Dissertations / Theses on the topic 'Adversarial Attack and Defense'
To see the other types of publications on this topic, follow the link: Adversarial Attack and Defense.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Adversarial Attack and Defense.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Branlat, Matthieu. "Challenges to Adversarial Interplay Under High Uncertainty: Staged-World Study of a Cyber Security Event." The Ohio State University, 2011. http://rave.ohiolink.edu/etdc/view?acc_num=osu1316462733.
Full text
2
Kanerva, Anton, and Fredrik Helgesson. "On the Use of Model-Agnostic Interpretation Methods as Defense Against Adversarial Input Attacks on Tabular Data." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-20085.
Full textAbstract:
Context. Machine learning is a constantly developing subfield within the artificial intelligence field. The number of domains in which we deploy machine learning models is constantly growing and the systems using these models spread almost unnoticeably in our daily lives through different devices. In previous years, lots of time and effort has been put into increasing the performance of these models, overshadowing the significant risks of attacks targeting the very core of the systems, the trained machine learning models themselves. A specific attack with the aim of fooling the decision-making of a model, called the adversarial input attack, has almost exclusively been researched for models processing image data. However, the threat of adversarial input attacks stretches beyond systems using image data, to e.g the tabular domain which is the most common data domain used in the industry. Methods used for interpreting complex machine learning models can help humans understand the behavior and predictions of these complex machine learning systems. Understanding the behavior of a model is an important component in detecting, understanding and mitigating vulnerabilities of the model. Objectives. This study aims to reduce the research gap of adversarial input attacks and defenses targeting machine learning models in the tabular data domain. The goal of this study is to analyze how model-agnostic interpretation methods can be used in order to mitigate and detect adversarial input attacks on tabular data. Methods. The goal is reached by conducting three consecutive experiments where model interpretation methods are analyzed and adversarial input attacks are evaluated as well as visualized in terms of perceptibility. Additionally, a novel method for adversarial input attack detection based on model interpretation is proposed together with a novel way of defensively using feature selection to reduce the attack vector size. Results. The adversarial input attack detection showed state-of-the-art results with an accuracy over 86%. The proposed feature selection-based mitigation technique was successful in hardening the model from adversarial input attacks by reducing their scores by 33% without decreasing the performance of the model. Conclusions. This study contributes with satisfactory and useful methods for adversarial input attack detection and mitigation as well as methods for evaluating and visualizing the imperceptibility of attacks on tabular data.Kontext. Maskininlärning är ett område inom artificiell intelligens som är under konstant utveckling. Mängden domäner som vi sprider maskininlärningsmodeller i växer sig allt större och systemen sprider sig obemärkt nära inpå våra dagliga liv genom olika elektroniska enheter. Genom åren har mycket tid och arbete lagts på att öka dessa modellers prestanda vilket har överskuggat risken för sårbarheter i systemens kärna, den tränade modellen. En relativt ny attack, kallad "adversarial input attack", med målet att lura modellen till felaktiga beslutstaganden har nästan uteslutande forskats på inom bildigenkänning. Men, hotet som adversarial input-attacker utgör sträcker sig utom ramarna för bilddata till andra datadomäner som den tabulära domänen vilken är den vanligaste datadomänen inom industrin. Metoder för att tolka komplexa maskininlärningsmodeller kan hjälpa människor att förstå beteendet hos dessa komplexa maskininlärningssystem samt de beslut som de tar. Att förstå en modells beteende är en viktig komponent för att upptäcka, förstå och mitigera sårbarheter hos modellen. Syfte. Den här studien försöker reducera det forskningsgap som adversarial input-attacker och motsvarande försvarsmetoder i den tabulära domänen utgör. Målet med denna studie är att analysera hur modelloberoende tolkningsmetoder kan användas för att mitigera och detektera adversarial input-attacker mot tabulär data. Metod. Det uppsatta målet nås genom tre på varandra följande experiment där modelltolkningsmetoder analyseras, adversarial input-attacker utvärderas och visualiseras samt där en ny metod baserad på modelltolkning föreslås för detektion av adversarial input-attacker tillsammans med en ny mitigeringsteknik där feature selection används defensivt för att minska attackvektorns storlek. Resultat. Den föreslagna metoden för detektering av adversarial input-attacker visar state-of-the-art-resultat med över 86% träffsäkerhet. Den föreslagna mitigeringstekniken visades framgångsrik i att härda modellen mot adversarial input attacker genom att minska deras attackstyrka med 33% utan att degradera modellens klassifieringsprestanda. Slutsats. Denna studie bidrar med användbara metoder för detektering och mitigering av adversarial input-attacker såväl som metoder för att utvärdera och visualisera svårt förnimbara attacker mot tabulär data.
3
Harris, Rae. "Spectre: Attack and Defense." Scholarship @ Claremont, 2019. https://scholarship.claremont.edu/scripps_theses/1384.
Full textAbstract:
Modern processors use architecture like caches, branch predictors, and speculative execution in order to maximize computation throughput. For instance, recently accessed memory can be stored in a cache so that subsequent accesses take less time. Unfortunately microarchitecture-based side channel attacks can utilize this cache property to enable unauthorized memory accesses. The Spectre attack is a recent example of this attack.
The Spectre attack is particularly dangerous because the vulnerabilities that it exploits are found in microprocessors used in billions of current systems. It involves the attacker inducing a victim’s process to speculatively execute code with a malicious input and store the recently accessed memory into the cache.
This paper describes the previous microarchitecture side channel attacks. It then describes the three variants of the Spectre attack. It describes and evaluates proposed defenses against Spectre.
4
Wood, Adrian Michael. "A defensive strategy for detecting targeted adversarial poisoning attacks in machine learning trained malware detection models." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2021. https://ro.ecu.edu.au/theses/2483.
Full textAbstract:
Machine learning is a subset of Artificial Intelligence which is utilised in a variety of different fields to increase productivity, reduce overheads, and simplify the work process through training machines to automatically perform a task. Machine learning has been implemented in many different fields such as medical science, information technology, finance, and cyber security. Machine learning algorithms build models which identify patterns within data, which when applied to new data, can map the input to an output with a high degree of accuracy. To build the machine learning model, a dataset comprised of appropriate examples is divided into training and testing sets. The training set is used by the machine learning algorithm to identify patterns within the data, which are used to make predictions on new data. The test set is used to evaluate the performance of the machine learning model.
These models are popular because they significantly improve the performance of technology through automation of feature detection which previously required human input. However, machine learning algorithms are susceptible to a variety of adversarial attacks, which allow an attacker to manipulate the machine learning model into performing an unwanted action, such as misclassifying data into the attackers desired class, or reducing the overall efficacy of the ML model. One current research area is that of malware detection. Malware detection relies on machine learning to detect previously unknown malware variants, without the need to manually reverse-engineer every suspicious file. Detection of Zero-day malware plays an important role in protecting systems generally but is particularly important in systems which manage critical infrastructure, as such systems often cannot be shut down to apply patches and thus must rely on network defence.
In this research, a targeted adversarial poisoning attack was developed to allow Zero-day malware files, which were originally classified as malicious, to bypass detection by being misclassified as benign files. An adversarial poisoning attack occurs when an attacker can inject specifically-crafted samples into the training dataset which alters the training process to the desired outcome of the attacker. The targeted adversarial poisoning attack was performed by taking a random selection of the Zero-day file’s import functions and injecting them into the benign training dataset. The targeted adversarial poisoning attack succeeded for both Multi-Layer Perceptron (MLP) and Decision Tree models without reducing the overall efficacy of the target model. A defensive strategy was developed for the targeted adversarial poisoning attack for the MLP models by examining the activation weights of the penultimate layer at test time. If the activation weights were outside the norm for the target (benign) class, the file is quarantined for further examination. It was found to be possible to identify on average 80% of the target Zero-day files from the combined targeted poisoning attacks by examining the activation weights of the neurons from the penultimate layer.
5
Moore, Tyler Weston. "Cooperative attack and defense in distributed networks." Thesis, University of Cambridge, 2008. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.612283.
Full text
6
Zhang, Ning. "Attack and Defense with Hardware-Aided Security." Diss., Virginia Tech, 2016. http://hdl.handle.net/10919/72855.
Full textAbstract:
Riding on recent advances in computing and networking, our society is now experiencing the evolution into the age of information. While the development of these technologies brings great value to our daily life, the lucrative reward from cyber-crimes has also attracted criminals. As computing continues to play an increasing role in the society, security has become a pressing issue. Failures in computing systems could result in loss of infrastructure or human life, as demonstrated in both academic research and production environment. With the continuing widespread of malicious software and new vulnerabilities revealing every day, protecting the heterogeneous computing systems across the Internet has become a daunting task. Our approach to this challenge consists of two directions. The first direction aims to gain a better understanding of the inner working of both attacks and defenses in the cyber environment. Meanwhile, our other direction is designing secure systems in adversarial environment.Ph. D.
