scispace - formally typeset

arXiv: Cryptography and Security

About: arXiv: Cryptography and Security is an academic journal. The journal publishes majorly in the area(s): Encryption & Cryptography. Over the lifetime, 13390 publication(s) have been published receiving 117449 citation(s). more

Topics: Encryption, Cryptography, Authentication more

Open accessPosted Content
Nicolas Papernot1, Patrick McDaniel1, Somesh Jha2, Matt Fredrikson2  +2 moreInstitutions (3)
Abstract: Deep learning takes advantage of large datasets and computationally efficient training algorithms to outperform other approaches at various machine learning tasks. However, imperfections in the training phase of deep neural networks make them vulnerable to adversarial samples: inputs crafted by adversaries with the intent of causing deep neural networks to misclassify. In this work, we formalize the space of adversaries against deep neural networks (DNNs) and introduce a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs. In an application to computer vision, we show that our algorithms can reliably produce samples correctly classified by human subjects but misclassified in specific targets by a DNN with a 97% adversarial success rate while only modifying on average 4.02% of the input features per sample. We then evaluate the vulnerability of different sample classes to adversarial perturbations by defining a hardness measure. Finally, we describe preliminary work outlining defenses against adversarial samples by defining a predictive measure of distance between a benign input and a target classification. more

Topics: Deep learning (57%)

1,789 Citations

Open accessPosted Content
Abstract: Many machine learning models are vulnerable to adversarial examples: inputs that are specially crafted to cause a machine learning model to produce an incorrect output Adversarial examples that affect one model often affect another model, even if the two models have different architectures or were trained on different training sets, so long as both models were trained to perform the same task An attacker may therefore train their own substitute model, craft adversarial examples against the substitute, and transfer them to a victim model, with very little information about the victim Recent work has further developed a technique that uses the victim model as an oracle to label a synthetic training set for the substitute, so the attacker need not even collect a training set to mount the attack We extend these recent techniques using reservoir sampling to greatly enhance the efficiency of the training procedure for the substitute model We introduce new transferability attacks between previously unexplored (substitute, victim) pairs of machine learning model classes, most notably SVMs and decision trees We demonstrate our attacks on two commercial machine learning classification systems from Amazon (9619% misclassification rate) and Google (8894%) using only 800 queries of the victim model, thereby showing that existing machine learning approaches are in general vulnerable to systematic black-box attacks regardless of their structure more

1,212 Citations

Open accessPosted Content
Ran Canetti1, Oded Goldreich2, Shai Halevi1Institutions (2)
Abstract: We take a critical look at the relationship between the security of cryptographic schemes in the Random Oracle Model, and the security of the schemes that result from implementing the random oracle by so called "cryptographic hash functions". The main result of this paper is a negative one: There exist signature and encryption schemes that are secure in the Random Oracle Model, but for which any implementation of the random oracle results in insecure schemes. In the process of devising the above schemes, we consider possible definitions for the notion of a "good implementation" of a random oracle, pointing out limitations and challenges. more

Topics: Random oracle (76%), Cryptographic hash function (59%), Encryption (55%) more

1,007 Citations

Open accessPosted Content
Ittay Eyal1, Emin Gün Sirer2Institutions (2)
Abstract: The Bitcoin cryptocurrency records its transactions in a public log called the blockchain. Its security rests critically on the distributed protocol that maintains the blockchain, run by participants called miners. Conventional wisdom asserts that the protocol is incentive-compatible and secure against colluding minority groups, i.e., it incentivizes miners to follow the protocol as prescribed. We show that the Bitcoin protocol is not incentive-compatible. We present an attack with which colluding miners obtain a revenue larger than their fair share. This attack can have significant consequences for Bitcoin: Rational miners will prefer to join the selfish miners, and the colluding group will increase in size until it becomes a majority. At this point, the Bitcoin system ceases to be a decentralized currency. Selfish mining is feasible for any group size of colluding miners. We propose a practical modification to the Bitcoin protocol that protects against selfish mining pools that command less than 1/4 of the resources. This threshold is lower than the wrongly assumed 1/2 bound, but better than the current reality where a group of any size can compromise the system. more

Topics: Cryptocurrency (55%)

900 Citations

Open accessBook ChapterDOI: 10.1007/978-3-642-40994-3_25
Battista Biggio1, Igino Corona1, Davide Maiorca1, Blaine Nelson2  +4 moreInstitutions (3)
Abstract: In security-sensitive applications, the success of machine learning depends on a thorough vetting of their resistance to adversarial data. In one pertinent, well-motivated attack scenario, an adversary may attempt to evade a deployed system at test time by carefully manipulating attack samples. In this work, we present a simple but effective gradient-based approach that can be exploited to systematically assess the security of several, widely-used classification algorithms against evasion attacks. Following a recently proposed framework for security evaluation, we simulate attack scenarios that exhibit different risk levels for the classifier by increasing the attacker's knowledge of the system and her ability to manipulate attack samples. This gives the classifier designer a better picture of the classifier performance under evasion attacks, and allows him to perform a more informed model selection (or parameter setting). We evaluate our approach on the relevant security task of malware detection in PDF files, and show that such systems can be easily evaded. We also sketch some countermeasures suggested by our analysis. more

Topics: Malware (51%)

876 Citations

No. of papers from the Journal in previous years

Top Attributes

Show by:

Journal's top 5 most impactful authors

Yuval Elovici

49 papers, 1.1K citations

Xiaojiang Du

42 papers, 527 citations

Mauro Conti

33 papers, 524 citations

Emiliano De Cristofaro

30 papers, 457 citations

Wojciech Mazurczyk

27 papers, 340 citations

Network Information
Related Journals (5)
IEEE Transactions on Dependable and Secure Computing

1.1K papers, 48K citations

91% related
International Journal of Information Security

628 papers, 16.5K citations

91% related
IACR Cryptology ePrint Archive

13.3K papers, 193.1K citations

90% related
IEEE Transactions on Information Forensics and Security

2.7K papers, 133.2K citations

88% related
ACM Transactions on Information and System Security

319 papers, 48.7K citations

88% related