Adversarial Black-Box Attacks in the Domain of Device Fingerprints
Typ
Examensarbete för masterexamen
Program
Computer systems and networks (MPCSN), MSc
Publicerad
2020
Författare
Andersson, Joel
Örtenberg, Gustav
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
Network security products incorporate many different tools in order to secure large networks. State-of-the-artproductsoftenutilizemachinelearninginordertoclassify devices connected to a network to assign them different levels of trust without the need for authentication. These zero-configuration security mechanisms work similarly to image classifying Deep Neural Networks and are of interest for big organizations where large amounts of devices come and go every day. However, solutions leveraging the power of machine learning also inherit its vulnerability to adversarial samples. Previous work has shown that even in query-limited blackbox scenarios, which is the most limiting for an attacker, image classifiers are vulnerable to adversarial attacks that make use of specially crafted input vectors [24]. This study shows that known attack techniques against image classifiers can be successfully reapplied to classifiers in the domain of device fingerprints in computer networks. We provide proof of concept that previously discovered adversarial sampling techniques are applicable in the domain of device fingerprints by attacking a well known commercial classifier. We show that across ten different devices on average 9.9% of the adversarial samples were successfully misclassified by the classifier. The most prominent of those devices had 36% of its adversarial samplesmisclassified. Theseresultspointtotheneedformoresophisticatedtraining algorithmsaswellastheimportanceofnotbuildingsolutionsthatbuildsontrusting device- or user-supplied data.
Beskrivning
Ämne/nyckelord
Adversarial Machine Learning , Adversarial Samples , Black-Box Attack , Device Fingerprinting , Network Packet Sniffing , Network Security , Transferability