7
Sohail, Imran, and Sikandar Hayat. "Cooperative Defense Against DDoS Attack using GOSSIP Protocol." Thesis, Blekinge Tekniska Högskola, Avdelningen för telekommunikationssystem, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-1224.
Full textAbstract:
The ability to detect and prevent a network from DDoS attack and to ensure the high quality infrastructure is a back bone of today’s network security issues. In this thesis, we have successfully validated an algorithm using OmNet++ Ver. 4.0 simulation to show how a DDoS attack can be detected and how the nodes can be protected from such an attack using GOSSIP protocol.
8
Townsend, James R. "Defense of Naval Task Forces from Anti-Ship Missile attack." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1999. http://handle.dtic.mil/100.2/ADA363038.
Full text
9
Haberlin, Richard J. "Analysis of unattended ground sensors in theater Missile Defense Attack Operations." Thesis, Monterey, California. Naval Postgraduate School, 1997. http://hdl.handle.net/10945/26369.
Full textAbstract:
Approved for public release; distribution is unlimitedUnattended ground sensors have a tremendous potential for improving Tactical Ballistic Missile Attack Operations. To date, however, this potential has gone unrealized primarily due to a lack of confidence in the systems and a lack of tactical doctrine for their employment. This thesis provides analyses to demonstrate the effective use of sensor technology and provides recommendations as to how they may best be employed. The probabilistic decision model reports the optimal size array for each of the candidate array locations. It also provides an optimal policy for determining the likelihood that the target is a Time Critical Target based on the number of sensors in agreement as to its identity. This policy may vary with each candidate array. Additionally, recommendations are made on the placement of the arrays within the theater of operations and their optimal configuration to maximize information gained while minimizing the likelihood of compromise. Specifics include, inter-sensor spacing, placement patterns, array locations, and off-road distance
10
Widel, Wojciech. "Formal modeling and quantitative analysis of security using attack- defense trees." Thesis, Rennes, INSA, 2019. http://www.theses.fr/2019ISAR0019.
Full textAbstract:
L'analyse de risque est un processus très complexe. Elle nécessite une représentation rigoureuse et une évaluation approfondie des menaces et de leur contre-mesures. Cette thèse porte sur la modélisation formelle de la sécurité à l'aide d'arbres d'attaque et de défense. Ces derniers servent à représenter et à quantifier les attaques potentielles afin de mieux comprendre les enjeux de sécurité auxquels le système analysé peut être confronté. Ils permettent donc de guider un expert dans le choix des contre-mesures à implémenter pour sécuriser son système. - Le développement d'une méthodologie basée sur la dominance de Pareto et permettant de prendre en compte plusieurs aspects quantitatifs simultanément (e.g., coût, temps, probabilité, difficulté, etc.) lors d'une analyse de risques. - La conception d'une technique, utilisant les méthodes de programmation linéaire, pour sélectionner un ensemble de contre-mesures optimal, en tenant compte du budget destiné à la protection du système analysé. C'est une technique générique qui peut être appliquée à plusieurs problèmes d'optimisation, par exemple, la maximisation de la couverture de surface d'attaque, Les principales contributions de cette thèse sont les ou encore la maximisation du investissement de suivantes : l'attaquant. - L'enrichissement du modèle des arbres d'attaque et de défense permettant d'analyser des scénarios de Pour garantir leur applicabilité pratique, le modèle et sécurité réels. Nous avons notamment développé les les algorithmes mathématiques développés ont été fondements théoriques et les algorithmes d'évaluation implémentés dans un outil informatique à source quantitative pour le modèle où une action de ouverte et accès gratuit. Tous les résultats ont l'attaquant peut contribuer à plusieurs attaques et où également été validés lors d'une étude pratique une contre-mesure peut prévenir plusieurs menaces. portant sur un scénario industriel d'altération de compteurs de consommation d'électricitéRisk analysis is a very complex process. It requires rigorous representation and in-depth assessment of threats and countermeasures. This thesis focuses on the formal modelling of security using attack and defence trees. These are used to represent and quantify potential attacks in order to better understand the security issues that the analyzed system may face. They therefore make it possible to guide an expert in the choice of countermeasures to be implemented to secure their system. The main contributions of this thesis are as follows: - The enrichment of the attack and defence tree model allowing the analysis of real security scenarios. In particular, we have developed the theoretical foundations and quantitative evaluation algorithms for the model where an attacker's action can contribute to several attacks and a countermeasure can prevent several threats. - The development of a methodology based on Pareto dominance and allowing several quantitative aspects to be taken into account simultaneously (e.g., cost, time, probability, difficulty, etc.) during a risk analysis. - The design of a technique, using linear programming methods, for selecting an optimal set of countermeasures, taking into account the budget available for protecting the analyzed system. It is a generic technique that can be applied to several optimization problems, for example, maximizing the attack surface coverage, or maximizing the attacker's investment. To ensure their practical applicability, the model and mathematical algorithms developed were implemented in a freely available open source tool. All the results were also validated with a practical study on an industrial scenario of alteration of electricity consumption meters
11
Chen, Xiangqian. "Defense Against Node Compromise in Sensor Network Security." FIU Digital Commons, 2007. http://digitalcommons.fiu.edu/etd/7.
Full textAbstract:
Recent advances in electronic and computer technologies lead to wide-spread deployment of wireless sensor networks (WSNs). WSNs have wide range applications, including military sensing and tracking, environment monitoring, smart environments, etc. Many WSNs have mission-critical tasks, such as military applications. Thus, the security issues in WSNs are kept in the foreground among research areas. Compared with other wireless networks, such as ad hoc, and cellular networks, security in WSNs is more complicated due to the constrained capabilities of sensor nodes and the properties of the deployment, such as large scale, hostile environment, etc. Security issues mainly come from attacks. In general, the attacks in WSNs can be classified as external attacks and internal attacks. In an external attack, the attacking node is not an authorized participant of the sensor network. Cryptography and other security methods can prevent some of external attacks. However, node compromise, the major and unique problem that leads to internal attacks, will eliminate all the efforts to prevent attacks. Knowing the probability of node compromise will help systems to detect and defend against it. Although there are some approaches that can be used to detect and defend against node compromise, few of them have the ability to estimate the probability of node compromise. Hence, we develop basic uniform, basic gradient, intelligent uniform and intelligent gradient models for node compromise distribution in order to adapt to different application environments by using probability theory. These models allow systems to estimate the probability of node compromise. Applying these models in system security designs can improve system security and decrease the overheads nearly in every security area. Moreover, based on these models, we design a novel secure routing algorithm to defend against the routing security issue that comes from the nodes that have already been compromised but have not been detected by the node compromise detecting mechanism. The routing paths in our algorithm detour those nodes which have already been detected as compromised nodes or have larger probabilities of being compromised. Simulation results show that our algorithm is effective to protect routing paths from node compromise whether detected or not.
12
Culpepper, Anna M. "Effectiveness of using red-teams to identify maritime security vulnerabilities to terrorist attack." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Sept%5FCulpepper.pdf.
Full textAbstract:
Thesis (M.S. in Systems Engineering)--Naval Postgraduate School, Sept. 2004.Thesis advisor(s): Raymond Buettner, Jr., Dorothy Denning. Includes bibliographical references (p. 65-69). Also available online.
13
Richerioux, Nicolas. "Analysis of gene expression in barley upon aphid attack." Thesis, Södertörn University College, School of Life Sciences, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:sh:diva-1289.
Full textAbstract:
Since plants can not escape their predators by walking, they use some other defense systems, like induction or repression of defense genes. A microarray experiment performed with barley attacked by the bird cherry-oat aphid (Rhopalosiphum padi), led to the hypothesis that contig 16360 (similar to ser/thr kinases) could be linked with the resistance of barley against R. padi, and contig 6519 (similar to WIR 1A) with the susceptibility. Time course experiments showed that contig16360 and AJ250283 (similar to BCI-4) are almost induced in the same way, each, by two different aphids (R. padi and Metopolophium dirhodum). Genomic PCR was used to test the hypothesis that when plants have the gene for contig 16360, they are more likely to be resistant against aphid attack, and when plants have the gene for contig 6519, they are more likely to be susceptible. This test was performed with 69 barley lines: wild, commercial or breeding lines. Results were that the presence of WIR 1A gene has no correlation with the susceptibility, while presence of ser/thr kinase seems to be correlated with resistance.
