The Limitations of Deep Learning in Adversarial Settings
- Nicolas Papernot, P. Mcdaniel, S. Jha, Matt Fredrikson, Z. B. Celik, A. Swami
- Computer ScienceEuropean Symposium on Security and Privacy
- 24 November 2015
This work formalizes the space of adversaries against deep neural networks (DNNs) and introduces a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs.
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
- Matt Fredrikson, S. Jha, T. Ristenpart
- Computer ScienceConference on Computer and Communications…
- 12 October 2015
A new class of model inversion attack is developed that exploits confidence values revealed along with predictions and is able to estimate whether a respondent in a lifestyle survey admitted to cheating on their significant other and recover recognizable images of people's faces given only their name.
Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting
- Samuel Yeom, Irene Giacomelli, Matt Fredrikson, S. Jha
- Computer ScienceIEEE Computer Security Foundations Symposium
- 5 September 2017
The effect that overfitting and influence have on the ability of an attacker to learn information about the training data from machine learning models, either through training set membership inference or attribute inference attacks is examined.
Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing
- Matt Fredrikson, Eric Lantz, S. Jha, Simon M Lin, David Page, T. Ristenpart
- Computer ScienceUSENIX Security Symposium
- 20 August 2014
It is concluded that current DP mechanisms do not simultaneously improve genomic privacy while retaining desirable clinical efficacy, highlighting the need for new mechanisms that should be evaluated in situ using the general methodology introduced by this work.
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
- Matt Fredrikson, S. Jha, Mihai Christodorescu, R. Sailer, Xifeng Yan
- Computer ScienceIEEE Symposium on Security and Privacy
- 16 May 2010
This paper presents an automatic technique for extracting optimally discriminative specifications, which uniquely identify a class of programs, which can be used by a behavior-based malware detector.
Cyber SA: Situational Awareness for Cyber Defense
- P. Barford, M. Dacier, J. Yen
- Computer ScienceCyber Situational Awareness
- 1 December 2010
Intrusion detection is a very primitive element of this aspect of situation perception, it identifies an event that may be part of an attack once that event adds to a recognition or identification activity.
Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership Inference
- Klas Leino, Matt Fredrikson
- Computer ScienceUSENIX Security Symposium
- 27 June 2019
This work shows how a model's idiosyncratic use of features can provide evidence for membership to white-box attackers---even when the model's black-box behavior appears to generalize well---and demonstrates that this attack outperforms prior black- box methods.
A Layered Architecture for Detecting Malicious Behaviors
- L. Martignoni, Elizabeth Stinson, Matt Fredrikson, S. Jha, John C. Mitchell
- Computer ScienceInternational Symposium on Recent Advances in…
- 15 September 2008
This work effectively distinguished malicious execution of high-level behaviors from benign by identifying remotely-initiated actions and designed to preemptively address evasive malware behavior.
Verified Security for Browser Extensions
- Arjun Guha, Matt Fredrikson, B. Livshits, N. Swamy
- Computer ScienceIEEE Symposium on Security and Privacy
- 22 May 2011
This paper presents \ibex, a new framework for authoring, analyzing, verifying, and deploying secure browser extensions based on using type-safe, high-level languages to program extensions against an API providing access to a variety of browser features, and proposes using Data log to specify fine-grained access control and dataflow policies.
Mining Graph Patterns Efficiently via Randomized Summaries
- Cheng Chen, C. Lin, Matt Fredrikson, Mihai Christodorescu, Xifeng Yan, Jiawei Han
- Computer ScienceProceedings of the VLDB Endowment
- 1 August 2009
This work proposes a new framework, called Summarize-Mine, which can find interesting malware fingerprints that were not revealed previously by generating randomized summaries and repeating the process for multiple rounds, and provides strict probabilistic guarantees on pattern loss likelihood.
...
...