments