SlideShare a Scribd company logo

Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks

Priyanka Aash
Priyanka Aash

Humans are susceptible to social engineering. Machines are susceptible to tampering. Machine learning is vulnerable to adversarial attacks. Researchers have been able to successfully attack deep learning models used to classify malware to completely change their predictions by only accessing the output label of the model for the input samples fed by the attacker. Moreover, we've also seen attackers attempting to poison our training data for ML models by sending fake telemetry and trying to fool the classifier into believing that a given set of malware samples are actually benign. How do we detect and protect against such attacks? Is there a way we can make our models more robust to future attacks? We'll discuss several strategies to make machine learning models more tamper resilient. We'll compare the difficulty of tampering with cloud-based models and client-based models. We'll discuss research that shows how singular models are susceptible to tampering, and some techniques, like stacked ensemble models, can be used to make them more resilient. We also talk about the importance of diversity in base ML models and technical details on how they can be optimized to handle different threat scenarios. Lastly, we'll describe suspected tampering activity we've witnessed using protection telemetry from over half a billion computers, and whether our mitigations worked.

Technology
1 of 68
Download to read offline
Jugal Parikh, Senior Data Scientist Holly Stewart, Principal Research Manager Randy Treit, Senior Researcher
W i n d o w s D e f e n d e r E n d p o i n t P r o t e c t i o n E n d p o i n t P r o t e c t i o n Blocks low reputation web downloads Blocks malicious websites W i n d o w s D e f e n d e r E n d p o i n t D e t e c t i o n a n d R e s p o n s e D e t e c t i o n a n d R e m e d i a t i o n After execution - Windows Defender ATP monitors for post-breach signals After execution - Windows Defender Hexadite can reverse damage Blocks malicious programs and content (scripts, docs, etc.) W i n d o w s D e f e n d e r S m a r t S c r e e n Monitors behaviors and terminates bad processes Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing Results
T h r e a t P r e d i c t R e s e a r c h T e a m Cloud Client O u r f o c u s : U s e m a c h i n e l e a r n i n g t o b l o c k a t t a c k s f o r W i n d o w s D e f e n d e r A T P
Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing Results
UNKNOWN UNKNOWNSEXPERTS→ LABELS→ ML→ PREDICTIONS ANOMALY DETECTION SUPERVISED UNSUPERVISED
EXPERTS→ LABELS→ ML→ PREDICTIONS SUPERVISED
Pro: Disconnected protection Con: Silent adversarial brute force attacks
No private brute forcing Minimal client performance impact
Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing Results
Machine attributes Dynamic and contextual attributes Static file attributes Example: Averaged perceptron model with > .90 probability = 0.0001% false positive rate Cloud Client
Immunity from antimalware automation attacks
 Synthetic traffic designed to quickly gain reputation on a digital certificate  Targeted Windows 8  Originally surfaced as a high percentage of traffic that wasn’t classified  Low-volume and unsigned file attacks were also identified during investigation 30% 40% 50% 60% 70% 80% 90% 100% 2/15 2/17 2/19 2/21 2/23 2/25 2/27 2/29 3/2 3/4 3/6 3/8 3/10 3/12 3/14 Percent Classified Traffic Win10 Win8 Win7
 Attackers guessed major features (time, traffic, digital certificate)  Team developed complementary models with additional features that filtered fake traffic out of telemetry  Combination of models removed attack traffic from training data 60% 65% 70% 75% 80% 85% 90% 95% 100% 2/7/2017 2/12/2017 2/17/2017 2/22/2017 2/27/2017 3/4/2017 3/9/2017 3/14/2017 3/19/2017 3/24/2017 3/29/2017 4/3/2017 4/8/2017 4/13/2017 4/18/2017 4/23/2017 4/28/2017 5/3/2017 Percent Classified with and without Complementary Models
 Research on adversarial attacks against deep learning classifiers  Showed that an ensemble of classifiers helped defend against the attacks tested in the paper  See more at: Attack and Defense of Dynamic Analysis-Based, Adversarial Neural Malware Classification Models Jack W. Stokes, De Wang, Mady Marinescu, Marc Marino, Brian Bussone https://arxiv.org/abs/1712.05919 Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing ResultsEnsemble Model Development and Testing
Ensemble Model Development and Testing Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
1 1 Wolpert, David H. "Stacked generalization." Neural networks 5.2 (1992): 241-259.
Dealing with:  Active adversarial  Volatility/ Covariate Shift  Noisy environment Scale:  Petabytes of threat Intelligence daily Evaluate:  ~2.3 Billion global queries everyday
Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
1. Different feature sets 2. Different training algorithms 3. Different training data sets 4. Different optimization settings
Process and installation ProcessName ParentProcess TriggeringSignal TriggeringFile Download IP and URL Parent/child relationships Machine attributes Partial and Fuzzy hashes ClusterHash ImportHash Fuzzy hashes Full File Content Header Footer Raw file content File properties File Geometry FileSize FileMetaData …. Signer info Issuer Publisher Signer Behavioral Connection IP System changes API calls Process injection Locale Locale setting Geographical location Behavioral and contextual attributes Static file attributes OS version Processor Security settings Features - Highly dimensional data Researcher Expertise 10k+ researcher attributes 100k+ static attributes 10k+ behavioral attributes Feature Set Training Algorithms Training Data Sets Optimization Settings
Feature Set Learner # of Features PE Properties Fast Tree Ensemble 10K+ features Researcher Expertise Boosted Tree Ensemble 190K+ features Behavioral Boosted Tree Ensemble 6M+ features Fuzzy Hash 1 Random Forest 512+ features Fuzzy Hash 2 SDCA 10M+ features Static, Dynamic and Contextual Averaged Perceptron 16M+ features Researcher Expertise, Fuzzy Hash Averaged Perceptron 12M+ features File Emulation DNN 150K+ features File Detonation DNN 10M+ features Feature Set Training Algorithms Training Data Sets Optimization Settings
Training Cadence: Classifiers:  Malware  Clean  PUA  Enterprise specific  File Type specific Feature Set Training Algorithms Training Data Sets Optimization Settings
Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
1. Boolean Stacking 2. Linear/ Logistic Stacking
Boolean Stacking 1 Binary Output 1 Model Probabilities Logistic Stacking
Model Selection LightGBM !!! Averaged Perceptron !!! Logistic Regression!!! Fast Tree !!! XGBoost !!! DNN !!!
Train Time Validate Test
Supervised Training Optimization Evaluation Train Validate Test
Model evaluated on time-split test set Confusion table ||====================== PREDICTED || positive | negative | Recall TRUTH ||====================== positive || 2,177 | 21,182 | 0.0932 negative || 14,004 |2,097,228 | 0.9934 ||====================== Precision || 0.1345 | 0.9900 | OVERALL ACCURACY: 0.9835 Model evaluated on Live Data for 60 mins without any calibrations Confusion table ||====================== PREDICTED || positive | negative | Recall TRUTH ||====================== positive || 703,140 | 59,131 | 0.9224 negative || 2,1030 |8,013,623 | 0.9974 ||====================== Precision || 0.9710 | 0.9927 | OVERALL ACCURACY: 0.9811
Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
 Information from the target inadvertently works its way into the model-checking mechanism  Causes an overly optimistic assessment of generalization performance  Filtering features that directly correlate to the training labels Confusion table ||====================== PREDICTED || positive | negative | Recall TRUTH ||====================== positive || 703,140 | 59,131 | 0.9224 negative || 2,1030 |8,013,623 | 0.9974 ||====================== Precision || 0.9710 | 0.9927 | OVERALL ACCURACY: 0.9811 Confusion table ||====================== PREDICTED || positive | negative | Recall TRUTH ||====================== positive || 625,324 | 136,947 | 0.8203 negative || 29,540 |8,005,113 | 0.9963 ||====================== Precision || 0.9549 | 0.9832 | OVERALL ACCURACY: 0.9668 With some data leaks Filtering known data leaks
 Not all Base Classifiers classify every threat scenario  What you can do:  Retaining the instance but..  Adding Boolean features indicating what features were missing  Cross Join between features  Interpretable models Model Probability Verdict FileEmulation1 N/A Unknown FileDetonation N/A Unknown FuzzyHash1 N/A Unknown FuzzyHash2 0.014020299 Clean CloudClassifier1 N/A Unknown CloudClassifier2 N/A Unknown CloudClassifier3 N/A Unknown CloudClassifier4 N/A Unknown CloudClassifier5 N/A Unknown CloudClassifier6 N/A Unknown . . . . . . . . . ResearcherExpertise 0.07285905 Clean PEPropertiesClassifier N/A Unknown FileMetaDataClassifier1 N/A Unknown FileMetaDataClassifier2 N/A Unknown FileMetaDataClassifier3 N/A Unknown BehavioralClassifier1 N/A Unknown BehavioralClassifier2 N/A Unknown Stacked Ensemble 0.92 Malware
 Adding K-means distance for each instance from the centroid of each cluster as an input feature
 Maintaining a fixed label distribution for training  Continuous monitoring of incoming telemetry to catch anomalies/ outliers before training Time
evaluate on Cloud Client
Supervised Training Evaluation
Ratio of number of instances perturbed The classifier is robust to one of the classifiers being compromised at 1% FPR.
train Machine attributes Dynamic and contextual attributes Static file attributes Example: Averaged perceptron model with > .90 probability = 0.0001% false positive rate Cloud Client
Supervised Training Adding Rogue Features
# of Random Classifiers False Positive Rate True Positive Rate 0 0.8746% 96.1824% 2 0.8834% 96.1222% 4 0.8912% 96.0385% 6 0.8939% 95.8932% 8 0.8974% 95.8462% 10 0.9131% 95.8462% The classifier can detect these random noises and the performance drop is negligible.
Machine attributes Dynamic and contextual attributes Static file attributes Example: Averaged perceptron model with > .90 probability = 0.0001% false positive rate Cloud Client
Ratio of number of instances perturbed Flipping top 2 Feature Values
Cloud Client # of Instances Data Distribution Bias Anomalies Metrics Requirements Continuous Monitoring Overall Blocks Telemetry Relevant features Threat Landscape Ensemble Model Development and Testing Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing ResultsEnsemble Model Development and Testing
Other Cloud Blocks 88% Ensemble Blocks 12% Archive 4% Documents and macros 8% Other (1k+ types) PE File 68% Shortcut 11% Signed PE File 3% VBS 3%
malware clean
Filters out noisy signals from an occasionally underperforming model Increases predictive power with easy interpretability Adds resilience against attacks on individual models
 Small-scale attack in Central and Western Canada  Most targets reached within 5 ½ hours  73% of targets were commercial businesses
Model Probability Verdict PDFClassifier - Unknown NonPEClassifier - Unknown CloudModel3 0.06 Clean? FuzzyHash1 0.07 Clean? FuzzyHash2 0.08 Clean? ResearchExpertise 0.99 Malware Ensemble1 0.27 ~Sketchy Ensemble2 0.84 Sketchy! Ensemble3 0.91 Malware Client Cloud
Model Probability Verdict FuzzyHash2 0.06 Clean? Ensemble1 0.27 ~Sketchy JsModel 0.52 Sketchy! ResearchExpertise 0.64 Sketchy! Ensemble3 0.91 Malware Client Cloud vNSAml.js
 Daewoo Chong (Windows Defender ATP Research)  Christian Seifert (Windows Defender ATP Research)  Allan Sepillo (Windows Defender ATP Research)  Bhavna Soman (Windows Defender ATP Research)  Jay Stokes (Microsoft Research)  Maria Vlachopoulou (Windows Defender ATP Research)  Samuel Wakasugui (Windows Defender ATP Research)
Today’s presentation All data and charts, unless otherwise noted, is from Microsoft. Preso: https://www.blackhat.com/us-18/briefings/schedule/index.html#protecting-the-protector-hardening-machine-learning-defenses- against-adversarial-attacks-11669 Blog: https://aka.ms/hardening-ML Upcoming conference presentations Virus Bulletin 2018 (Montreal): Starving malware authors through dynamic classification Karishma Sanghvi (Microsoft), Joe Blackbird (Microsoft) Blog Posts and Other References Antivirus evolved Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses How artificial intelligence stopped an Emotet outbreak Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign Machine Learning vs. Social Engineering Whitepaper: The Evolution of Malware Prevention
Client-based machine learning is susceptible to brute force attacks After you deploy, ensure you have monitors to alert on potential tampering Consider the various vectors of attack, identify most likely vectors, then test them Build a diverse set of complementary models, then add an ensemble layer
adversarialml@microsoft.com

