Mahmood Sharif Guest Lecture From TAU – Learning Club 12.6.22

###### Meeting Info ######

Title:
Toward robust malware detection and faithfully evaluating the robustness of neural networks

Abstract:
Adversarial examples have emerged as a profound challenge and a critical concern for several application domains, sparking interest in developing adversarially robust machine-learning (ML) models and reliable methods for assessing robustness. In this talk, I will discuss our recent efforts on these fronts. First, I will present Constrained Gradient Descent (CGD), a new attack producing imperceptible perturbations to mislead neural networks in a targeted manner. CGD leverages an appropriate loss function and a principled attack strategy to better align with the attacker’s objectives, leading it to outperform state-of-the-art attacks (e.g., 8.2–14.9% higher success rates on ImageNet). Second, I will introduce practical attacks against ML-based malware detection. Our attacks interweave binary-diversification techniques and optimization frameworks to mislead malware detection while preserving binaries’ functionality. Unlike prior attacks, ours manipulate instructions that are a functional part of the binary, rendering them particularly challenging to defend against. Extensive experiments show that our attacks are potent (achieving ~100% success rate against leading detectors), and can even evade commercial anti-viruses. Finally, I will describe our attempts to enhance the robustness of ML-based malware detection via adversarial training. Here, we show that methods effective in other domains do not result in robust malware detection. However, by adversarially training models on modified versions of our attacks, we can improve robustness even against perturbations unseen during training.

References:
*  K. Lucas, M. Sharif, L. Bauer, M. K. Reiter, S. Shintre. “Malware Makeover: Breaking ML-based Static Analysis by Modifying Executable Bytes.” Asia Conference on Computer and Communications Security (AsiaCCS). 2021.
*  W. Lin, K. Lucas, L. Bauer, M. K. Reiter, M. Sharif. “Constrained Gradient Descent: A Powerful and Principled Evasion Attack Against Neural Networks.” International Conference on Machine Learning (ICML). 2022. To appear.
*  K. Lucas, W. Lin, S. Pai, L. Bauer, M. K. Reiter, M. Sharif. “How to Best Adversarially Train Your Raw-Binary Malware Classifier.” 2022. Under submission.

Speaker’s Short bio:
Mahmood Sharif is a senior lecturer in the Blavatnik School of Computer Science at Tel Aviv University. His research interests are primarily at the intersections of computer security and privacy with machine learning, specifically adversarial machine learning, and with human factors. Mahmood obtained his Ph.D. from Carnegie Mellon University, where he was affiliated with the CyLab Security and Privacy Institute. Before joining Tel Aviv University, Mahmood was a postdoctoral researcher in the VMware Research Group and a principal research engineer in the NortonLifeLock Research Group. His awards include the Maof prize for excellent new faculty, two CyLab Presidential Fellowships, and a Symantec Research Labs Fellowship.

##### Connection Details #####
Join Zoom Meeting
https://us02web.zoom.us/j/4685913265?pwd=VndVS01rTzFVeDBuRFpDUm1RYWdiQT09

Meeting ID: 468 591 3265
Passcode: 948836
One tap mobile
+16699009128,,4685913265# US (San Jose)
+12532158782,,4685913265# US (Tacoma)

Dial by your location
+1 669 900 9128 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 301 715 8592 US (Washington DC)
+1 312 626 6799 US (Chicago)
+1 346 248 7799 US (Houston)
+1 646 558 8656 US (New York)
Meeting ID: 468 591 3265
Find your local number: https://us02web.zoom.us/u/kcDSwolPp