14
Nanda, Sanjeeb. "GRAPH THEORETIC MODELING: CASE STUDIES IN REDUNDANT ARRAYS OF INDEPENDENT DISKS AND NETWORK DEFENSE." Doctoral diss., University of Central Florida, 2007. http://digital.library.ucf.edu/cdm/ref/collection/ETD/id/3165.
Full textAbstract:
Graph theoretic modeling has served as an invaluable tool for solving a variety of problems since its introduction in Euler's paper on the Bridges of Königsberg in 1736 . Two amongst them of contemporary interest are the modeling of Redundant Arrays of Inexpensive Disks (RAID), and the identification of network attacks. While the former is vital to the protection and uninterrupted availability of data, the latter is crucial to the integrity of systems comprising networks. Both are of practical importance due to the continuing growth of data and its demand at increasing numbers of geographically distributed locations through the use of networks such as the Internet. The popularity of RAID has soared because of the enhanced I/O bandwidths and large capacities they offer at low cost. However, the demand for bigger capacities has led to the use of larger arrays with increased probability of random disk failures. This has motivated the need for RAID systems to tolerate two or more disk failures, without sacrificing performance or storage space. To this end, we shall first perform a comparative study of the existing techniques that achieve this objective. Next, we shall devise novel graph-theoretic algorithms for placing data and parity in arrays of n disks (n ≥ 3) that can recover from two random disk failures, for n = p – 1, n = p and n = 2p – 2, where p is a prime number. Each shall be shown to utilize an optimal ratio of space for storing parity. We shall also show how to extend the algorithms to arrays with an arbitrary number of disks, albeit with non-optimal values for the aforementioned ratio. The growth of the Internet has led to the increased proliferation of malignant applications seeking to breach the security of networked systems. Hence, considerable effort has been focused on detecting and predicting the attacks they perpetrate. However, the enormity of the Internet poses a challenge to representing and analyzing them by using scalable models. Furthermore, forecasting the systems that they are likely to exploit in the future is difficult due to the unavailability of complete information on network vulnerabilities. We shall present a technique that identifies attacks on large networks using a scalable model, while filtering for false positives and negatives. Furthermore, it also forecasts the propagation of security failures proliferated by attacks over time and their likely targets in the future.Ph.D.
School of Electrical Engineering and Computer Science
Engineering and Computer Science
Computer Science PhD
15
Nsambu, Emmanuel, and Danish Aziz. "The Defense Against the latest Cyber Espionage both insider and outsider attacks." Thesis, Mittuniversitetet, Institutionen för informationsteknologi och medier, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-16477.
Full textAbstract:
This study was carried out with the intention of examining the defensive mechanism employed against the latest cyber espionage methods including both insider and outsider attacks. The main focus of this study was on web servers as the targets of the cyber attacks. Information in connection to the study was obtained from researchers’ online articles. A survey was also conducted at MidSweden University in order to obtain information about the latest cyber attacks on web servers and about the existing defensive mechanism against such attacks. The existing defensive mechanism was surveyed and a simple design was created to assist in the investigation of the efficiency of the system. Some simple implementations of the existing defensive mechanism were made in order to provide some practical results that were used for the study. The existing defensive mechanism was surveyed and improved upon where possible. The improved defensive mechanism was designed and implemented and its results were compared with the results from the existing defensive mechanism. Due to the fact that the majority of the attackers use defensive mechanisms’ vulnerability in order to find their way into devices such as web servers, it was felt that, even with the most sophisticated improved defensive mechanism in place, it would not be entirely correct to claim that it is possible to fully protect web servers against such attacks.
16
Yildiz, Kursad. "Electronic attack and sensor fusion techniques for boot-phase defense against multiple ballistic threat missiles." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2005. http://library.nps.navy.mil/uhtbin/hyperion/05Jun%5FYildiz.pdf.
Full textAbstract:
Thesis (M.S. in Systems Engineering)--Naval Postgraduate School, June 2005.Thesis Advisor(s): Phillip E. Pace, Murali Tummala. Includes bibliographical references (p.155-158). Also available online.
17
Chan, Yik-Kwan Eric, and 陳奕鈞. "Investigation of a router-based approach to defense against Distributed Denial-of-Service (DDoS) attack." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B30173309.
Full text
18
Ding, Sze Yi. "On Distributed Strategies in Defense of a High Value Unit (HVU) Against a Swarm Attack." Thesis, Monterey, California. Naval Postgraduate School, 2012. http://hdl.handle.net/10945/17356.
Full textAbstract:
Approved for public release; distribution is unlimitedSwarm attacks are of great concern to the U.S. Navy as well as to navies around the world and commercial ships transiting through waters with high volume of marine traffic. A large group of hostile ships can hide themselves among various other small ships, like pleasure crafts, fishing boats and transport vessels, and can make a coordinated attack against a High Value Unit (HVU) while it passes by. The HVU can easily be overwhelmed by the numbers and sustain heavy damage or risk being taken over. The objective of this thesis is to develop heuristic algorithms that multiple defenders can use to intercept and stop the advances of multiple attackers. The attackers are in much larger numbers compared to the defenders, and are moving in on a slow moving HVU. Pursuit guidance laws and proportional navigation (PN) guidance laws, commonly used in missile guidance strategies, are modified to be used by the defenders to try intercepting attackers that outnumber them. Another objective is to evaluate the effectiveness of the heuristic algorithms in defending the HVU against the swarm attack. The probability that the HVU survives the swarm attack will be used as a measure of effectiveness of the algorithms. The impact of various parameters, like the number of defenders and the speed of defenders, on the effectiveness of the algorithms are also evaluated.
19
Flachsbart, Brian M. "A robust methodology to evaluate aircraft survivability enhancement due to combined signature reduction and onboard electronic attack." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1997. http://handle.dtic.mil/100.2/ADA329367.
Full text
20
Sandin, Michael. "Pre-Emptive Self-Defence : When does an armed attack occur?" Thesis, Stockholms universitet, Juridiska institutionen, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-193754.
Full text
21
Lovsin, Robert D. "Non-conventional armament linkages : nuclear, biological and chemical weapons in the United Kingdom and Iraq." Thesis, University of Sussex, 2011. http://sro.sussex.ac.uk/id/eprint/7021/.
Full textAbstract:
This dissertation examines the reasons why states want to acquire nonconventional weapons and analyzes interconnections between decisions on nuclear weapons (NW) on the one hand and chemical/biological weapons (CBW) on the other. Much of the literature on non-conventional weapons has tended to focus either on nuclear weapons or on CBW, with CBW often portrayed as the “poor man's nuclear bomb.” While there is some truth in this, the interconnections between decisions to develop NW and decisions to develop CBW are more numerous, more varied and more nuanced. The dissertation examines non-conventional armament processes in the United Kingdom and Iraq. Using two disparate cases provides the analysis with a comprehensive data set, the lessons from which have formed the basis of the analysis. Having nuclear, biological and chemical (NBC) weapons for the purpose of use is not always a state's ultimate goal and factors as wide-ranging as national prestige and the maintenance of international relationships are important in determining why some states decide to pursue NBC weapons. The case study findings have been synthesized into four key areas in which NBC linkages are particularly significant: strategic issues and strategic cultures; political considerations; economics and finances; and future challenges. The key finding is that there are interconnections that show how NW and CBW influence each other. For example, both the UK and Iraq showed that if nuclear weapons were not available, interest in CBW would increase. Conversely, possession of nuclear weapons does not necessarily rule out interest in acquiring CBW armament. Non-conventional weapons present a significant challenge to the maintenance of international peace and security. As this dissertation demonstrates, NBC weapons are linked on many levels and it is important to understand how CBW can and do influence policy on nuclear weapons and vice versa.
22
Rubin, Willa. "Waging Wars in Cyberspace: How International Law On Aggression And Self-Defense Falls Short Of Addressing Cyber Warfare.Could Iran Legally Retaliate For The Stuxnet Attack?" Oberlin College Honors Theses / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=oberlin1462921585.
Full text
23
Marriott, Richard. "Data-augmentation with synthetic identities for robust facial recognition." Thesis, Lyon, 2020. http://www.theses.fr/2020LYSEC048.