Recommended

Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...Sung Kim
 
Automated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic SearchAutomated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic SearchLionel Briand
 
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...Chakkrit (Kla) Tantithamthavorn
 
Testing survey by_directions
Testing survey by_directionsTesting survey by_directions
Testing survey by_directionsTao He
 
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Sung Kim
 
A software fault localization technique based on program mutations
A software fault localization technique based on program mutationsA software fault localization technique based on program mutations
A software fault localization technique based on program mutationsTao He
 
Automated parameter optimization should be included in future 
defect predict...
Automated parameter optimization should be included in future 
defect predict...Automated parameter optimization should be included in future 
defect predict...
Automated parameter optimization should be included in future 
defect predict...Chakkrit (Kla) Tantithamthavorn
 
Interactive fault localization leveraging simple user feedback - by Liang Gong
Interactive fault localization leveraging simple user feedback - by Liang GongInteractive fault localization leveraging simple user feedback - by Liang Gong
Interactive fault localization leveraging simple user feedback - by Liang GongLiang Gong
 

Recommended

Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...Self-defending software: Automatically patching errors in deployed software ...
Self-defending software: Automatically patching errors in deployed software ...Sung Kim
 
Automated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic SearchAutomated Vulnerability Testing Using Machine Learning and Metaheuristic Search
Automated Vulnerability Testing Using Machine Learning and Metaheuristic SearchLionel Briand
 
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...
The Impact of Mislabelling on the Performance and Interpretation of Defect Pr...Chakkrit (Kla) Tantithamthavorn
 
Testing survey by_directions
Testing survey by_directionsTesting survey by_directions
Testing survey by_directionsTao He
 
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Sung Kim
 
A software fault localization technique based on program mutations
A software fault localization technique based on program mutationsA software fault localization technique based on program mutations
A software fault localization technique based on program mutationsTao He
 
Automated parameter optimization should be included in future 
defect predict...
Automated parameter optimization should be included in future 
defect predict...Automated parameter optimization should be included in future 
defect predict...
Automated parameter optimization should be included in future 
defect predict...Chakkrit (Kla) Tantithamthavorn
 
Interactive fault localization leveraging simple user feedback - by Liang Gong
Interactive fault localization leveraging simple user feedback - by Liang GongInteractive fault localization leveraging simple user feedback - by Liang Gong
Interactive fault localization leveraging simple user feedback - by Liang GongLiang Gong
 
Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...
Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...
Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...Chakkrit (Kla) Tantithamthavorn
 
A survey of fault prediction using machine learning algorithms
A survey of fault prediction using machine learning algorithmsA survey of fault prediction using machine learning algorithms
A survey of fault prediction using machine learning algorithmsAhmed Magdy Ezzeldin, MSc.
 
Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...
Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...
Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...CS, NcState
 
Multi-Objective Cross-Project Defect Prediction
Multi-Objective Cross-Project Defect PredictionMulti-Objective Cross-Project Defect Prediction
Multi-Objective Cross-Project Defect PredictionSebastiano Panichella
 
52 - The Impact of Test Ownership and Team Structure on the Reliability and E...
52 - The Impact of Test Ownership and Team Structure on the Reliability and E...52 - The Impact of Test Ownership and Team Structure on the Reliability and E...
52 - The Impact of Test Ownership and Team Structure on the Reliability and E...ESEM 2014
 
Diversity Maximization Speedup for Fault Localization
Diversity Maximization Speedup for Fault LocalizationDiversity Maximization Speedup for Fault Localization
Diversity Maximization Speedup for Fault LocalizationLiang Gong
 
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...Pluribus One
 
Icsoc12 tooldemo.ppt
Icsoc12 tooldemo.pptIcsoc12 tooldemo.ppt
Icsoc12 tooldemo.pptPtidej Team
 
Design For Testability
Design For TestabilityDesign For Testability
Design For TestabilityGiovanni Asproni
 
Benchmarking with JMH (riviera dev 2017)
Benchmarking with JMH (riviera dev 2017)Benchmarking with JMH (riviera dev 2017)
Benchmarking with JMH (riviera dev 2017)Nenad Bogojevic
 
Avc rem 201211_en
Avc rem 201211_enAvc rem 201211_en
Avc rem 201211_enAnatoliy Tkachev
 
ISTQB Advance Material
ISTQB Advance MaterialISTQB Advance Material
ISTQB Advance MaterialMandar Kharkar
 
Ssbse12b.ppt
Ssbse12b.pptSsbse12b.ppt
Ssbse12b.pptPtidej Team
 
Practical Guide To Software System Testing
Practical Guide To Software System TestingPractical Guide To Software System Testing
Practical Guide To Software System Testingvladimir zaremba
 
Final Exam Solutions Fall02
Final Exam Solutions Fall02Final Exam Solutions Fall02
Final Exam Solutions Fall02Radu_Negulescu
 
Timing Tool Test Effectiveness for WCET Analysis Tools
Timing Tool Test Effectiveness for WCET Analysis ToolsTiming Tool Test Effectiveness for WCET Analysis Tools
Timing Tool Test Effectiveness for WCET Analysis ToolsMike Towers
 
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat Security Conference
 
Building functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortalBuilding functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortalDmitriy Gumeniuk
 
B4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearningB4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearningHoa Le
 
The Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverThe Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverQA or the Highway
 
Can we induce change with what we measure?
Can we induce change with what we measure?Can we induce change with what we measure?
Can we induce change with what we measure?Michaela Greiler
 
Learning Automated Intrusion Response
Learning Automated Intrusion ResponseLearning Automated Intrusion Response
Learning Automated Intrusion ResponseKim Hammar
 

More Related Content

What's hot

Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...
Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...
Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...Chakkrit (Kla) Tantithamthavorn
 
A survey of fault prediction using machine learning algorithms
A survey of fault prediction using machine learning algorithmsA survey of fault prediction using machine learning algorithms
A survey of fault prediction using machine learning algorithmsAhmed Magdy Ezzeldin, MSc.
 
Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...
Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...
Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...CS, NcState
 
Multi-Objective Cross-Project Defect Prediction
Multi-Objective Cross-Project Defect PredictionMulti-Objective Cross-Project Defect Prediction
Multi-Objective Cross-Project Defect PredictionSebastiano Panichella
 
52 - The Impact of Test Ownership and Team Structure on the Reliability and E...
52 - The Impact of Test Ownership and Team Structure on the Reliability and E...52 - The Impact of Test Ownership and Team Structure on the Reliability and E...
52 - The Impact of Test Ownership and Team Structure on the Reliability and E...ESEM 2014
 
Diversity Maximization Speedup for Fault Localization
Diversity Maximization Speedup for Fault LocalizationDiversity Maximization Speedup for Fault Localization
Diversity Maximization Speedup for Fault LocalizationLiang Gong
 
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...Pluribus One
 
Icsoc12 tooldemo.ppt
Icsoc12 tooldemo.pptIcsoc12 tooldemo.ppt
Icsoc12 tooldemo.pptPtidej Team
 
Benchmarking with JMH (riviera dev 2017)
Benchmarking with JMH (riviera dev 2017)Benchmarking with JMH (riviera dev 2017)
Benchmarking with JMH (riviera dev 2017)Nenad Bogojevic
 
