SoSySec - Intriguing Properties of Adversarial ML Attacks in the Problem Space

*Software and Systems Security (SoSySec) seminar

Recent research efforts on adversarial ML have investigated problem-space attacks, focusing on the generation of real evasive objects in domains where, unlike images, there is no clear inverse mapping to the feature space (e.g., software). However, the design, comparison, and real-world implications of problem-space attacks remain underexplored. In this talk, I will present two major contributions from our recent IEEE Symp. S&P 2020 paper [1]. First, I will present our novel reformulation of adversarial ML evasion attacks for the problem-space, with more constraints to consider than the feature-space and with more light shed on the relationship between feature-space and problem-space attacks. Second, building on our reformulation, I will present our novel problem-space attack for generating end-to-end evasive Android malware, showing that it is feasible to generative evasive malware at scale that also evade feature-space defenses.

--------

[1] Fabio Pierazzi, Feargus Pendlebury, Jacopo Cortellazzi, Lorenzo Cavallaro. “Intriguing Properties of Adversarial ML Attacks in the Problem Space”. IEEE Symp. Security & Privacy (Oakland), 2020.

Web-conference information

Please note that we are not using the usual video-conference facility. When connecting to the session you will have to choose between the "Microphone" profile and the "Listen only" profile. In the latter case, you will not be able to use your microphone to ask questions.

Please also note that it is highly recommended to use a recent version of Firefox or Chrome. It will not be possible to join by phone.

Some documentation about this web-conference facility is available here: https://bigbluebutton.org/html5/