Session

Evading Machine Learning Antimalware Models: Lessons Learned

Evasion attacks against computer vision have become one of the most iconic failure modes of modern machine learning. Evading a ML antimalware model, however, introduces several novel elements over more traditional computer vision evasion attacks against neural networks, including executability constraints and attacks against non-parametric models. In 2019 and again in 2020, I hosted a series of competitions where contestants sought to evade ML antimalware models, first under a white-box threat model (2019), then under a black-box threat model (2020). While the underlying concepts remained constant, an evolution of tactics from manual bypasses towards automated learning methods took manifested in just over a year. In this talk, I will review the concepts and evolutions, highlighting a relatively sophisticated sequential optimization attack against black-box antimalware models that was the baseline approach in the 2020 competition. 

Biography

Hyrum Anderson is a Principal Architect of the Trustworthy Machine Learning Group at Microsoft, which aims to elevate the security of critical machine learning systems to a first-class security concern through preventions, detections, remediations and machine learning red team engagements. Prior to joining Microsoft, Hyrum was Chief Scientist at endpoint security startup, Endgame. He has been also been a researcher at FireEye, Mandiant, Sandia National Laboratories and MIT Lincoln Laboratory. He received his PhD in Electrical Engineering (signal process + machine learning) from the University of Washington and BS/MS degrees from BYU. He cofounded and cochairs the Conference on Applied Machine Learning in Information Security, and has been a speaker at numerous machine learning and security conferences, including RSA, BlackHat and DEFCON. 

Latest news

3 reasons you need to be at CyberSec&AI ...

Partnerships and collaborations drive progress and technological advances. With travel restrictions ...

Podcast: Avast’s Michal Pechoucek on what e...

Michal is one of the chief architects behind CyberSec&AI Connected, which takes place online on ...

Bobby Filar, Lead Data Scientist at Elastic, ...

Bobby Filar is the Lead Data Scientist at Elastic where he employs machine learning and natural lang...

Professor Lorenzo Cavallaro on adversarial ma...

Lorenzo leads the Systems Security Research Lab where he specializes in the intersection of program ...