ISTQB Advance Material
ISTQB Advance MaterialISTQB Advance Material
ISTQB Advance MaterialMandar Kharkar
 
Practical Guide To Software System Testing
Practical Guide To Software System TestingPractical Guide To Software System Testing
Practical Guide To Software System Testingvladimir zaremba
 
Final Exam Solutions Fall02
Final Exam Solutions Fall02Final Exam Solutions Fall02
Final Exam Solutions Fall02Radu_Negulescu
 
Timing Tool Test Effectiveness for WCET Analysis Tools
Timing Tool Test Effectiveness for WCET Analysis ToolsTiming Tool Test Effectiveness for WCET Analysis Tools
Timing Tool Test Effectiveness for WCET Analysis ToolsMike Towers
 

What's hot (16)

Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...
Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...
Software Analytics In Action: A Hands-on Tutorial on Mining, Analyzing, Model...
 
A survey of fault prediction using machine learning algorithms
A survey of fault prediction using machine learning algorithmsA survey of fault prediction using machine learning algorithms
A survey of fault prediction using machine learning algorithms
 
Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...
Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...
Promise 2011: "An Iterative Semi-supervised Approach to Software Fault Predic...
 
Multi-Objective Cross-Project Defect Prediction
Multi-Objective Cross-Project Defect PredictionMulti-Objective Cross-Project Defect Prediction
Multi-Objective Cross-Project Defect Prediction
 
52 - The Impact of Test Ownership and Team Structure on the Reliability and E...
52 - The Impact of Test Ownership and Team Structure on the Reliability and E...52 - The Impact of Test Ownership and Team Structure on the Reliability and E...
52 - The Impact of Test Ownership and Team Structure on the Reliability and E...
 
Diversity Maximization Speedup for Fault Localization
Diversity Maximization Speedup for Fault LocalizationDiversity Maximization Speedup for Fault Localization
Diversity Maximization Speedup for Fault Localization
 
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
Battista Biggio @ ECML PKDD 2013 - Evasion attacks against machine learning a...
 
Icsoc12 tooldemo.ppt
Icsoc12 tooldemo.pptIcsoc12 tooldemo.ppt
Icsoc12 tooldemo.ppt
 
Design For Testability
Design For TestabilityDesign For Testability
Design For Testability
 
Benchmarking with JMH (riviera dev 2017)
Benchmarking with JMH (riviera dev 2017)Benchmarking with JMH (riviera dev 2017)
Benchmarking with JMH (riviera dev 2017)
 
Avc rem 201211_en
Avc rem 201211_enAvc rem 201211_en
Avc rem 201211_en
 
ISTQB Advance Material
ISTQB Advance MaterialISTQB Advance Material
ISTQB Advance Material
 
Ssbse12b.ppt
Ssbse12b.pptSsbse12b.ppt
Ssbse12b.ppt
 
Practical Guide To Software System Testing
Practical Guide To Software System TestingPractical Guide To Software System Testing
Practical Guide To Software System Testing
 
Final Exam Solutions Fall02
Final Exam Solutions Fall02Final Exam Solutions Fall02
Final Exam Solutions Fall02
 
Timing Tool Test Effectiveness for WCET Analysis Tools
Timing Tool Test Effectiveness for WCET Analysis ToolsTiming Tool Test Effectiveness for WCET Analysis Tools
Timing Tool Test Effectiveness for WCET Analysis Tools
 

Similar to Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks

BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat Security Conference
 
Building functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortalBuilding functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortalDmitriy Gumeniuk
 
B4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearningB4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearningHoa Le
 
The Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverThe Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverQA or the Highway
 
Can we induce change with what we measure?
Can we induce change with what we measure?Can we induce change with what we measure?
Can we induce change with what we measure?Michaela Greiler
 
Learning Automated Intrusion Response
Learning Automated Intrusion ResponseLearning Automated Intrusion Response
Learning Automated Intrusion ResponseKim Hammar
 
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...BlueHat Security Conference
 
Odin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_PredictionOdin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_PredictionMinh Nguyen
 
Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedLB Denker
 
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web TestingThe Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web TestingPerfecto by Perforce
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Ukraine
 
But Did You Test It
But Did You Test ItBut Did You Test It
But Did You Test ItRuth Blakely
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Engineering Software Lab
 
MLOps - Build pipelines with Tensor Flow Extended & Kubeflow
MLOps - Build pipelines with Tensor Flow Extended & KubeflowMLOps - Build pipelines with Tensor Flow Extended & Kubeflow
MLOps - Build pipelines with Tensor Flow Extended & KubeflowJan Kirenz
 
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systemsJaap van Ekris
 
Machine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERMachine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERGanesan Narayanasamy
 
Overcoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystemOvercoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystemQAware GmbH
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 

Similar to Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks (20)

BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
BlueHat v18 || Protecting the protector, hardening machine learning defenses ...
 