Full textAbstract:
En 2014, l'utilisation des réseaux neuronaux profonds (RNP) a révolutionné la reconnaissance faciale (RF). Les RNP sont capables d'apprendre à extraire des images des représentations basées sur des caractéristiques qui sont discriminantes et robustes aux détails non pertinents. On peut dire que l'un des facteurs les plus importants qui limitent aujourd'hui les performances des algorithmes de RF sont les données utilisées pour les entraîner. Les ensembles de données d'images de haute qualité qui sont représentatives des conditions de test du monde réel peuvent être difficiles à collecter. Une solution possible est d'augmenter les ensembles de données avec des images synthétiques. Cette option est récemment devenue plus viable suite au développement des « generative adversarial networks » (GAN) qui permettent de générer des échantillons de données synthétiques très réalistes. Cette thèse étudie l'utilisation des GAN pour augmenter les ensembles de données FR. Elle examine la capacité des GAN à générer de nouvelles identités, et leur capacité à démêler l'identité des autres formes de variation des images. Enfin, un GAN intégrant un modèle 3D est proposé afin de démêler complètement la pose de l'identité. Il est démontré que les images synthétisées à l'aide du GAN 3D améliorent la reconnaissance des visages aux poses larges et une précision état de l'art est démontrée pour l'ensemble de données d'évaluation ``Cross-Pose LFW''.Le dernier chapitre de la thèse évalue l'une des utilisations plus néfastes des images synthétiques : l'attaque par morphing du visage. Ces attaques exploitent l'imprécision des systèmes de RF en manipulant les images de manière à ce qu'il puisse être faussement vérifié qu'elles appartiennent à plus d'une personne. Une évaluation des attaques par morphing de visage basées sur le GAN est fournie. Une nouvelle méthode de morphing basée sur le GAN est également présentée, qui minimise la distance entre l'image transformée et les identités originales dans un espace de caractéristiques biométriques. Une contre-mesure potentielle à ces attaques par morphing consiste à entraîner les réseaux FR en utilisant des identités synthétiques supplémentaires. Dans cette veine, l'effet de l'entraînement utilisant des données synthétiques GAN 3D sur le succès des attaques simulées de morphing facial est évaluéIn 2014, use of deep neural networks (DNNs) revolutionised facial recognition (FR). DNNs are capable of learning to extract feature-based representations from images that are discriminative and robust to extraneous detail. Arguably, one of the most important factors now limiting the performance of FR algorithms is the data used to train them. High-quality image datasets that are representative of real-world test conditions can be difficult to collect. One potential solution is to augment datasets with synthetic images. This option recently became increasingly viable following the development of generative adversarial networks (GANs) which allow generation of highly realistic, synthetic data samples. This thesis investigates the use of GANs for augmentation of FR datasets. It looks at the ability of GANs to generate new identities, and their ability to disentangle identity from other forms of variation in images. Ultimately, a GAN integrating a 3D model is proposed in order to fully disentangle pose from identity. Images synthesised using the 3D GAN are shown to improve large-pose FR and a state-of-the-art accuracy is demonstrated for the challenging Cross-Pose LFW evaluation dataset.The final chapter of the thesis evaluates one of the more nefarious uses of synthetic images: the face-morphing attack. Such attacks exploit imprecision in FR systems by manipulating images such that they might be falsely verified as belonging to more than one person. An evaluation of GAN-based face-morphing attacks is provided. Also introduced is a novel, GAN-based morphing method that minimises the distance of the morphed image from the original identities in a biometric feature-space. A potential counter measure to such morphing attacks is to train FR networks using additional, synthetic identities. In this vein, the effect of training using synthetic, 3D GAN data on the success of simulated face-morphing attacks is evaluated
24
Petras, Christopher M. "The convergence of U.S. military and commercial space activities : self-defense and cyber-attack, "peaceful use" and the space station, and the need for legal reform." Thesis, McGill University, 2001. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=33058.
Full textAbstract:
The ever-increasing convergence of U.S. military and commercial space activities poses new challenges to the viability of the legal concepts that have traditionally governed the use of outer space, and particularly the military use of space, from the beginning of the space age. This paper will look at two examples of where the melding of U.S. military and commercial space activities necessitates a reexamination of the applicable legal theories. Part I will examine the concept of self-defense in outer space, by considering the legality of the use of conventional military force to defend against "cyber-attack" on its commercial space assets. Part II will examine the concept of the use of outer space for "peaceful purposes" under international law, by focusing on the permissibility of military use of the International Space Station. As private commercial entities increasingly take their place aside State actors in outer space, understanding the impact of space commercialization on the law governing military-related activities in outer space becomes more-and-more important to policymakers, military planners, legal scholars and space law practitioners alike.
25
Mlejnek, Jiří. "Antivirová ochrana počítače z bootovacího úložiště." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2012. http://www.nusl.cz/ntk/nusl-219473.
Full textAbstract:
ABSTRACT Theme of the thesis is the design method of anti-virus protection with the use of an alternative boot store. Processed is a related issue of viruses and the possibility of defenses against them. This thesis is focused on the design and selection of components solutions enabling the execution of antivirus test from the undistorted by the operating system. With selected components continues to realize an alternative booting the operating system from a Windows platform computer network with automatic virus checking of all local disks. The results of inspection are transmitted using signed files on a network server and typically give an overview of the results of the individual tests.
26
Hammerbacher, Almuth [Verfasser], Jonathan [Akademischer Betreuer] Gershenzon, Wilhelm [Akademischer Betreuer] Boland, and Thomas [Akademischer Betreuer] Vogt. "Biosynthesis of polyphenols in Norway spruce as a defense strategy against attack by the bark beetle associated fungus Ceratocystis polonica / Almuth Hammerbacher. Gutachter: Jonathan Gershenzon ; Wilhelm Boland ; Thomas Vogt." Jena : Thüringer Universitäts- und Landesbibliothek Jena, 2012. http://d-nb.info/1019970065/34.
Full text
27
Kazinec, Darius. "Issues of cyber warfare in international law." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2011. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2011~D_20110705_132153-12860.
Full textAbstract:
Cyber has been around for over a decade and yet we are still faces with a situation of a
very weak or rather no regulation. This is being heavily influenced by our weak technological
development and due to the nature of cyberspace and the Internet. Cyber warfare poses
interesting questions for us. It is one of a kind type of warfare, the one we cannot see or feel, but
it‘s impacts are instantaneous and potentially devastating. States and scholars agree on that.
This thesis attempts to explore possibilities of application of existing international laws
to amend this situation and answer the questions if it is adequate or at all possible. While
scholars are still arguing about the basics of what cyber warfare and cyberspace actually is, it
keeps on evolving. States on the other hand have recognized the potential threat of cyber warfare
a long time ago and are attempting to mend the existing legal void, however not successfully.
The effects of their efforts are limited only to a small number of States. States who are not
willing to give up their cyber capability would also stay clear from such international legislation.
International treaties and State practice were analyzed in search of a way to
accommodate cyber warfare under the current regime. The findings show that application of
existing legal basis to cyber warfare is at best difficult and strained. The reality is that cyber
warfare does not fit adequately under any of the legal umbrellas at the moment. Application of... [to full text]Kibernetinis karas jau egzistuoja daugiau nei dešimtmeti tačiau mes vis dar turime labai silpną šio reiškinio reguliavimą. Tokia situacija yra stipriai įtakota mūsų silpnu techniniu galimybių bei interneto struktūros. Kibernetinis karas yra labai keblus. Tai yra naujoviškas kariavimo būdas kurio mes nematome, bet jo pasekmes gali būti žaibiškos ir niokojančios. Mokslininkai ir pasaulio valstybės tai jau seniai pripažino. Šis darbas bando atskleisti galimybes tarptautines teises reguliavimui kibernetinio karo atžvilgiu, jeigu tai iš viso yra įmanoma. Tačiau mokslininkai vis dar ginčijasi dėl kibernetinio karo ir kibernetines erdvės terminologijos, tuo tarpu kibernetinio karo grėsme tik didėja. Pasaulio valstybes tai suprasdamos bando ištaisyti teisės trukumus, tačiau nesėkmingai. Bet kokie pasiūlymai ir susitarimai galioja tik nedideliam valstybių ratui. O didžiosios valstybės tuo tarpu nenoriai atsisakytu savo kibernetinio pajėgumo. Darbe buvo išanalizuotos tarptautinės sutartys bei valstybių praktika bandant pritaikyti esamus režimus kibernetinio karo reguliacijai. Darytinos išvados, kad esamos tarptautinės teisinės bazės taikymas geriausiu atveju yra sudėtingas ir nenatūralus. Realybė yra tai, kad kibernetiniam karui netinka nei vienas režimas. O toks jo taikymas, deja sukelia daugiau problemų nei buvo prieš tai. Tačiau dar nėra išsemtos visos galimybės ir ateitis gali parodyti teisingą sprendimą. Tuo tarpu valstybes yra pasiruošusios vesti derybas dėl tarptautinės... [toliau žr. visą tekstą]
28
Ren, Kui. "Communication security in wireless sensor networks." Worcester, Mass. : Worcester Polytechnic Institute, 2007. http://www.wpi.edu/Pubs/ETD/Available/etd-040607-174308/.
