SaTC: CORE: Small: Adversarial ML in Traffic Analysis

SaTC：核心：小型：流量分析中的对抗性机器学习

• 批准号: 1816851
• 负责人: Matthew Wright
• 金额: $ 50万
• 依托单位: Rochester Institute of Tech
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-08-15 至 2022-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1816851&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Adversarial; ML

Surveillance and tracking on the Internet are growing more pervasive and threaten privacy and freedom of expression. The Tor anonymity system protects the privacy of millions of users, including ordinary citizens, journalists, whistle-blowers, military intelligence, police, businesses, and people living under censorship and surveillance. Unfortunately, Tor is vulnerable to website fingerprinting (WF) attacks in which an eavesdropper uses a machine learning (ML) classifier to identify which website the user is visiting from its traffic patterns. The research team's state-of-the-art WF attack using a deep learning classifier reaches 98% accuracy, which is deeply concerning to Tor and its users. The goal of this project is to explore the new landscape of WF attacks and defenses in light of the team's findings with deep learning. A key aspect of the work is to build upon recent advances in fooling deep learning classifiers and apply these new findings to the context of anonymity systems. Based on this focus on adversarial machine learning, the project will create a new course and an accessible summer camp module on the topic, as well as launch a podcast on Cybersecurity Research featuring interviews with top researchers in the fields of adversarial machine learning and anonymity.The research has three thrusts. First, the team is exploring the impact that these attacks can have for Tor users by addressing how the attacks can generalize to different network conditions and Tor versions, how they can be better adapted to realistic settings, and how they are impacted by real-world user behaviors in Tor. Second, since recent work has shown that it is possible to reliably fool deep learning classifiers, the team is studying how to adapt these techniques for robust and efficient defense. Prior work has primarily been in the image classification domain, whereas network traffic is more challenging to manipulate, so the team is designing new methods that account for this difference. In the third thrust, recognizing that researchers are actively seeking robust classifiers that are harder to fool, the team aims to understand new ways to build robust classifiers and explore their properties. While this aspect of the project means potentially finding stronger WF attacks against Tor, robust classifiers would be helpful for the myriad applications of deep learning, such as self-driving cars, stylometry, malware detection, processing drone and satellite imagery, and more.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联网上的监视和跟踪越来越普遍，威胁到隐私和表达自由。Tor匿名系统保护了数百万用户的隐私，包括普通公民、记者、举报人、军事情报人员、警察、企业以及生活在审查和监视下的人。不幸的是，Tor容易受到网站指纹（WF）攻击，其中窃听者使用机器学习（ML）分类器来识别用户正在访问的网站。该研究团队使用深度学习分类器进行的最先进的WF攻击达到了98%的准确率，这对Tor及其用户来说是非常重要的。该项目的目标是根据团队对深度学习的发现，探索WF攻击和防御的新格局。这项工作的一个关键方面是利用欺骗深度学习分类器的最新进展，并将这些新发现应用于匿名系统的背景。基于对对抗性机器学习的关注，该项目将创建一门新课程和一个关于该主题的可访问夏令营模块，并推出一个关于网络安全研究的播客，其中包括对对抗性机器学习和匿名领域顶级研究人员的采访。首先，该团队正在探索这些攻击对Tor用户的影响，方法是解决这些攻击如何推广到不同的网络条件和Tor版本，如何更好地适应现实环境，以及如何受到Tor中真实用户行为的影响。其次，由于最近的研究表明，可以可靠地欺骗深度学习分类器，因此该团队正在研究如何调整这些技术以实现强大而有效的防御。之前的工作主要是在图像分类领域，而网络流量更难以操纵，因此该团队正在设计新的方法来解决这一差异。在第三个推力中，认识到研究人员正在积极寻找更难欺骗的鲁棒分类器，该团队的目标是了解构建鲁棒分类器的新方法并探索它们的属性。虽然该项目的这一方面意味着可能会发现针对Tor的更强大的WF攻击，但强大的分类器将有助于深度学习的无数应用，例如自动驾驶汽车，样式测量，恶意软件检测，处理无人机和卫星图像，该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

What a SHAME: Smart Assistant Voice Command Fingerprinting Utilizing Deep Learning

• DOI: 10.1145/3463676.3485615
• 发表时间: 2021-11
• 期刊: Proceedings of the 20th Workshop on Workshop on Privacy in the Electronic Society
• 作者: John F. Hyland;Conrad Schneggenburger;N. Lim;Jake Ruud;Nate Mathews;M. Wright

Weaponizing Unicodes with Deep Learning -Identifying Homoglyphs with Weakly Labeled Data

通过深度学习武器化 Unicode - 使用弱标记数据识别同形文字

• DOI: 10.1109/isi49825.2020.9280538
• 发表时间: 2020
• 期刊: 2020 IEEE International Conference on Intelligence and Security Informatics (ISI
• 作者: Deng, Perry;Linsky, Cooper;Wright, Matthew
• 通讯作者: Wright, Matthew

Poster: Video Fingerprinting in Tor

• DOI: 10.1145/3319535.3363273
• 发表时间: 2019-11
• 期刊: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Mohammad Saidur Rahman;Nate Mathews;M. Wright

On the Limitations of Continual Learning for Malware Classification

• DOI: 10.48550/arxiv.2208.06568
• 发表时间: 2022-08
• 期刊: ArXiv
• 作者: Mohammad Saidur Rahman;Scott E. Coull;M. Wright

UNDERSTANDING FEATURE DISCOVERY IN WEBSITE FINGERPRINTING ATTACKS

了解网站指纹攻击中的特征发现

• DOI: 10.1109/wnyipw.2018.8576379
• 发表时间: 2018
• 期刊: Proceedings of the 2018 IEEE Western New York Image and Signal Processing Workshop
• 作者: Mathews, Nate;Sirinam, Payap;Wright, Matthew
• 通讯作者: Wright, Matthew