Building functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortalBuilding functional Quality Gates with ReportPortal
Building functional Quality Gates with ReportPortal
 
B4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearningB4UConference_machine learning_deeplearning
B4UConference_machine learning_deeplearning
 
The Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas HaverThe Automation Firehose: Be Strategic and Tactical by Thomas Haver
The Automation Firehose: Be Strategic and Tactical by Thomas Haver
 
Can we induce change with what we measure?
Can we induce change with what we measure?Can we induce change with what we measure?
Can we induce change with what we measure?
 
Learning Automated Intrusion Response
Learning Automated Intrusion ResponseLearning Automated Intrusion Response
Learning Automated Intrusion Response
 
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
BlueHat Seattle 2019 || The good, the bad & the ugly of ML based approaches f...
 
Odin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_PredictionOdin2018_Minh_ML_Risk_Prediction
Odin2018_Minh_ML_Risk_Prediction
 
Testing and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons LearnedTesting and DevOps Culture: Lessons Learned
Testing and DevOps Culture: Lessons Learned
 
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web TestingThe Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
The Automation Firehose: Be Strategic & Tactical With Your Mobile & Web Testing
 
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
GlobalLogic Test Automation Online TechTalk “Test Driven Development as a Per...
 
But Did You Test It
But Did You Test ItBut Did You Test It
But Did You Test It
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
 
Software metrics
Software metricsSoftware metrics
Software metrics
 
MLOps - Build pipelines with Tensor Flow Extended & Kubeflow
MLOps - Build pipelines with Tensor Flow Extended & KubeflowMLOps - Build pipelines with Tensor Flow Extended & Kubeflow
MLOps - Build pipelines with Tensor Flow Extended & Kubeflow
 
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
2010-03-31 - VU Amsterdam - Experiences testing safety critical systems
 
Machine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWERMachine Learning AND Deep Learning for OpenPOWER
Machine Learning AND Deep Learning for OpenPOWER
 
Null meet Code Review
Null meet Code ReviewNull meet Code Review
Null meet Code Review
 
Overcoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystemOvercoming (organizational) scalability issues in your Prometheus ecosystem
Overcoming (organizational) scalability issues in your Prometheus ecosystem
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 

More from Priyanka Aash

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfPriyanka Aash
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfPriyanka Aash
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfPriyanka Aash
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfPriyanka Aash
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdfPriyanka Aash
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfPriyanka Aash
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfPriyanka Aash
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfPriyanka Aash
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldPriyanka Aash
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksPriyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Priyanka Aash
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security GovernancePriyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Recently uploaded (20)

Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Protecting the Protector, Hardening Machine Learning Defenses Against Adversarial Attacks

