Дисертації з теми "Adversarial Attack and Defense"
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-50 дисертацій для дослідження на тему "Adversarial Attack and Defense".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
Branlat, Matthieu. "Challenges to Adversarial Interplay Under High Uncertainty: Staged-World Study of a Cyber Security Event." The Ohio State University, 2011. http://rave.ohiolink.edu/etdc/view?acc_num=osu1316462733.
Повний текст джерелаKanerva, Anton, and Fredrik Helgesson. "On the Use of Model-Agnostic Interpretation Methods as Defense Against Adversarial Input Attacks on Tabular Data." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-20085.
Повний текст джерелаKontext. Maskininlärning är ett område inom artificiell intelligens som är under konstant utveckling. Mängden domäner som vi sprider maskininlärningsmodeller i växer sig allt större och systemen sprider sig obemärkt nära inpå våra dagliga liv genom olika elektroniska enheter. Genom åren har mycket tid och arbete lagts på att öka dessa modellers prestanda vilket har överskuggat risken för sårbarheter i systemens kärna, den tränade modellen. En relativt ny attack, kallad "adversarial input attack", med målet att lura modellen till felaktiga beslutstaganden har nästan uteslutande forskats på inom bildigenkänning. Men, hotet som adversarial input-attacker utgör sträcker sig utom ramarna för bilddata till andra datadomäner som den tabulära domänen vilken är den vanligaste datadomänen inom industrin. Metoder för att tolka komplexa maskininlärningsmodeller kan hjälpa människor att förstå beteendet hos dessa komplexa maskininlärningssystem samt de beslut som de tar. Att förstå en modells beteende är en viktig komponent för att upptäcka, förstå och mitigera sårbarheter hos modellen. Syfte. Den här studien försöker reducera det forskningsgap som adversarial input-attacker och motsvarande försvarsmetoder i den tabulära domänen utgör. Målet med denna studie är att analysera hur modelloberoende tolkningsmetoder kan användas för att mitigera och detektera adversarial input-attacker mot tabulär data. Metod. Det uppsatta målet nås genom tre på varandra följande experiment där modelltolkningsmetoder analyseras, adversarial input-attacker utvärderas och visualiseras samt där en ny metod baserad på modelltolkning föreslås för detektion av adversarial input-attacker tillsammans med en ny mitigeringsteknik där feature selection används defensivt för att minska attackvektorns storlek. Resultat. Den föreslagna metoden för detektering av adversarial input-attacker visar state-of-the-art-resultat med över 86% träffsäkerhet. Den föreslagna mitigeringstekniken visades framgångsrik i att härda modellen mot adversarial input attacker genom att minska deras attackstyrka med 33% utan att degradera modellens klassifieringsprestanda. Slutsats. Denna studie bidrar med användbara metoder för detektering och mitigering av adversarial input-attacker såväl som metoder för att utvärdera och visualisera svårt förnimbara attacker mot tabulär data.
Harris, Rae. "Spectre: Attack and Defense." Scholarship @ Claremont, 2019. https://scholarship.claremont.edu/scripps_theses/1384.
Повний текст джерелаWood, Adrian Michael. "A defensive strategy for detecting targeted adversarial poisoning attacks in machine learning trained malware detection models." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2021. https://ro.ecu.edu.au/theses/2483.
Повний текст джерелаMoore, Tyler Weston. "Cooperative attack and defense in distributed networks." Thesis, University of Cambridge, 2008. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.612283.
Повний текст джерелаZhang, Ning. "Attack and Defense with Hardware-Aided Security." Diss., Virginia Tech, 2016. http://hdl.handle.net/10919/72855.
Повний текст джерелаPh. D.
Sohail, Imran, and Sikandar Hayat. "Cooperative Defense Against DDoS Attack using GOSSIP Protocol." Thesis, Blekinge Tekniska Högskola, Avdelningen för telekommunikationssystem, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-1224.
Повний текст джерелаTownsend, James R. "Defense of Naval Task Forces from Anti-Ship Missile attack." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1999. http://handle.dtic.mil/100.2/ADA363038.
Повний текст джерелаHaberlin, Richard J. "Analysis of unattended ground sensors in theater Missile Defense Attack Operations." Thesis, Monterey, California. Naval Postgraduate School, 1997. http://hdl.handle.net/10945/26369.
Повний текст джерелаUnattended ground sensors have a tremendous potential for improving Tactical Ballistic Missile Attack Operations. To date, however, this potential has gone unrealized primarily due to a lack of confidence in the systems and a lack of tactical doctrine for their employment. This thesis provides analyses to demonstrate the effective use of sensor technology and provides recommendations as to how they may best be employed. The probabilistic decision model reports the optimal size array for each of the candidate array locations. It also provides an optimal policy for determining the likelihood that the target is a Time Critical Target based on the number of sensors in agreement as to its identity. This policy may vary with each candidate array. Additionally, recommendations are made on the placement of the arrays within the theater of operations and their optimal configuration to maximize information gained while minimizing the likelihood of compromise. Specifics include, inter-sensor spacing, placement patterns, array locations, and off-road distance
Widel, Wojciech. "Formal modeling and quantitative analysis of security using attack- defense trees." Thesis, Rennes, INSA, 2019. http://www.theses.fr/2019ISAR0019.
Повний текст джерелаRisk analysis is a very complex process. It requires rigorous representation and in-depth assessment of threats and countermeasures. This thesis focuses on the formal modelling of security using attack and defence trees. These are used to represent and quantify potential attacks in order to better understand the security issues that the analyzed system may face. They therefore make it possible to guide an expert in the choice of countermeasures to be implemented to secure their system. The main contributions of this thesis are as follows: - The enrichment of the attack and defence tree model allowing the analysis of real security scenarios. In particular, we have developed the theoretical foundations and quantitative evaluation algorithms for the model where an attacker's action can contribute to several attacks and a countermeasure can prevent several threats. - The development of a methodology based on Pareto dominance and allowing several quantitative aspects to be taken into account simultaneously (e.g., cost, time, probability, difficulty, etc.) during a risk analysis. - The design of a technique, using linear programming methods, for selecting an optimal set of countermeasures, taking into account the budget available for protecting the analyzed system. It is a generic technique that can be applied to several optimization problems, for example, maximizing the attack surface coverage, or maximizing the attacker's investment. To ensure their practical applicability, the model and mathematical algorithms developed were implemented in a freely available open source tool. All the results were also validated with a practical study on an industrial scenario of alteration of electricity consumption meters
Chen, Xiangqian. "Defense Against Node Compromise in Sensor Network Security." FIU Digital Commons, 2007. http://digitalcommons.fiu.edu/etd/7.
Повний текст джерелаCulpepper, Anna M. "Effectiveness of using red-teams to identify maritime security vulnerabilities to terrorist attack." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Sept%5FCulpepper.pdf.
Повний текст джерелаThesis advisor(s): Raymond Buettner, Jr., Dorothy Denning. Includes bibliographical references (p. 65-69). Also available online.
Richerioux, Nicolas. "Analysis of gene expression in barley upon aphid attack." Thesis, Södertörn University College, School of Life Sciences, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:sh:diva-1289.
Повний текст джерелаSince plants can not escape their predators by walking, they use some other defense systems, like induction or repression of defense genes. A microarray experiment performed with barley attacked by the bird cherry-oat aphid (Rhopalosiphum padi), led to the hypothesis that contig 16360 (similar to ser/thr kinases) could be linked with the resistance of barley against R. padi, and contig 6519 (similar to WIR 1A) with the susceptibility. Time course experiments showed that contig16360 and AJ250283 (similar to BCI-4) are almost induced in the same way, each, by two different aphids (R. padi and Metopolophium dirhodum). Genomic PCR was used to test the hypothesis that when plants have the gene for contig 16360, they are more likely to be resistant against aphid attack, and when plants have the gene for contig 6519, they are more likely to be susceptible. This test was performed with 69 barley lines: wild, commercial or breeding lines. Results were that the presence of WIR 1A gene has no correlation with the susceptibility, while presence of ser/thr kinase seems to be correlated with resistance.
Nanda, Sanjeeb. "GRAPH THEORETIC MODELING: CASE STUDIES IN REDUNDANT ARRAYS OF INDEPENDENT DISKS AND NETWORK DEFENSE." Doctoral diss., University of Central Florida, 2007. http://digital.library.ucf.edu/cdm/ref/collection/ETD/id/3165.
Повний текст джерелаPh.D.
School of Electrical Engineering and Computer Science
Engineering and Computer Science
Computer Science PhD
Nsambu, Emmanuel, and Danish Aziz. "The Defense Against the latest Cyber Espionage both insider and outsider attacks." Thesis, Mittuniversitetet, Institutionen för informationsteknologi och medier, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-16477.
Повний текст джерелаYildiz, Kursad. "Electronic attack and sensor fusion techniques for boot-phase defense against multiple ballistic threat missiles." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2005. http://library.nps.navy.mil/uhtbin/hyperion/05Jun%5FYildiz.pdf.
Повний текст джерелаThesis Advisor(s): Phillip E. Pace, Murali Tummala. Includes bibliographical references (p.155-158). Also available online.
Chan, Yik-Kwan Eric, and 陳奕鈞. "Investigation of a router-based approach to defense against Distributed Denial-of-Service (DDoS) attack." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2004. http://hub.hku.hk/bib/B30173309.
Повний текст джерелаDing, Sze Yi. "On Distributed Strategies in Defense of a High Value Unit (HVU) Against a Swarm Attack." Thesis, Monterey, California. Naval Postgraduate School, 2012. http://hdl.handle.net/10945/17356.
Повний текст джерелаSwarm attacks are of great concern to the U.S. Navy as well as to navies around the world and commercial ships transiting through waters with high volume of marine traffic. A large group of hostile ships can hide themselves among various other small ships, like pleasure crafts, fishing boats and transport vessels, and can make a coordinated attack against a High Value Unit (HVU) while it passes by. The HVU can easily be overwhelmed by the numbers and sustain heavy damage or risk being taken over. The objective of this thesis is to develop heuristic algorithms that multiple defenders can use to intercept and stop the advances of multiple attackers. The attackers are in much larger numbers compared to the defenders, and are moving in on a slow moving HVU. Pursuit guidance laws and proportional navigation (PN) guidance laws, commonly used in missile guidance strategies, are modified to be used by the defenders to try intercepting attackers that outnumber them. Another objective is to evaluate the effectiveness of the heuristic algorithms in defending the HVU against the swarm attack. The probability that the HVU survives the swarm attack will be used as a measure of effectiveness of the algorithms. The impact of various parameters, like the number of defenders and the speed of defenders, on the effectiveness of the algorithms are also evaluated.
Flachsbart, Brian M. "A robust methodology to evaluate aircraft survivability enhancement due to combined signature reduction and onboard electronic attack." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1997. http://handle.dtic.mil/100.2/ADA329367.
Повний текст джерелаSandin, Michael. "Pre-Emptive Self-Defence : When does an armed attack occur?" Thesis, Stockholms universitet, Juridiska institutionen, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-193754.
Повний текст джерелаLovsin, Robert D. "Non-conventional armament linkages : nuclear, biological and chemical weapons in the United Kingdom and Iraq." Thesis, University of Sussex, 2011. http://sro.sussex.ac.uk/id/eprint/7021/.
Повний текст джерелаRubin, Willa. "Waging Wars in Cyberspace: How International Law On Aggression And Self-Defense Falls Short Of Addressing Cyber Warfare.Could Iran Legally Retaliate For The Stuxnet Attack?" Oberlin College Honors Theses / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=oberlin1462921585.
Повний текст джерелаMarriott, Richard. "Data-augmentation with synthetic identities for robust facial recognition." Thesis, Lyon, 2020. http://www.theses.fr/2020LYSEC048.
