526 publications from this institution
In this paper, we present a generic, query-efficient black-box attack against API call-based machine learning malware classifiers. We generate adversarial examples by modifying the malware's API call sequences and non-sequential features (printable strings), and these adversarial examples will be misclassified by the target malware classifier without affecting the malware's functionality. In contrast to previous studies, our attack minimizes the number of malware classifier queries required. In addition, in our attack, the attacker must only know the class predicted by the malware classifier; attacker knowledge of the malware classifier's confidence score is optional. We evaluate the attack effectiveness when attacks are performed against a variety of malware classifier architectures, including recurrent neural network (RNN) variants, deep neural networks, support vector machines, and gradient boosted decision trees. Our attack success rate is around 98% when the classifier's confidence score is known and 64% when just the classifier's predicted class is known. We implement four state-of-the-art query-efficient attacks and show that our attack requires fewer queries and less knowledge about the attacked model's architecture than other existing query-efficient attacks, making it practical for attacking cloud-based malware classifiers at a minimal cost.
Privacy preserving data mining aims to prevent the violation of privacy that might result from mining of sensitive data. This is commonly achieved by data anonymization. One way to anonymize data is adherence to the k-anonymity concept which requires that the probability to identify an individual by linking databases not to exceed 1/k. In this paper we propose an algorithm which utilizes rough set theory to achieve k-anonymity. The basic idea is to partition the original dataset into several disjoint reducts such that each one of them adheres to k-anonymity. We show that it is easier to make each reduct comply with k-anonymity if it does not contain all quasi-identifier attributes. Moreover, our procedure ensures that even if the attacker attempts to rejoin the reducts, the k-anonymity is still preserved.
