Session

Evading Machine Learning Antimalware Models: Lessons Learned

Evasion attacks against computer vision have become one of the most iconic failure modes of modern machine learning. Evading a ML antimalware model, however, introduces several novel elements over more traditional computer vision evasion attacks against neural networks, including executability constraints and attacks against non-parametric models. In 2019 and again in 2020, I hosted a series of competitions where contestants sought to evade ML antimalware models, first under a white-box threat model (2019), then under a black-box threat model (2020). While the underlying concepts remained constant, an evolution of tactics from manual bypasses towards automated learning methods took manifested in just over a year. In this talk, I will review the concepts and evolutions, highlighting a relatively sophisticated sequential optimization attack against black-box antimalware models that was the baseline approach in the 2020 competition. 

Biography

Hyrum Anderson is a Principal Architect of the Trustworthy Machine Learning Group at Microsoft, which aims to elevate the security of critical machine learning systems to a first-class security concern through preventions, detections, remediations and machine learning red team engagements. Prior to joining Microsoft, Hyrum was Chief Scientist at endpoint security startup, Endgame. He has been also been a researcher at FireEye, Mandiant, Sandia National Laboratories and MIT Lincoln Laboratory. He received his PhD in Electrical Engineering (signal process + machine learning) from the University of Washington and BS/MS degrees from BYU. He cofounded and cochairs the Conference on Applied Machine Learning in Information Security, and has been a speaker at numerous machine learning and security conferences, including RSA, BlackHat and DEFCON. 

Latest news

The positive development of a privacy preserv...

Since the beginning of the year, we have watched COVID-19 cases fluctuate around the world, turning ...

How AI can learn to win the cybersecurity “game”

Cybersecurity is an incredibly serious business. So thinking of it as a game may seem a little odd. ...

Global audience makes first virtual CyberSec&...

The first virtual edition of CyberSec&AI Connected took place on October 8th. Building on 2019...

CyberSec&AI Connected is here!

After a year of planning and preparation, CyberSec&AI Connected has arrived. Today sees delegate...