Full text
29
McMurray, Marybeth. "Philip Morris Faces "the truth": A Rhetorical Analysis of the Persuasiveness of Two Teen-Targeted Anti-Smoking Advertising Campaigns." BYU ScholarsArchive, 2003. https://scholarsarchive.byu.edu/etd/41.
Full textAbstract:
This thesis examines the persuasiveness of anti-smoking television advertisements aimed at teens and produced by Philip Morris's Youth Smoking Prevention Program and the American Legacy Foundation's truth campaign. The advertisements are analyzed rhetorically using Kenneth Burke's dramatistic approach, supplemented by theory related to persuasive advertising, characteristics of at-risk adolescents, persuasive attack, and persuasive defense (apologia). The analysis indicates that strong central themes present in both the Philip Morris and truth campaigns act as a means of rhetorical persuasion, but are not necessarily rhetoric designed to persuade adolescents not to smoke cigarettes. The truth campaign advertisements contain both strengths and weaknesses. The weakness of the truth ads is related to an over-reliance on allegory-type scenarios meant to communicate anti-smoking sentiments and the theme of manipulation. Truth ads that contain clearer messages conveyed by appealing central characters are a more effective means of communicating not only an anti-smoking ideology, but also the theme of adolescent empowerment. This thesis's analysis more alarmingly indicates that the Philip Morris ads are in no way an effective means of smoking prevention. The Philip Morris campaign acts as a persuasive defense with the intended purpose of image repair and may encourage adolescents to think of Philip Morris and their tobacco products in a positive light. Conclusions suggest that due to the vast impact of media the glorifies smoking and other self-injurious behaviors; infrequent appearance of pro-social media appeals; insidious coercive tactics of the tobacco industry; possible limitations in determining the effectiveness of pro-social media appeals due to adolescent self-perception (or third person effect variables); and lack of attention paid to more vulnerable or at-risk youth, the real need may not be better pro-social media campaigns, but rather media literacy campaigns. In doing so, youth may become empowered, critical thinkers able to make life choices based on personal preference and the desire for self-fulfillment, instead of being coerced into a belief system induced by the bombardment of media.
30
Borges, Lélia Moreira. "Adolescente em conflito com a lei: uma análise do direito à ampla defesa em Goiânia/Goiás." Universidade Federal de Goiás, 2017. http://repositorio.bc.ufg.br/tede/handle/tede/8806.
Full textAbstract:
Submitted by Franciele Moreira (francielemoreyra@gmail.com) on 2018-08-16T13:47:32Z
No. of bitstreams: 2
Dissertação - Lélia Moreira Borges - 2017.pdf: 1967491 bytes, checksum: 0c533712e13300a3711e215ad48229a5 (MD5)
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)Approved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2018-08-17T11:20:43Z (GMT) No. of bitstreams: 2 Dissertação - Lélia Moreira Borges - 2017.pdf: 1967491 bytes, checksum: 0c533712e13300a3711e215ad48229a5 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
Made available in DSpace on 2018-08-17T11:20:43Z (GMT). No. of bitstreams: 2 Dissertação - Lélia Moreira Borges - 2017.pdf: 1967491 bytes, checksum: 0c533712e13300a3711e215ad48229a5 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2017-08-31
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES
This dissertation had as its objective verify whether the adolescents submitted to the institutionalization measures in Goiânia, Goiás – Brazil, were guaranteed their right to the adversarial principle and full defense in their trials. The empirical field of this investigation consisted of the analysis of cases filed between the periods of 2014 to 2016, and the observation of hearings carried out in the infractions court of Child and Youth Court of Goiânia, GO and interviews with public defenders. The Federal Constitution of 1988, the Child and Adolescent Statute, Criminal Code, Criminal Procedure and Civil Procedure Codes were used as the main legal references for this study. As theoretical support, Emílio G. Mendez, Pierre Bourdieu and Loïc Wacquant were also used. These references were useful in the understanding of the infraction persecution dynamics operationalized by the security and justice system of the State. As well as that, the understanding of the socio-juridical paradigm in force at each moment of history that justified the penalization of children and adolescents; the concept of field as a social space in competition, subject to internal disputes hierarchically established by the monopoly of the significance of such space, and the intensification of punitive actions by the State allow the perception of the permanence of the irregular situation paradigm in the professionals’ performances and judicial decisions. Decisions marked by inequality between institutions that operate in the juvenile criminal justice system, facing the recent entry of the public defense counsel, not yet totally structured, in the game of signification and legitimation of a trial that is preponderantly inquisitive. It brings loss to the exercise of full defense of the adolescents accused of acts of infraction. Evidence of a mismatch is noticed between the advances in the children’s and adolescents’ acquisition of rights and guarantees and the criminal control operationalized by the juvenile criminal justice system of Goiânia / GO.
Essa dissertação teve como objetivo verificar se os adolescentes submetidos à medida de internação em Goiânia/Goiás tiveram garantidos o direito ao contraditório e a ampla defesa nos seus julgamentos. O campo empírico desta investigação consistiu na análise de processos arquivados entre os períodos de 2014 a 2016, da observação de audiências realizadas na vara de atos infracionais do Juizado da Infância e Juventude de Goiânia/GO e de entrevistas aos defensores públicos. A Constituição Federal de 1988, Estatuto da Criança e do Adolescente, Códigos Penal, de Processo Penal e de Processo Civil foram referência para este estudo. Como suportes teóricos foram utilizados, entre outros, Emílio G. Mendez, Pierre Bourdieu e Loïc Wacquant. Esses referenciais serviram de suporte para entender os diferentes paradigmas jurídicos que justificaram a aplicação de penalização de crianças e adolescentes no decorrer da história apresentados por Mendez: nas considerações para uma sociologia do campo jurídico deixadas por Pierre Bourdieu sobre a força do direito, enquanto instrumento de poder da reprodução social e, nas discussões apresentas por Wacquant acerca do controle social e do estado punitivo. Permitindo assim, perceber a permanência do paradigma da situação irregular na atuação dos profissionais e nas decisões judiciais; a desigualdade entre instituições que atuam no sistema de justiça penal juvenil, dada a recente entrada da Defensoria Pública ainda não totalmente estruturada, no jogo da significação e legitimação de um julgamento preponderantemente inquisitivo, ocasionando com isso, prejuízo ao exercício pleno da defesa dos(as) adolescentes acusados(as) de atos infracionais. Evidenciando um descompasso entre os avanços na conquista de direitos e garantias das crianças e adolescentes e o controle social operacionalizado pelo sistema de justiça penal juvenil de Goiânia/GO.
31
"Detecting Adversarial Examples by Measuring their Stress Response." Master's thesis, 2019. http://hdl.handle.net/2286/R.I.55594.
Full textAbstract:
abstract: Machine learning (ML) and deep neural networks (DNNs) have achieved great success in a variety of application domains, however, despite significant effort to make these networks robust, they remain vulnerable to adversarial attacks in which input that is perceptually indistinguishable from natural data can be erroneously classified with high prediction confidence. Works on defending against adversarial examples can be broadly classified as correcting or detecting, which aim, respectively at negating the effects of the attack and correctly classifying the input, or detecting and rejecting the input as adversarial. In this work, a new approach for detecting adversarial examples is proposed. The approach takes advantage of the robustness of natural images to noise. As noise is added to a natural image, the prediction probability of its true class drops, but the drop is not sudden or precipitous. The same seems to not hold for adversarial examples. In other word, the stress response profile for natural images seems different from that of adversarial examples, which could be detected by their stress response profile. An evaluation of this approach for detecting adversarial examples is performed on the MNIST, CIFAR-10 and ImageNet datasets. Experimental data shows that this approach is effective at detecting some adversarial examples on small scaled simple content images and with little sacrifice on benign accuracy.Dissertation/Thesis
Masters Thesis Computer Science 2019
32
(11178210), Li-Chi Chang. "Defending against Adversarial Attacks in Speaker Verification Systems." Thesis, 2021.
