skip to main content

Explore Research Products in the NSF-PAR

Title: Dissecting Cyber-adversarial Intrusion Stages via Interdisciplinary Observations
Advanced Persistent Threats (APTs) are professional, sophisticated threats that pose a serious concern to our technologically-dependent society. As these threats become more common, conventional response-driven cyberattack management needs to be substituted with anticipatory defense measures. Understanding adversarial behavior and movement is critical to improve our ability to proactively defend. This paper focuses on understanding adversarial movement and adaptation using a case study from a real-time cybersecurity exercise. Through multidisciplinary methodologies from social and hard sciences, this paper presents a mechanism to dissect cyberadversarial intrusion chains to unpack movement, and adaptations.  more » « less
Award ID(s):
1742789
NSF-PAR ID:
10190299
Author(s) / Creator(s):
; ; ; ; ;
Date Published:
Journal Name:
Proceedings of The 6th ACM International Workshop on Security and Privacy Analytics, co-located with ACM Codaspy
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ( , European Symposium on Artificial Neural Networks, Computational Intelligence and Machine Learning)
    null (Ed.)
    Recent publications have shown that neural network based classifiers are vulnerable to adversarial inputs that are virtually indistinguishable from normal data, constructed explicitly for the purpose of forcing misclassification. In this paper, we present several defenses to counter these threats. First, we observe that most adversarial attacks succeed by mounting gradient ascent on the confidence returned by the model, which allows adversary to gain understanding of the classification boundary. Our defenses are based on denying access to the precise classification boundary. Our first defense adds a controlled random noise to the output confidence levels, which prevents an adversary from converging in their numerical approximation attack. Our next defense is based on the observation that by varying the order of the training, often we arrive at models which offer the same classification accuracy, yet they are different numerically. An ensemble of such models allows us to randomly switch between these equivalent models during query which further blurs the classification boundary. We demonstrate our defense via an adversarial input generator which defeats previously published defenses but cannot breach the proposed defenses do to their non-static nature. 
    more » « less
  2. ; ; ; ; ; ; ; ; ( , Journal of Animal Ecology)
    Abstract

    Crop raiding by wildlife poses major threats to both wildlife conservation and human well‐being in agroecosystems worldwide. These threats are particularly acute in many parts of Africa, where crop raiders include globally threatened megafauna such as elephants, and where smallholder agriculture is a primary source of human livelihood. One framework for understanding herbivore feeding behaviour, the forage‐maturation hypothesis, predicts that herbivores should align their movements with intermediate forage biomass (i.e., peak green‐up); this phenomenon is known as “surfing the green wave.” Crop‐raiding elephants, however, often consume not just foliage, but also fruits and tubers (e.g., maize and potatoes), which generally mature after seasonal peaks in photosynthetic activity. Thus, although elephants have been reported to surf the green wave in natural habitats, they may utilize a different strategy in cultivated landscapes by selecting crops that are “browning down.”

    We sought to understand the factors that underpin movement of elephants into agricultural landscapes.

    In Mozambique's Gorongosa National Park, we used movement data from GPS‐collared elephants, together with precipitation records, remotely sensed estimates of landscape greenness (NDVI), DNA‐based diet analysis, measurements of plant nutritional quality and survey‐based metrics of crop availability to understand spatiotemporal variation in elephant crop‐raiding behaviour.

    Elephants tracked peak NDVI while foraging inside the Park. During the dry season, however, when NDVI within the Park declined and availability of mature crops was high, crop raiding increased dramatically, and elephants consistently selected crop plants that were browning down while foraging in cultivated landscapes. Crops contained significantly higher digestible energy than wild food plants, but comparable (and sometimes lower) levels of digestible protein, suggesting that this foraging strategy maximized energy rather than protein intake.

    Our study is the first to combine GPS tracking data with high‐resolution diet analysis and community‐based reporting of crop availability to reveal fine‐scale plasticity in foraging behaviour of elephants at the human–wildlife interface. Our results extend the forage‐maturation hypothesis by showing that elephants surf waves of plant brown‐down in cultivated landscapes. These findings can aid efforts to reduce human–elephant conflict by enabling wildlife managers to prioritize mitigation actions in time and space with limited resources.

     
    more » « less
  3. ; ; ( , International Conference on Learning Representations)
    Growing applications of generative models have led to new threats such as malicious personation and digital copyright infringement. One solution to these threats is model attribution, i.e., the identification of user-end models where the contents under question are generated from. Existing studies showed empirical feasibility of attribution through a centralized classifier trained on all user-end models. However, this approach is not scalable in reality as the number of models ever grows. Neither does it provide an attributability guarantee. To this end, this paper studies decentralized attribution, which relies on binary classifiers associated with each user-end model. Each binary classifier is parameterized by a user-specific key and distinguishes its associated model distribution from the authentic data distribution. We develop sufficient conditions of the keys that guarantee an attributability lower bound. Our method is validated on MNIST, CelebA, and FFHQ datasets. We also examine the trade-off between generation quality and robustness of attribution against adversarial post-processes. 
    more » « less
  4. ; ; ( , ICLR 2021)
    null (Ed.)
    Growing applications of generative models have led to new threats such as malicious personation and digital copyright infringement. One solution to these threats is model attribution, i.e., the identification of user-end models where the contents under question are generated. Existing studies showed empirical feasibility of attribution through a centralized classifier trained on all existing user-end models. However, this approach is not scalable in a reality where the number of models ever grows. Neither does it provide an attributability guarantee. To this end, this paper studies decentralized attribution, which relies on binary classifiers associated with each user-end model. Each binary classifier is parameterized by a user-specific key and distinguishes its associated model distribution from the authentic data distribution. We develop sufficient conditions of the keys that guarantee an attributability lower bound. Our method is validated on MNIST, CelebA, and FFHQ datasets. We also examine the trade-off between generation quality and robustness of attribution against adversarial post-processes. 
    more » « less
  5. ; ; ; ; ( , Scenario Generalization of Data-driven Imitation Models in Crowd Simulation)
    Relevance to proposal: This project evaluates the generalizability of real and synthetic training datasets which can be used to train model-free techniques for multi-agent applications. We evaluate different methods of generating training corpora and machine learning techniques including Behavior Cloning and Generative Adversarial Imitation Learning. Our results indicate that the utility-guided selection of representative scenarios to generate synthetic data can have significant improvements on model performance. Paper abstract: Crowd simulation, the study of the movement of multiple agents in complex environments, presents a unique application domain for machine learning. One challenge in crowd simulation is to imitate the movement of expert agents in highly dense crowds. An imitation model could substitute an expert agent if the model behaves as good as the expert. This will bring many exciting applications. However, we believe no prior studies have considered the critical question of how training data and training methods affect imitators when these models are applied to novel scenarios. In this work, a general imitation model is represented by applying either the Behavior Cloning (BC) training method or a more sophisticated Generative Adversarial Imitation Learning (GAIL) method, on three typical types of data domains: standard benchmarks for evaluating crowd models, random sampling of state-action pairs, and egocentric scenarios that capture local interactions. Simulated results suggest that (i) simpler training methods are overall better than more complex training methods, (ii) training samples with diverse agent-agent and agent-obstacle interactions are beneficial for reducing collisions when the trained models are applied to new scenarios. We additionally evaluated our models in their ability to imitate real world crowd trajectories observed from surveillance videos. Our findings indicate that models trained on representative scenarios generalize to new, unseen situations observed in real human crowds. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email