Explore the intriguing properties of adversarial machine learning attacks in the problem space through this IEEE conference talk. Delve into a novel formalization for adversarial ML evasion attacks, focusing on real-world implications and constraints. Discover the relationship between feature space and problem space, and learn about side-effect features resulting from the inverse feature-mapping problem. Examine necessary and sufficient conditions for problem-space attacks and their applications across various domains. Investigate a new problem-space attack on Android malware, demonstrating the feasibility of evading state-of-the-art classifiers. Gain insights into the realistic threat of "adversarial-malware as a service" and the importance of principled research in this domain. Understand the current landscape of adversarial ML research and its limitations in addressing malware-related challenges.
Intriguing Properties of Adversarial ML Attacks in the Problem Space
Overview
Syllabus
Introduction
Traditional Feature Space Attacks
Problem Space Attacks
Contributions
Formalization
Realworld transformations
Defining plausible
Robustness
Summary
Stateoftheart
Transplant
Analysis
Projection
Vein Experiment
Average Complexity
Time Taken
Conclusion
Taught by
IEEE Symposium on Security and Privacy