Find full textAbstract:
With the advance of the technologies of Internet of things, smart devices or virtual personal assistants at home, such as Google Assistant, Apple Siri, and Amazon Alexa, have been widely used to control and access different objects like door lock, blobs, air conditioner, and even bank accounts, which makes our life convenient. Because of its ease for operations, voice control becomes a main interface between users and these smart devices. To make voice control more secure, speaker verification systems have been researched to apply human voice as biometrics to accurately identify a legitimate user and avoid the illegal access. In recent studies, however, it has been shown that speaker verification systems are vulnerable to different security attacks such as replay, voice cloning, and adversarial attacks. Among all attacks, adversarial attacks are the most dangerous and very challenging to defend. Currently, there is no known method that can effectively defend against such an attack in speaker verification systems.
The goal of this project is to design and implement a defense system that is simple, light-weight, and effectively against adversarial attacks for speaker verification. To achieve this goal, we study the audio samples from adversarial attacks in both the time domain and the Mel spectrogram, and find that the generated adversarial audio is simply a clean illegal audio with small perturbations that are similar to white noises, but well-designed to fool speaker verification. Our intuition is that if these perturbations can be removed or modified, adversarial attacks can potentially loss the attacking ability. Therefore, we propose to add a plugin-function module to preprocess the input audio before it is fed into the verification system. As a first attempt, we study two opposite plugin functions: denoising that attempts to remove or reduce perturbations and noise-adding that adds small Gaussian noises to an input audio. We show through experiments that both methods can significantly degrade the performance of a state-of-the-art adversarial attack. Specifically, it is shown that denoising and noise-adding can reduce the targeted attack success rate of the attack from 100% to only 56% and 5.2%, respectively. Moreover, noise-adding can slow down the attack 25 times in speed and has a minor effect on the normal operations of a speaker verification system. Therefore, we believe that noise-adding can be applied to any speaker verification system against adversarial attacks. To the best of our knowledge, this is the first attempt in applying the noise-adding method to defend against adversarial attacks in speaker verification systems.
33
Huang, Chen-Wei, and 黃辰瑋. "Defense mechanism against adversarial attacks using density-based representation of images." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/u239p4.
Full textAbstract:
碩士國立政治大學
資訊科學系
107
Adversarial examples are slightly modified inputs that are devised to cause erroneous inference of deep learning models. Recently, many methods have been proposed to counter the attack of adversarial examples. However, new ways of generating attacks have also surfaced accordingly. Protection against the intervention of adversarial examples is a fundamental issue that needs to be addressed before wide adoption of deep learning based intelligent systems. In this research, we utilize the method known as input recharacterization to effectively remove the perturbations found in the adversarial examples in order to maintain the performance of the original model. Input recharacterization typically consists of two stages: a forward transform and a backward reconstruction. Our hope is that by going through the lossy two-way transformation, the purposely added 'noise' or 'perturbation' will become ineffective. In this work, we employ digital halftoning and inverse halftoning for input recharacterization, although there exist many possible choices. We apply convolution layer visualization to better understand the network architecture and characteristics. The data set used in this study is Tiny ImageNet, consisting of 260 thousand 128x128 grayscale images belonging to 200 classes. Most of defense mechanisms rely on gradient masking, input transform and adversarial training. Among these strategies, adversarial training is widely regarded as the most effective. However, it requires adversarial examples to be generated and included in the training set, which is impractical in most applications. The proposed approach is more similar to input transform. We convert the image from intensity-based representation to density-based representation using halftone operation, which hopefully invalidates the attack by changing the image representation. We also investigate whether inverse halftoning can eliminate the adversarial perturbation. The proposed method does not require extra training of adversarial samples. Only low-cost input pre-processing is needed. On the VGG-16 architecture, the top-5 accuracy for the grayscale model is 76.5%, the top-5 accuracy for halftone model is 80.4%, and the top-5 accuracy for the hybrid model (trained with both grayscale and halftone images) is 85.14%. With adversarial attacks generated using FGSM, I-FGSM, and PGD, the top-5 accuracy of the hybrid model can still maintain 80.97%, 78.77%, 81.56%, respectively. Although the accuracy has been affected, the influence of adversarial examples is significantly discounted. The average improvement over existing input transform defense mechanisms is approximately 10%.
34
Naseer, Muzammal. "Novel Concepts and Designs for Adversarial Attacks and Defenses." Phd thesis, 2021. http://hdl.handle.net/1885/258166.
Full textAbstract:
Albeit displaying remarkable performance across a range of tasks, Deep Neural Networks (DNNs) are highly vulnerable to adversarial examples which are carefully created to deceive these networks. This thesis first demonstrates that DNNs are vulnerable against adversarial attacks even when the attacker is unaware of the model architecture or the training data used to train the model and then proposes a number of novel approaches to improve the robustness of DNNs against challenging adversarial perturbations. Specifically for adversarial attacks, our work highlights how targeted and untargeted adversarial functions can be learned without access to the original data distribution, training mechanism, or label space of an attacked computer vision system. We demonstrate state-of-the-art cross-domain transferability of adversarial perturbations learned from paintings, cartoons, and medical scans to models trained on natural image datasets (such as ImageNet). In this manner, our work highlights an important vulnerability of deep neural networks which makes their deployment challenging in a real-world scenario. Against the threat of these adversarial attacks, we develop novel defense mechanisms that can be deployed with or without retraining the deep neural networks. To this end, we design two plug-and-play defense methods that can protect off-the-shelf pre-trained models without retraining. Specifically, we propose Neural Representation Purifier (NRP) and Local Gradient Smoothing (LGS) to defend against constrained and unconstrained attacks, respectively. NRP learns to purify adversarial noise spread across entire the input image, however, it still struggles against unconstrained attacks where an attacker hides an adversarial sticker preferably in the background without disturbing the original salient image information. We develop a mechanism to smooth local gradients in an input image to stabilize abnormal adversarial patterns introduced by the unconstrained attacks such as an adversarial patch. Robustifying model's parameter space that is retraining the model on adversarial examples is of equal importance. However, current adversarial training methods not only lose performance on the clean image samples (images without the adversarial noise) but also show poor generalization to natural image corruptions. We propose a style-based adversarial training that enhances the model robustness to adversarial attacks as well as natural corruptions. A model trained on our proposed stylized adversarial training shows better generalization to shifts in data distribution including natural image corruptions such as fog, rain, and contrast. One drawback of adversarial training is the loss of accuracy on clean image samples especially when the model size is small. To address this limitation, we design a meta-learning-based approach that takes advantage of universal (instance-agnostic) as well as local (instance-specific) perturbations to train small neural networks with feature regularization that leads to better robustness with minimal drop in performance on clean image samples. Adversarial training is useful if it can be deployed against unseen adversarial attacks. However, evaluating a certain adversarial training mechanism remains a challenging feat due to gradient masking, a phenomenon where adversarial robustness is high due to failed attack optimization. Finally, we develop a generic attack algorithm based on a novel guidance mechanism in order to expose any elusive robustness due to gradient masking. In short, this thesis outlines new methods to expose the vulnerability of DNNs against adversarial perturbations and then sets out to propose novel defense techniques with special advantages over state-of-the-art methods e.g., task-agnostic behavior, good performance against natural perturbations, and less impact on model accuracy on clean image samples.
35
Chen, Yu-Sheng, and 陳育聖. "Adversarial Attack against Modeling Attack on PUFs." Thesis, 2019. http://ndltd.ncl.edu.tw/cgi-bin/gs32/gsweb.cgi/login?o=dnclcdr&s=id=%22107NCHU5394018%22.&searchmode=basic.
Full textAbstract:
碩士國立中興大學
資訊科學與工程學系所
107
The Physical Unclonable Function (PUF) has been proposed for the identification and authentication of devices and cryptographic key generation. A strong PUF provides an extremely large number of device-specific challenge-response pairs (CRP) which can be used for identification. Unfortunately, the CRP mechanism is vulnerable to modeling attack, which uses machine learning (ML) algorithms to predict PUF responses with high accuracy. Many methods have been developed to strengthen strong PUFs with complicated hardware; however, recent studies show that they are still vulnerable by leveraging GPU-accelerated ML algorithms. In this paper, we propose to deal with the problem from a different perspective. By modifying the CRP mechanism, a PUF can provide poison data such that an accurate model of the PUF under attack cannot be built by ML algorithms. Experimental results show that the proposed method provides an effective countermeasure against modeling attacks on PUFs.
36
Hsieh, Yi-Tung, and 謝義桐. "Detecting Geometric Transformation-based Adversarial Attack using Adversarial Matching Analysis." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/7h2dqz.
