Multifaceted Characterization and Enhancement of Machine Learning Security

Abstract

"Machine Learning (ML) has seen a widespread success in various domains, ranging from object recognition to forecasting. Its use in critical applications like self-driving cars and malware detection has raised concerns about its security and privacy, particularly regarding susceptibility to evasion attacks. These attacks exploit input feature perturbations to mislead ML models. Prior studies have highlighted both attack methods and defenses, illustrating an ongoing arms race.

To address ML robustness, we use ML explainers to analyze how feature perturbations impact model predictions, revealing that not all changes are effective in evading models. Based on this insight, we developed the ”Explanation-Guided Booster” (EG-Booster), which enhances the effectiveness of evasion attacks, making them more useful for security risk assessments. On the defense side, we introduced ”Morphence,” a moving target defense strategy that significantly improves ML robustness and outperforms existing approaches. We also investigate the relationship between Out-of-Distribution (OOD) generalization issues and adversarial vulnerabilities. Using Image-to-Image translation through generative adversarial networks (GANs), we propose an OOD generalization approach that also counters adversarial examples. Additionally, we leverage the graph structure of Deep Neural Networks (DNNs) to analyze runtime behavior, distinguishing between different patterns in benign and adversarial settings to guide repair actions for improved robustness. Moreover, we explore novel uses for adversarial examples beyond attacks. Specifically, we propose ”DeResistor,” a system that utilizes adversarial techniques to help evade internet censorship detection. Finally, we outline directions for future research to further enhance ML security and robustness"