  • 1. Jugal Parikh, Senior Data Scientist Holly Stewart, Principal Research Manager Randy Treit, Senior Researcher
  • 2.
  • 3.
  • 4. W i n d o w s D e f e n d e r E n d p o i n t P r o t e c t i o n E n d p o i n t P r o t e c t i o n Blocks low reputation web downloads Blocks malicious websites W i n d o w s D e f e n d e r E n d p o i n t D e t e c t i o n a n d R e s p o n s e D e t e c t i o n a n d R e m e d i a t i o n After execution - Windows Defender ATP monitors for post-breach signals After execution - Windows Defender Hexadite can reverse damage Blocks malicious programs and content (scripts, docs, etc.) W i n d o w s D e f e n d e r S m a r t S c r e e n Monitors behaviors and terminates bad processes Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing Results
  • 5. T h r e a t P r e d i c t R e s e a r c h T e a m Cloud Client O u r f o c u s : U s e m a c h i n e l e a r n i n g t o b l o c k a t t a c k s f o r W i n d o w s D e f e n d e r A T P
  • 6. Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing Results
  • 7. UNKNOWN UNKNOWNSEXPERTS→ LABELS→ ML→ PREDICTIONS ANOMALY DETECTION SUPERVISED UNSUPERVISED
  • 8. EXPERTS→ LABELS→ ML→ PREDICTIONS SUPERVISED
  • 9.
  • 11. No private brute forcing Minimal client performance impact
  • 12. Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing Results
  • 13. Machine attributes Dynamic and contextual attributes Static file attributes Example: Averaged perceptron model with > .90 probability = 0.0001% false positive rate Cloud Client
  • 14. Immunity from antimalware automation attacks
  • 15.  Synthetic traffic designed to quickly gain reputation on a digital certificate  Targeted Windows 8  Originally surfaced as a high percentage of traffic that wasn’t classified  Low-volume and unsigned file attacks were also identified during investigation 30% 40% 50% 60% 70% 80% 90% 100% 2/15 2/17 2/19 2/21 2/23 2/25 2/27 2/29 3/2 3/4 3/6 3/8 3/10 3/12 3/14 Percent Classified Traffic Win10 Win8 Win7
  • 16.  Attackers guessed major features (time, traffic, digital certificate)  Team developed complementary models with additional features that filtered fake traffic out of telemetry  Combination of models removed attack traffic from training data 60% 65% 70% 75% 80% 85% 90% 95% 100% 2/7/2017 2/12/2017 2/17/2017 2/22/2017 2/27/2017 3/4/2017 3/9/2017 3/14/2017 3/19/2017 3/24/2017 3/29/2017 4/3/2017 4/8/2017 4/13/2017 4/18/2017 4/23/2017 4/28/2017 5/3/2017 Percent Classified with and without Complementary Models
  • 17.  Research on adversarial attacks against deep learning classifiers  Showed that an ensemble of classifiers helped defend against the attacks tested in the paper  See more at: Attack and Defense of Dynamic Analysis-Based, Adversarial Neural Malware Classification Models Jack W. Stokes, De Wang, Mady Marinescu, Marc Marino, Brian Bussone https://arxiv.org/abs/1712.05919 Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing ResultsEnsemble Model Development and Testing
  • 18. Ensemble Model Development and Testing Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
  • 19. 1 1 Wolpert, David H. "Stacked generalization." Neural networks 5.2 (1992): 241-259.
  • 20. Dealing with:  Active adversarial  Volatility/ Covariate Shift  Noisy environment Scale:  Petabytes of threat Intelligence daily Evaluate:  ~2.3 Billion global queries everyday
  • 21. Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
  • 22. 1. Different feature sets 2. Different training algorithms 3. Different training data sets 4. Different optimization settings
  • 23. Process and installation ProcessName ParentProcess TriggeringSignal TriggeringFile Download IP and URL Parent/child relationships Machine attributes Partial and Fuzzy hashes ClusterHash ImportHash Fuzzy hashes Full File Content Header Footer Raw file content File properties File Geometry FileSize FileMetaData …. Signer info Issuer Publisher Signer Behavioral Connection IP System changes API calls Process injection Locale Locale setting Geographical location Behavioral and contextual attributes Static file attributes OS version Processor Security settings Features - Highly dimensional data Researcher Expertise 10k+ researcher attributes 100k+ static attributes 10k+ behavioral attributes Feature Set Training Algorithms Training Data Sets Optimization Settings
  • 24. Feature Set Learner # of Features PE Properties Fast Tree Ensemble 10K+ features Researcher Expertise Boosted Tree Ensemble 190K+ features Behavioral Boosted Tree Ensemble 6M+ features Fuzzy Hash 1 Random Forest 512+ features Fuzzy Hash 2 SDCA 10M+ features Static, Dynamic and Contextual Averaged Perceptron 16M+ features Researcher Expertise, Fuzzy Hash Averaged Perceptron 12M+ features File Emulation DNN 150K+ features File Detonation DNN 10M+ features Feature Set Training Algorithms Training Data Sets Optimization Settings
  • 25. Training Cadence: Classifiers:  Malware  Clean  PUA  Enterprise specific  File Type specific Feature Set Training Algorithms Training Data Sets Optimization Settings
  • 26.
  • 27. Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
  • 28. 1. Boolean Stacking 2. Linear/ Logistic Stacking
  • 30. Model Selection LightGBM !!! Averaged Perceptron !!! Logistic Regression!!! Fast Tree !!! XGBoost !!! DNN !!!
  • 32. Supervised Training Optimization Evaluation Train Validate Test
  • 33.
  • 34.
  • 35.
  • 36. Model evaluated on time-split test set Confusion table ||====================== PREDICTED || positive | negative | Recall TRUTH ||====================== positive || 2,177 | 21,182 | 0.0932 negative || 14,004 |2,097,228 | 0.9934 ||====================== Precision || 0.1345 | 0.9900 | OVERALL ACCURACY: 0.9835 Model evaluated on Live Data for 60 mins without any calibrations Confusion table ||====================== PREDICTED || positive | negative | Recall TRUTH ||====================== positive || 703,140 | 59,131 | 0.9224 negative || 2,1030 |8,013,623 | 0.9974 ||====================== Precision || 0.9710 | 0.9927 | OVERALL ACCURACY: 0.9811