Full textAbstract:
碩士國立臺灣科技大學
資訊工程系
107
Deep Neural Networks has been continuously developing and progressing, and it has achieved impressive results in many tasks. However, the robustness of the model is not being attentive to. An adversarial attack is an attack that is undetectable and intentionally designed to make the model misclassification. Different from previous studies, the adversarial attack based on geometric transformation without adversarial noise is not only more imperceptible but also make the effects of previous defense method not as well as expected. In this thesis, we propose a spatial transformed adversarial detector that treats the local pixel-transformed noise as a kind of image noise and uses image smoothing techniques to reduce the perturbations. By comparing the degree of matching between before and after smoothing is analyzed by adversarial matching analysis to detect adversarial example. According to the results, our detector can achieve 86.05% of F1-measure. The main contributions of the thesis are as follows: (a) Extracting matching anomaly features through adversarial matching analysis; (b) Introduce a detection system that can detect geometric transformation-based adversarial attack early.
37
Chen, Ming-Hung, and 陳明宏. "Attack Graph Based Network Defense." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/10775568647829336324.
Full textAbstract:
碩士中原大學
資訊工程研究所
93
As the society gradually evolved to accommodate the advances of technologies, many network applications have been invented, which lead to the flourishing development of the Internet. With more and more services move to the Internet, intruders are attracted by the possible advantages they are able to take by exploiting human mistakes or software vulnerabilities. On seeing a suspicious packet, the response an intrusion detection system makes is usually based on the alert solely; environmental characteristics and the current network states are rarely considered. In order to prevent an intruder from achieving his final goal after initial attacks are detected, an automated mechanism that can help in making appropriate decisions on the response strategies and the response actors is needed. Intrusion detection systems produce certain amount of false alarms; and, usually, they react to intrusion events statically .In this thesis, we proposed a mechanism based on attack graph to strengthen the dependability of alarms. Also, when an alarm matches to the attack graph of the site in concern, the mechanism can help to determine the appropriate response to take.
38
Lin, Yi-Chen, and 林羿辰. "Adversarial attack against deep learning based self-checkout systems." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/696f5g.
Full textAbstract:
碩士國立臺灣大學
電機工程學研究所
107
In recent years, with the successful development of deep learning, many applications adopting deep learning techniques have been used in our daily lives. In the retail industry, deep learning models have been used for self-checkout, but deep learning models are vulnerable to adversarial attacks. Such applications have security concerns. This thesis presents a method that can be used to attack such self-checkout systems in practical. The object detection model can be misled by attaching a sticker with a specific pattern to the product. The sticker is generated by an adversarial attack algorithm and is stuck to a specific location which is generated by a differential evolution algorithm. Two different purposes of the above attack are proposed through this method, one for reducing the precision of the model and the other for converting objects into a specific category. Experimental tests on the models of YOLOv3 and Faster R-CNN can achieve effective attacks and prove that such attacks are transferability. According to our experimental results, the self-checkout system only using deep learning object detection model is not reliable. When encountering a malicious user, it may cause identification errors and cause losses to the store.
39
CHEN, JYUN-HONG, and 陳俊宏. "Domain Name System Amplification Attack Resolution and Defense." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/46avda.
Full textAbstract:
碩士國立雲林科技大學
資訊管理系
105
Domain Name System Amplification Attack (DNS) has been a very common attack type in recent years. As the network grows, it is easy to achieve Denial of Service (DoS) attacks. Paralyze the victim's network, so that the victims can not be normal operation. But also can set the power of the crowd at the same time decentralized distributed denial of service attacks (Distributed Denial of Service, DDoS) is to allow users a headache. Many DNS servers have solutions to this problem, such as the ACL (Access Control List) restriction, the close recursive query function, and so on, can be effectively attacked or exploited to attack the DNS attack attacks. Of the DNS server for adequate protection. But for the end user does not provide good protection measures. In this paper, we study the protection rules of the DNS server and the intrusion detection system based on DNS and the open source intrusion detection system, and combine the characteristics of the attack packets to make the intrusion detection system provide the security of end-user protection DNS amplification attack. Protection. In this paper, an effective DNS amplification attack prevention rule is formulated, so that the internal network server or the end user can have a good security environment not to be amplified attack. This rule can be combined with the intrusion detection system inline mode (Inline Mode) with the firewall can be the actual block (drop, block ... and other actions), or just observe and does not affect the actual flow of the detection mode (Sniffer Mode) , Are can be used with the demand environment. Keywords:DNS, Amplification Attack, DDOS, Snort, intrusion detection systems
40
Yu, Ching-Hsi, and 余清溪. "AS-Base Defense System Against Distributed DOS Attack." Thesis, 2008. http://ndltd.ncl.edu.tw/handle/75739382281517055225.
Full textAbstract:
碩士國立中興大學
電機工程學系所
96
The increasing denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are severe treats for internet service. Internet connections or victims were jammed by many useless packets that were sent from a large number of compromised hosts caused by DDoS attacks. Although many techniques have been proposed to defend from the DDoS attacks, they are still hard to respond the flooding-based DDoS attacks. These attacks are launched from a large number of infected hosts. Those infected hosts are simple to implement but difficult to prevent, therefore hard to trace. In this thesis, we propose a new defending system called autonomous system (AS) based defense system to countermeasure the flooding-based DoS/DDoS attacks. The defend system can replace the value in ID field of the IP packet by an autonomous system number (ASN) so that it can be efficiently recognized. Based on the design, this system can resolve the troublesome caused by the flooding-based DoS/DDoS attacks and provide better internet security.
41
Yen, Peng Kao, and 高燕鵬. "A Study On VLAN Hopping Attack and Defense." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/85327420974340066260.
Full textAbstract:
碩士國防大學中正理工學院
資訊科學研究所
95
This dissertation examines the threats of “VLAN Hopping Attack” and their countermeasures. Different approaches of the hopping attacks on different network environments are studied, implemented, and discussed thoroughly. The VLAN (Virtual Local Area Network) is designed, based on the IEEE 802.1Q standard, to improve the network performance by adequately configuring the software of switches for segmenting broadcast domains, and commonly considered as a “secure network architecture”. Unfortunately, the original design of IEEE 802.1Q does not provide any authentication mechanism on the tag of IEEE 802.1Q frames, which may leave the network under the threats of malicious attacks. We implement various “VLAN Hopping Attack” scenarios on different VLAN structures in order to understand and analyze the attacks in detail. Thereafter a network framework has been proposed as the countermeasures, and implemented in our test-bed. The principle of the proposed solution comes from the idea of “Defense in Depth", and results of the experiment show that our approaches are effective in defending VLAN hopping attack.
42
(11190282), Agnideven Palanisamy Sundar. "Learning-based Attack and Defense on Recommender Systems." Thesis, 2021.
Find full textAbstract:
The internet is the home for massive volumes of valuable data constantly being created, making it difficult for users to find information relevant to them. In recent times, online users have been relying on the recommendations made by websites to narrow down the options. Online reviews have also become an increasingly important factor in the final choice of a customer. Unfortunately, attackers have found ways to manipulate both reviews and recommendations to mislead users. A Recommendation System is a special type of information filtering system adapted by online vendors to provide suggestions to their customers based on their requirements. Collaborative filtering is one of the most widely used recommendation systems; unfortunately, it is prone to shilling/profile injection attacks. Such attacks alter the recommendation process to promote or demote a particular product. On the other hand, many spammers write deceptive reviews to change the credibility of a product/service. This work aims to address these issues by treating the review manipulation and shilling attack scenarios independently. For the shilling attacks, we build an efficient Reinforcement Learning-based shilling attack method. This method reduces the uncertainty associated with the item selection process and finds the most optimal items to enhance attack reach while treating the recommender system as a black box. Such practical online attacks open new avenues for research in building more robust recommender systems. When it comes to review manipulations, we introduce a method to use a deep structure embedding approach that preserves highly nonlinear structural information and the dynamic aspects of user reviews to identify and cluster the spam users. It is worth mentioning that, in the experiment with real datasets, our method captures about 92\% of all spam reviewers using an unsupervised learning approach.
43
Palanisamy, Sundar Agnideven. "Learning-based Attack and Defense on Recommender Systems." Thesis, 2021. http://dx.doi.org/10.7912/C2/65.
