• Publications
  • Influence
The Limitations of Deep Learning in Adversarial Settings
TLDR
This work formalizes the space of adversaries against deep neural networks (DNNs) and introduces a novel class of algorithms to craft adversarial samples based on a precise understanding of the mapping between inputs and outputs of DNNs. Expand
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
TLDR
A new class of model inversion attack is developed that exploits confidence values revealed along with predictions and is able to estimate whether a respondent in a lifestyle survey admitted to cheating on their significant other and recover recognizable images of people's faces given only their name. Expand
Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting
TLDR
The effect that overfitting and influence have on the ability of an attacker to learn information about the training data from machine learning models, either through training set membership inference or attribute inference attacks is examined. Expand
Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing
TLDR
It is concluded that current DP mechanisms do not simultaneously improve genomic privacy while retaining desirable clinical efficacy, highlighting the need for new mechanisms that should be evaluated in situ using the general methodology introduced by this work. Expand
Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors
TLDR
This paper presents an automatic technique for extracting optimally discriminative specifications, which uniquely identify a class of programs, which can be used by a behavior-based malware detector. Expand
Cyber SA: Situational Awareness for Cyber Defense
TLDR
Intrusion detection is a very primitive element of this aspect of situation perception, it identifies an event that may be part of an attack once that event adds to a recognition or identification activity. Expand
Verified Security for Browser Extensions
TLDR
This paper presents \ibex, a new framework for authoring, analyzing, verifying, and deploying secure browser extensions based on using type-safe, high-level languages to program extensions against an API providing access to a variety of browser features, and proposes using Data log to specify fine-grained access control and dataflow policies. Expand
A Layered Architecture for Detecting Malicious Behaviors
TLDR
This work effectively distinguished malicious execution of high-level behaviors from benign by identifying remotely-initiated actions and designed to preemptively address evasive malware behavior. Expand
On the Practical Exploitability of Dual EC in TLS Implementations
TLDR
This paper analyzes the actual cost of attacking TLS implementations that use NIST's Dual EC pseudorandom number generator and shows that Dual EC exploitability is fragile, and in particular is stopped by an outright bug in the certified Dual EC implementation in OpenSSL. Expand
Mining Graph Patterns Efficiently via Randomized Summaries
TLDR
This work proposes a new framework, called Summarize-Mine, which can find interesting malware fingerprints that were not revealed previously by generating randomized summaries and repeating the process for multiple rounds, and provides strict probabilistic guarantees on pattern loss likelihood. Expand
...
1
2
3
4
5
...