  • 37. Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
  • 38.  Information from the target inadvertently works its way into the model-checking mechanism  Causes an overly optimistic assessment of generalization performance  Filtering features that directly correlate to the training labels Confusion table ||====================== PREDICTED || positive | negative | Recall TRUTH ||====================== positive || 703,140 | 59,131 | 0.9224 negative || 2,1030 |8,013,623 | 0.9974 ||====================== Precision || 0.9710 | 0.9927 | OVERALL ACCURACY: 0.9811 Confusion table ||====================== PREDICTED || positive | negative | Recall TRUTH ||====================== positive || 625,324 | 136,947 | 0.8203 negative || 29,540 |8,005,113 | 0.9963 ||====================== Precision || 0.9549 | 0.9832 | OVERALL ACCURACY: 0.9668 With some data leaks Filtering known data leaks
  • 39.  Not all Base Classifiers classify every threat scenario  What you can do:  Retaining the instance but..  Adding Boolean features indicating what features were missing  Cross Join between features  Interpretable models Model Probability Verdict FileEmulation1 N/A Unknown FileDetonation N/A Unknown FuzzyHash1 N/A Unknown FuzzyHash2 0.014020299 Clean CloudClassifier1 N/A Unknown CloudClassifier2 N/A Unknown CloudClassifier3 N/A Unknown CloudClassifier4 N/A Unknown CloudClassifier5 N/A Unknown CloudClassifier6 N/A Unknown . . . . . . . . . ResearcherExpertise 0.07285905 Clean PEPropertiesClassifier N/A Unknown FileMetaDataClassifier1 N/A Unknown FileMetaDataClassifier2 N/A Unknown FileMetaDataClassifier3 N/A Unknown BehavioralClassifier1 N/A Unknown BehavioralClassifier2 N/A Unknown Stacked Ensemble 0.92 Malware
  • 40.  Adding K-means distance for each instance from the centroid of each cluster as an input feature
  • 41.  Maintaining a fixed label distribution for training  Continuous monitoring of incoming telemetry to catch anomalies/ outliers before training Time
  • 42.
  • 45. Ratio of number of instances perturbed The classifier is robust to one of the classifiers being compromised at 1% FPR.
  • 46. train Machine attributes Dynamic and contextual attributes Static file attributes Example: Averaged perceptron model with > .90 probability = 0.0001% false positive rate Cloud Client
  • 47. Supervised Training Adding Rogue Features
  • 48. # of Random Classifiers False Positive Rate True Positive Rate 0 0.8746% 96.1824% 2 0.8834% 96.1222% 4 0.8912% 96.0385% 6 0.8939% 95.8932% 8 0.8974% 95.8462% 10 0.9131% 95.8462% The classifier can detect these random noises and the performance drop is negligible.
  • 49. Machine attributes Dynamic and contextual attributes Static file attributes Example: Averaged perceptron model with > .90 probability = 0.0001% false positive rate Cloud Client
  • 50.
  • 51. Ratio of number of instances perturbed Flipping top 2 Feature Values
  • 52.
  • 53. Cloud Client # of Instances Data Distribution Bias Anomalies Metrics Requirements Continuous Monitoring Overall Blocks Telemetry Relevant features Threat Landscape Ensemble Model Development and Testing Ensemble ML Primer Diversity Requirements Developing the Model Testing the Model
  • 54. Introduction ML Primer Adversarial Examples Ensemble Model Development and Testing ResultsEnsemble Model Development and Testing
  • 55. Other Cloud Blocks 88% Ensemble Blocks 12% Archive 4% Documents and macros 8% Other (1k+ types) PE File 68% Shortcut 11% Signed PE File 3% VBS 3%
  • 57. Filters out noisy signals from an occasionally underperforming model Increases predictive power with easy interpretability Adds resilience against attacks on individual models
  • 58.
  • 59.  Small-scale attack in Central and Western Canada  Most targets reached within 5 ½ hours  73% of targets were commercial businesses
  • 60.
  • 61. Model Probability Verdict PDFClassifier - Unknown NonPEClassifier - Unknown CloudModel3 0.06 Clean? FuzzyHash1 0.07 Clean? FuzzyHash2 0.08 Clean? ResearchExpertise 0.99 Malware Ensemble1 0.27 ~Sketchy Ensemble2 0.84 Sketchy! Ensemble3 0.91 Malware Client Cloud
  • 62.
  • 63. Model Probability Verdict FuzzyHash2 0.06 Clean? Ensemble1 0.27 ~Sketchy JsModel 0.52 Sketchy! ResearchExpertise 0.64 Sketchy! Ensemble3 0.91 Malware Client Cloud vNSAml.js
  • 64.
  • 65.  Daewoo Chong (Windows Defender ATP Research)  Christian Seifert (Windows Defender ATP Research)  Allan Sepillo (Windows Defender ATP Research)  Bhavna Soman (Windows Defender ATP Research)  Jay Stokes (Microsoft Research)  Maria Vlachopoulou (Windows Defender ATP Research)  Samuel Wakasugui (Windows Defender ATP Research)
  • 66. Today’s presentation All data and charts, unless otherwise noted, is from Microsoft. Preso: https://www.blackhat.com/us-18/briefings/schedule/index.html#protecting-the-protector-hardening-machine-learning-defenses- against-adversarial-attacks-11669 Blog: https://aka.ms/hardening-ML Upcoming conference presentations Virus Bulletin 2018 (Montreal): Starving malware authors through dynamic classification Karishma Sanghvi (Microsoft), Joe Blackbird (Microsoft) Blog Posts and Other References Antivirus evolved Windows Defender Antivirus cloud protection service: Advanced real-time defense against never-before-seen malware Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses How artificial intelligence stopped an Emotet outbreak Behavior monitoring combined with machine learning spoils a massive Dofoil coin mining campaign Machine Learning vs. Social Engineering Whitepaper: The Evolution of Malware Prevention
  • 67. Client-based machine learning is susceptible to brute force attacks After you deploy, ensure you have monitors to alert on potential tampering Consider the various vectors of attack, identify most likely vectors, then test them Build a diverse set of complementary models, then add an ensemble layer