Intriguing Properties of Adversarial ML Attacks in the Problem Space
Recent research efforts on adversarial ML have investigated problem-space attacks, focusing on the generation of real evasive objects in domains where, unlike images, there is no clear inverse mapping to the feature space (e.g., software). However, the design, comparison, and real-world implications of problem-space attacks remain underexplored. In this talk, I will present two major contributions from our recent IEEE S&P 2020 paper . First, I will present our novel reformulation of adversarial ML evasion attacks in the problem-space (also known as realizable attacks). This requires to consider and reason about additional constraints feature-space attacks ignore, which shed light on the relationship between feature-space and problem-space attacks. Second, building on our reformulation, I will present a novel problem-space attack for generating end-to-end evasive Android malware, showing that it is feasible to generate evasive malware at scale, while evading state-of-the-art defenses.
 Fabio Pierazzi*, Feargus Pendlebury*, Jacopo Cortellazzi, Lorenzo Cavallaro. “Intriguing Properties of Adversarial ML Attacks in the Problem Space”. IEEE Symp. Security & Privacy (Oakland), 2020.
Lorenzo grew up on pizza, spaghetti, and Phrack, first. Underground and academic research interests followed shortly thereafter. He holds a PhD in Computer Science from the University of Milan (2008), held Post-Doctoral and Visiting Scholar positions at Vrije Universiteit Amsterdam (2010-2011), UC Santa Barbara (2008-2009), and Stony Brook University (2006-2008), and worked in the Information Security Group at Royal Holloway, University of London (Assistant Professor, 2012; Associate Professor, 2016; Full Professor, 2018).
Lorenzo is now a Full Professor of Computer Science, Chair in Cybersecurity (Systems Security) in the Cybersecurity group of the Department of Informatics at King’s College London, where he leads the Systems Security Research Lab, working at the intersection of program analysis and machine learning for systems security.
He received the USENIX WOOT Best Paper Award 2017, and delivers talks & publishes at & sits on the technical program committee of top-tier and well-known international conferences, including IEEE S&P, USENIX Security, ACM CCS, NDSS, USENIX Enigma, WWW, ACSAC, DIMVA, and RAID. He definitely has never stopped wondering and having fun ever since.
2019’s CyberSec&AI conference had a fantastic start when it was named as 'Event of the Year' a...
Dr. Sadia Afroz is a Research Scientist at the International Computer Science Institute and a Senior...
Garry Kasparov is widely acclaimed as one of the greatest chess players of all time. In 1985, aged j...