Повний текст джерелаIn 2014, use of deep neural networks (DNNs) revolutionised facial recognition (FR). DNNs are capable of learning to extract feature-based representations from images that are discriminative and robust to extraneous detail. Arguably, one of the most important factors now limiting the performance of FR algorithms is the data used to train them. High-quality image datasets that are representative of real-world test conditions can be difficult to collect. One potential solution is to augment datasets with synthetic images. This option recently became increasingly viable following the development of generative adversarial networks (GANs) which allow generation of highly realistic, synthetic data samples. This thesis investigates the use of GANs for augmentation of FR datasets. It looks at the ability of GANs to generate new identities, and their ability to disentangle identity from other forms of variation in images. Ultimately, a GAN integrating a 3D model is proposed in order to fully disentangle pose from identity. Images synthesised using the 3D GAN are shown to improve large-pose FR and a state-of-the-art accuracy is demonstrated for the challenging Cross-Pose LFW evaluation dataset.The final chapter of the thesis evaluates one of the more nefarious uses of synthetic images: the face-morphing attack. Such attacks exploit imprecision in FR systems by manipulating images such that they might be falsely verified as belonging to more than one person. An evaluation of GAN-based face-morphing attacks is provided. Also introduced is a novel, GAN-based morphing method that minimises the distance of the morphed image from the original identities in a biometric feature-space. A potential counter measure to such morphing attacks is to train FR networks using additional, synthetic identities. In this vein, the effect of training using synthetic, 3D GAN data on the success of simulated face-morphing attacks is evaluated
Petras, Christopher M. "The convergence of U.S. military and commercial space activities : self-defense and cyber-attack, "peaceful use" and the space station, and the need for legal reform." Thesis, McGill University, 2001. http://digitool.Library.McGill.CA:80/R/?func=dbin-jump-full&object_id=33058.
Повний текст джерелаMlejnek, Jiří. "Antivirová ochrana počítače z bootovacího úložiště." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2012. http://www.nusl.cz/ntk/nusl-219473.
Повний текст джерелаHammerbacher, Almuth [Verfasser], Jonathan [Akademischer Betreuer] Gershenzon, Wilhelm [Akademischer Betreuer] Boland, and Thomas [Akademischer Betreuer] Vogt. "Biosynthesis of polyphenols in Norway spruce as a defense strategy against attack by the bark beetle associated fungus Ceratocystis polonica / Almuth Hammerbacher. Gutachter: Jonathan Gershenzon ; Wilhelm Boland ; Thomas Vogt." Jena : Thüringer Universitäts- und Landesbibliothek Jena, 2012. http://d-nb.info/1019970065/34.
Повний текст джерелаKazinec, Darius. "Issues of cyber warfare in international law." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2011. http://vddb.laba.lt/obj/LT-eLABa-0001:E.02~2011~D_20110705_132153-12860.
Повний текст джерелаKibernetinis karas jau egzistuoja daugiau nei dešimtmeti tačiau mes vis dar turime labai silpną šio reiškinio reguliavimą. Tokia situacija yra stipriai įtakota mūsų silpnu techniniu galimybių bei interneto struktūros. Kibernetinis karas yra labai keblus. Tai yra naujoviškas kariavimo būdas kurio mes nematome, bet jo pasekmes gali būti žaibiškos ir niokojančios. Mokslininkai ir pasaulio valstybės tai jau seniai pripažino. Šis darbas bando atskleisti galimybes tarptautines teises reguliavimui kibernetinio karo atžvilgiu, jeigu tai iš viso yra įmanoma. Tačiau mokslininkai vis dar ginčijasi dėl kibernetinio karo ir kibernetines erdvės terminologijos, tuo tarpu kibernetinio karo grėsme tik didėja. Pasaulio valstybes tai suprasdamos bando ištaisyti teisės trukumus, tačiau nesėkmingai. Bet kokie pasiūlymai ir susitarimai galioja tik nedideliam valstybių ratui. O didžiosios valstybės tuo tarpu nenoriai atsisakytu savo kibernetinio pajėgumo. Darbe buvo išanalizuotos tarptautinės sutartys bei valstybių praktika bandant pritaikyti esamus režimus kibernetinio karo reguliacijai. Darytinos išvados, kad esamos tarptautinės teisinės bazės taikymas geriausiu atveju yra sudėtingas ir nenatūralus. Realybė yra tai, kad kibernetiniam karui netinka nei vienas režimas. O toks jo taikymas, deja sukelia daugiau problemų nei buvo prieš tai. Tačiau dar nėra išsemtos visos galimybės ir ateitis gali parodyti teisingą sprendimą. Tuo tarpu valstybes yra pasiruošusios vesti derybas dėl tarptautinės... [toliau žr. visą tekstą]
Ren, Kui. "Communication security in wireless sensor networks." Worcester, Mass. : Worcester Polytechnic Institute, 2007. http://www.wpi.edu/Pubs/ETD/Available/etd-040607-174308/.
