TWC: Small: Automatic Techniques for Evaluating and Hardening Machine Learning Classifiers in the Presence of Adversaries

TWC：小型：在对手存在的情况下评估和强化机器学习分类器的自动技术

• 批准号: 1619098
• 负责人: Yanjun Qi
• 金额: $ 49.49万
• 依托单位: University of Virginia Main Campus
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-09-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1619098&HistoricalAwards=false
• 关键词: TWC; Small; Automatic; Techniques; Evaluating

New security exploits emerge far faster than manual analysts can analyze them, driving growing interest in automated machine learning tools for computer security. Classifiers based on machine learning algorithms have shown promising results for many security tasks including malware classification and network intrusion detection, but classic machine learning algorithms are not designed to operate in the presence of adversaries. Intelligent and adaptive adversaries may actively manipulate the information they present in attempts to evade a trained classifier, leading to a competition between the designers of learning systems and attackers who wish to evade them. This project is developing automated techniques for predicting how well classifiers will resist the evasions of adversaries, along with general methods to automatically harden machine-learning classifiers against adversarial evasion attacks.At the junction between machine learning and computer security, this project involves two main tasks: (1) developing a framework that can automatically assess the robustness of a classifier by using evolutionary techniques to simulate an adversary's efforts to evade that classifier; and (2) improving the robustness of classifiers by developing generic machine learning architectures that employ randomized models and co-evolution to automatically harden machine-learning classifiers against adversaries. Our system aims to allow a classifier designer to understand how the classification performance of a model degrades under evasion attacks, enabling better-informed and more secure design choices. The framework is general and scalable, and takes advantage of the latest advances in machine learning and computer security.

新的安全漏洞出现的速度远远快于人工分析师分析它们的速度，这推动了人们对用于计算机安全的自动机器学习工具的兴趣日益增长。基于机器学习算法的分类器已经在许多安全任务中显示出有希望的结果，包括恶意软件分类和网络入侵检测，但经典的机器学习算法并不是设计用于在存在对手的情况下运行的。智能和自适应的对手可能会主动操纵他们提供的信息，试图逃避经过训练的分类器，导致学习系统的设计者和希望逃避它们的攻击者之间的竞争。该项目正在开发自动化技术，用于预测分类器抵抗对手逃避攻击的能力，以及沿着自动强化机器学习分类器对抗对手逃避攻击的一般方法。在机器学习和计算机安全的结合点上，该项目涉及两个主要任务：（1）开发一个框架，该框架可以通过使用进化技术来模拟对手逃避分类器的努力，从而自动评估分类器的鲁棒性;以及（2）通过开发通用机器学习架构来提高分类器的鲁棒性，该通用机器学习架构采用随机化模型和协同进化来自动强化机器学习分类器以对抗对手。我们的系统旨在让分类器设计人员了解模型的分类性能如何在规避攻击下下降，从而实现更明智和更安全的设计选择。该框架具有通用性和可扩展性，并利用了机器学习和计算机安全方面的最新进展。