Full textAbstract:
Indiana University-Purdue University Indianapolis (IUPUI)The internet is the home for massive volumes of valuable data constantly being created, making it difficult for users to find information relevant to them. In recent times, online users have been relying on the recommendations made by websites to narrow down the options. Online reviews have also become an increasingly important factor in the final choice of a customer. Unfortunately, attackers have found ways to manipulate both reviews and recommendations to mislead users. A Recommendation System is a special type of information filtering system adapted by online vendors to provide suggestions to their customers based on their requirements. Collaborative filtering is one of the most widely used recommendation systems; unfortunately, it is prone to shilling/profile injection attacks. Such attacks alter the recommendation process to promote or demote a particular product. On the other hand, many spammers write deceptive reviews to change the credibility of a product/service. This work aims to address these issues by treating the review manipulation and shilling attack scenarios independently. For the shilling attacks, we build an efficient Reinforcement Learning-based shilling attack method. This method reduces the uncertainty associated with the item selection process and finds the most optimal items to enhance attack reach while treating the recommender system as a black box. Such practical online attacks open new avenues for research in building more robust recommender systems. When it comes to review manipulations, we introduce a method to use a deep structure embedding approach that preserves highly nonlinear structural information and the dynamic aspects of user reviews to identify and cluster the spam users. It is worth mentioning that, in the experiment with real datasets, our method captures about 92\% of all spam reviewers using an unsupervised learning approach.
44
Sha, Yi-hwa, and 夏怡華. "The Defense of DDoS Attack by Heterogeneous Tracers." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/67629072464409813210.
Full textAbstract:
碩士中華大學
資訊工程學系(所)
98
To solve the DoS/DDoS problems efficiently, the first things is to locate the attack origins and then cooperate the filtering-enabled routers nearby to filter the abnormal packets in time. But the original routers can’t provide these functions such as tracking, filtering and so on. They have to be enhanced with additional functions to defense DoS/DDoS attacks. We refer the enhanced routers to as tracers. According to the characteristic, cost and necessity of tracers, we classify and select three kinds of heterogeneous tracers, namely tunneling-enabled routers, marking-enabled routers and filtering-enabled routers to defense DoS/DDoS attacks. The tunneling-enabled routers have the lowest cost than the others and they can alter the path of the passing packets to destination easily, but tunneling packet will increase the cost of the network. In this paper, we study how to use tunneling-enabled routers efficiently to forward packets to the best candidate of filtering-enabled routers for locating attack origins and filtering abnormal packets in time. Four methods are proposed and compared with the optimal solution. The fourth method with the assistance of marking-enabled routers has the best performance by simulation result, so that only 80% of the tracers need to active within the reach inhibiting DoS/DDoS attacks.
45
LAN, YI-CHIAO, and 籃奕喬. "Defense DNS Distributed Denial of Service Amplification Attack." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/6m7687.
Full textAbstract:
碩士國立中正大學
雲端計算與物聯網數位學習碩士在職專班
106
Nowaday, the enterprise network faces a huge number of network attacks from the Internet. Although many network security equipments and softwares have been deployed in the enterprise network, enterprises still face high security threats. This may due to two main reasons, namely human factor and network system. When administrators receive malicious attack alerts, they must immediately find the device been attacked from many devices and solve the problem with various defneding methods such that the enterprise network can be recovered as soon as possible. A malicious attack may cause the enterprise a huge loss in business. Although most of the network device manufacturers provided RESTful API to the network administrators to reduce the management complexity, the network administrators still face great challenge on dealing with network attachs due to the large number devices and device manufacturers which have their own APIs.. In this thesis, we propose a SDN-based mechanism to tackle with DNS DDoS amplification blocking attack. Through the combination of traditional network and software defined network, the mechanism adopts chat robot as the core of connecting system architecture and machine learning mechanism to implement a centralized control management system and a monitoring system on real-time packet processing. The monitoring rules are based on the history of the query domain name as well as characteristics packet behaviors. An enterprise module is then built to detect anormal packet behaviors in real time. The proposed mechanism can be applied to any enterprise networks such that, in addition to reducing the manpower and network attck handling time, it can improve the quality of the enterprise network..
46
Chang, Chi-yu, and 張志宇. "A Coordinated defense scheme against high-rate DDoS Attack." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/19604905058759151790.
Full textAbstract:
碩士國立屏東商業技術學院
資訊管理系(所)
98
Distributed denial-of-service (DDoS) attacks can be regarded as the most serious threats for current Internet. This paper presents a two-tier coordination approach for detecting and mitigating DDoS attacks. The first tier filter (1st TF) filters suspicious traffic for possible flooding. This is achieved by using proactive tests to identify and isolate the malicious traffic. The second tier filter (2nd TF), which is deployed on network routers, performs online monitoring on queue length status with RED/Droptail mechanism for any incoming traffic. The simulation shows that the scheme can detect attacks accurately and effectively.
47
Chen, Jan-Min, and 陳建民. "AN AUTOMATED DEFENSE MECHANISM FOR WEB APPLICATION INJECTION ATTACK." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/69583889921599411773.
Full textAbstract:
博士大同大學
資訊工程學系(所)
98
Injection flaw results from invalidated input so proper input validation is an effective countermeasure to protect against injection attack. Some programs are poorly written, lacking even the most basic security procedures for sanitizing input. Furthermore some legacy applications may not be viable to modify the source of such components. The input validation vulnerability can be detected by many tools but very few tools can automatically fix the flaws. We had been devoted to the study of automated defense mechanism for Web application injection attack, and developed a security safeguard having a good “scalability” when applied to Web site growth or unknown injection attacks. It is transparent and independent of programming languages and requires neither application developer’s interactions nor source code modifications. To verify the effectiveness and efficiency of the defense mechanism, we focus on whether the detection errors had been reduced and the detection speediness and accuracy of identifying Web crawler. The experimental results show that our method renders least errors in comparison with other sanitizing strategies, and various Web visitors can be correctly and quickly differentiated in accordance with security policy.
48
Lin, Yu Feng, and 林玉峰. "The Performance Index Research of Network Attack and Defense." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/38811430068068220166.
Full textAbstract:
碩士樹德科技大學
資訊管理研究所
93
Due to the hacker’s intrusion technologies are fast development and to change with each passing day, Network security become the most important issue of information systems. With regard to hacker, it is easy to intrude the information systems with vulnerabilities, moreover the client user lack the protected technology and knowledge to evaluate the risk degree of information system. Hence it is difficult to prevent malicious attack from hacker, even if there are install some security protection mechanism such as anti-virus, firewall and intrusion detection system. In order to make the client user has the measure principle with the hacker’s tools, this thesis use the denial of service attack as the experiment to search and create performance index of network attack and defense tools. The research hopes these performance indices can completely imitate to all of hacker’s tools, and to understand the trend of network attack. At the same time the result of this research let the client user to understand the extent of attacking injury and how to protect the network system, decrease the damage of hacker attack.
49
LIU, KAI-JUNG, and 劉凱榮. "The Study for Distributed Denial of Service Attack and Defense." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/jp5fmx.
Full textAbstract:
碩士華梵大學
資訊管理學系碩士班
105
Due to the rapid and prosperous development of network in recent years, most people’s life has closely connected with network. The convenience of network also promotes the rapid development of various network applications. Manufactures also launch many network-based applications and services that bring convenience. It also causes a lot unpredictable trouble. Therefore, the information security of network environment has evolved into an extremely important research field. This thesis discusses the method of the combination between distributed denial of service attack and other attacks by giving the definition of denial of service attack, making a comprehensive and essential pattern classification, and illustrating the advancement of distributed denial of service attack compared with the denial of service attack. This thesis also makes an in-depth description of the distributed denial of service attack as well as reasons of the formation of these systems and discusses the attack pattern of the distributed denial of service attack in detail. On the above basis, this thesis proposes a new classification method for current countermeasures to make a further conclusion. It points out that only through comprehensive defense system that can effectively counter the distributed denial service attack. Finally, this thesis indicates the direction of fundamentally defensing the distributed denial service attack.
50
Chen, Chih-Chieh, and 陳治榤. "The Design and Implementation of ARP Spoofing Attack Defense System." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/82926102457103589698.
Full textAbstract:
碩士國立高雄第一科技大學
資訊管理研究所
99
This paper will introduce a common method of attack on the Internet in the recent years: the ARP spoofing attack. By understanding its mode of operation and the theory behind it, the paper will further analyze the methods and types of the ARP spoofing attacks. It will also show the current approaches to preventing the ARP spoofing attacks, such as NBAD (Network Behavior Anomaly Detection) Switch, ARP firewall, etc., in order to illustrate and compare their advantages and shortcomings. The system developed in this study integrates a DHCP server and a PostgreSQL database, pairing them with the Dynamic ARP Inspection and DHCP Snooping techniques of the Layer 3 Switch to achieve a combined IP and MAC lock. After implementation, the system proved capable of reliably binding IP and MAC in accordance with the standard expectations of defense against ARP Spoofing attacks.