Повний текст джерелаMcMurray, Marybeth. "Philip Morris Faces "the truth": A Rhetorical Analysis of the Persuasiveness of Two Teen-Targeted Anti-Smoking Advertising Campaigns." BYU ScholarsArchive, 2003. https://scholarsarchive.byu.edu/etd/41.
Повний текст джерелаBorges, Lélia Moreira. "Adolescente em conflito com a lei: uma análise do direito à ampla defesa em Goiânia/Goiás." Universidade Federal de Goiás, 2017. http://repositorio.bc.ufg.br/tede/handle/tede/8806.
Повний текст джерелаApproved for entry into archive by Luciana Ferreira (lucgeral@gmail.com) on 2018-08-17T11:20:43Z (GMT) No. of bitstreams: 2 Dissertação - Lélia Moreira Borges - 2017.pdf: 1967491 bytes, checksum: 0c533712e13300a3711e215ad48229a5 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
Made available in DSpace on 2018-08-17T11:20:43Z (GMT). No. of bitstreams: 2 Dissertação - Lélia Moreira Borges - 2017.pdf: 1967491 bytes, checksum: 0c533712e13300a3711e215ad48229a5 (MD5) license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5) Previous issue date: 2017-08-31
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPES
This dissertation had as its objective verify whether the adolescents submitted to the institutionalization measures in Goiânia, Goiás – Brazil, were guaranteed their right to the adversarial principle and full defense in their trials. The empirical field of this investigation consisted of the analysis of cases filed between the periods of 2014 to 2016, and the observation of hearings carried out in the infractions court of Child and Youth Court of Goiânia, GO and interviews with public defenders. The Federal Constitution of 1988, the Child and Adolescent Statute, Criminal Code, Criminal Procedure and Civil Procedure Codes were used as the main legal references for this study. As theoretical support, Emílio G. Mendez, Pierre Bourdieu and Loïc Wacquant were also used. These references were useful in the understanding of the infraction persecution dynamics operationalized by the security and justice system of the State. As well as that, the understanding of the socio-juridical paradigm in force at each moment of history that justified the penalization of children and adolescents; the concept of field as a social space in competition, subject to internal disputes hierarchically established by the monopoly of the significance of such space, and the intensification of punitive actions by the State allow the perception of the permanence of the irregular situation paradigm in the professionals’ performances and judicial decisions. Decisions marked by inequality between institutions that operate in the juvenile criminal justice system, facing the recent entry of the public defense counsel, not yet totally structured, in the game of signification and legitimation of a trial that is preponderantly inquisitive. It brings loss to the exercise of full defense of the adolescents accused of acts of infraction. Evidence of a mismatch is noticed between the advances in the children’s and adolescents’ acquisition of rights and guarantees and the criminal control operationalized by the juvenile criminal justice system of Goiânia / GO.
Essa dissertação teve como objetivo verificar se os adolescentes submetidos à medida de internação em Goiânia/Goiás tiveram garantidos o direito ao contraditório e a ampla defesa nos seus julgamentos. O campo empírico desta investigação consistiu na análise de processos arquivados entre os períodos de 2014 a 2016, da observação de audiências realizadas na vara de atos infracionais do Juizado da Infância e Juventude de Goiânia/GO e de entrevistas aos defensores públicos. A Constituição Federal de 1988, Estatuto da Criança e do Adolescente, Códigos Penal, de Processo Penal e de Processo Civil foram referência para este estudo. Como suportes teóricos foram utilizados, entre outros, Emílio G. Mendez, Pierre Bourdieu e Loïc Wacquant. Esses referenciais serviram de suporte para entender os diferentes paradigmas jurídicos que justificaram a aplicação de penalização de crianças e adolescentes no decorrer da história apresentados por Mendez: nas considerações para uma sociologia do campo jurídico deixadas por Pierre Bourdieu sobre a força do direito, enquanto instrumento de poder da reprodução social e, nas discussões apresentas por Wacquant acerca do controle social e do estado punitivo. Permitindo assim, perceber a permanência do paradigma da situação irregular na atuação dos profissionais e nas decisões judiciais; a desigualdade entre instituições que atuam no sistema de justiça penal juvenil, dada a recente entrada da Defensoria Pública ainda não totalmente estruturada, no jogo da significação e legitimação de um julgamento preponderantemente inquisitivo, ocasionando com isso, prejuízo ao exercício pleno da defesa dos(as) adolescentes acusados(as) de atos infracionais. Evidenciando um descompasso entre os avanços na conquista de direitos e garantias das crianças e adolescentes e o controle social operacionalizado pelo sistema de justiça penal juvenil de Goiânia/GO.
"Detecting Adversarial Examples by Measuring their Stress Response." Master's thesis, 2019. http://hdl.handle.net/2286/R.I.55594.
Повний текст джерелаDissertation/Thesis
Masters Thesis Computer Science 2019
(11178210), Li-Chi Chang. "Defending against Adversarial Attacks in Speaker Verification Systems." Thesis, 2021.
Знайти повний текст джерелаWith the advance of the technologies of Internet of things, smart devices or virtual personal assistants at home, such as Google Assistant, Apple Siri, and Amazon Alexa, have been widely used to control and access different objects like door lock, blobs, air conditioner, and even bank accounts, which makes our life convenient. Because of its ease for operations, voice control becomes a main interface between users and these smart devices. To make voice control more secure, speaker verification systems have been researched to apply human voice as biometrics to accurately identify a legitimate user and avoid the illegal access. In recent studies, however, it has been shown that speaker verification systems are vulnerable to different security attacks such as replay, voice cloning, and adversarial attacks. Among all attacks, adversarial attacks are the most dangerous and very challenging to defend. Currently, there is no known method that can effectively defend against such an attack in speaker verification systems.
The goal of this project is to design and implement a defense system that is simple, light-weight, and effectively against adversarial attacks for speaker verification. To achieve this goal, we study the audio samples from adversarial attacks in both the time domain and the Mel spectrogram, and find that the generated adversarial audio is simply a clean illegal audio with small perturbations that are similar to white noises, but well-designed to fool speaker verification. Our intuition is that if these perturbations can be removed or modified, adversarial attacks can potentially loss the attacking ability. Therefore, we propose to add a plugin-function module to preprocess the input audio before it is fed into the verification system. As a first attempt, we study two opposite plugin functions: denoising that attempts to remove or reduce perturbations and noise-adding that adds small Gaussian noises to an input audio. We show through experiments that both methods can significantly degrade the performance of a state-of-the-art adversarial attack. Specifically, it is shown that denoising and noise-adding can reduce the targeted attack success rate of the attack from 100% to only 56% and 5.2%, respectively. Moreover, noise-adding can slow down the attack 25 times in speed and has a minor effect on the normal operations of a speaker verification system. Therefore, we believe that noise-adding can be applied to any speaker verification system against adversarial attacks. To the best of our knowledge, this is the first attempt in applying the noise-adding method to defend against adversarial attacks in speaker verification systems.
Huang, Chen-Wei, and 黃辰瑋. "Defense mechanism against adversarial attacks using density-based representation of images." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/u239p4.
Повний текст джерела國立政治大學
資訊科學系
107
Adversarial examples are slightly modified inputs that are devised to cause erroneous inference of deep learning models. Recently, many methods have been proposed to counter the attack of adversarial examples. However, new ways of generating attacks have also surfaced accordingly. Protection against the intervention of adversarial examples is a fundamental issue that needs to be addressed before wide adoption of deep learning based intelligent systems. In this research, we utilize the method known as input recharacterization to effectively remove the perturbations found in the adversarial examples in order to maintain the performance of the original model. Input recharacterization typically consists of two stages: a forward transform and a backward reconstruction. Our hope is that by going through the lossy two-way transformation, the purposely added 'noise' or 'perturbation' will become ineffective. In this work, we employ digital halftoning and inverse halftoning for input recharacterization, although there exist many possible choices. We apply convolution layer visualization to better understand the network architecture and characteristics. The data set used in this study is Tiny ImageNet, consisting of 260 thousand 128x128 grayscale images belonging to 200 classes. Most of defense mechanisms rely on gradient masking, input transform and adversarial training. Among these strategies, adversarial training is widely regarded as the most effective. However, it requires adversarial examples to be generated and included in the training set, which is impractical in most applications. The proposed approach is more similar to input transform. We convert the image from intensity-based representation to density-based representation using halftone operation, which hopefully invalidates the attack by changing the image representation. We also investigate whether inverse halftoning can eliminate the adversarial perturbation. The proposed method does not require extra training of adversarial samples. Only low-cost input pre-processing is needed. On the VGG-16 architecture, the top-5 accuracy for the grayscale model is 76.5%, the top-5 accuracy for halftone model is 80.4%, and the top-5 accuracy for the hybrid model (trained with both grayscale and halftone images) is 85.14%. With adversarial attacks generated using FGSM, I-FGSM, and PGD, the top-5 accuracy of the hybrid model can still maintain 80.97%, 78.77%, 81.56%, respectively. Although the accuracy has been affected, the influence of adversarial examples is significantly discounted. The average improvement over existing input transform defense mechanisms is approximately 10%.
Naseer, Muzammal. "Novel Concepts and Designs for Adversarial Attacks and Defenses." Phd thesis, 2021. http://hdl.handle.net/1885/258166.
Повний текст джерелаChen, Yu-Sheng, and 陳育聖. "Adversarial Attack against Modeling Attack on PUFs." Thesis, 2019. http://ndltd.ncl.edu.tw/cgi-bin/gs32/gsweb.cgi/login?o=dnclcdr&s=id=%22107NCHU5394018%22.&searchmode=basic.
Повний текст джерела國立中興大學
資訊科學與工程學系所
107
The Physical Unclonable Function (PUF) has been proposed for the identification and authentication of devices and cryptographic key generation. A strong PUF provides an extremely large number of device-specific challenge-response pairs (CRP) which can be used for identification. Unfortunately, the CRP mechanism is vulnerable to modeling attack, which uses machine learning (ML) algorithms to predict PUF responses with high accuracy. Many methods have been developed to strengthen strong PUFs with complicated hardware; however, recent studies show that they are still vulnerable by leveraging GPU-accelerated ML algorithms. In this paper, we propose to deal with the problem from a different perspective. By modifying the CRP mechanism, a PUF can provide poison data such that an accurate model of the PUF under attack cannot be built by ML algorithms. Experimental results show that the proposed method provides an effective countermeasure against modeling attacks on PUFs.
Hsieh, Yi-Tung, and 謝義桐. "Detecting Geometric Transformation-based Adversarial Attack using Adversarial Matching Analysis." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/7h2dqz.
Повний текст джерела國立臺灣科技大學
資訊工程系
107
Deep Neural Networks has been continuously developing and progressing, and it has achieved impressive results in many tasks. However, the robustness of the model is not being attentive to. An adversarial attack is an attack that is undetectable and intentionally designed to make the model misclassification. Different from previous studies, the adversarial attack based on geometric transformation without adversarial noise is not only more imperceptible but also make the effects of previous defense method not as well as expected. In this thesis, we propose a spatial transformed adversarial detector that treats the local pixel-transformed noise as a kind of image noise and uses image smoothing techniques to reduce the perturbations. By comparing the degree of matching between before and after smoothing is analyzed by adversarial matching analysis to detect adversarial example. According to the results, our detector can achieve 86.05% of F1-measure. The main contributions of the thesis are as follows: (a) Extracting matching anomaly features through adversarial matching analysis; (b) Introduce a detection system that can detect geometric transformation-based adversarial attack early.
Chen, Ming-Hung, and 陳明宏. "Attack Graph Based Network Defense." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/10775568647829336324.
Повний текст джерела中原大學
資訊工程研究所
93
As the society gradually evolved to accommodate the advances of technologies, many network applications have been invented, which lead to the flourishing development of the Internet. With more and more services move to the Internet, intruders are attracted by the possible advantages they are able to take by exploiting human mistakes or software vulnerabilities. On seeing a suspicious packet, the response an intrusion detection system makes is usually based on the alert solely; environmental characteristics and the current network states are rarely considered. In order to prevent an intruder from achieving his final goal after initial attacks are detected, an automated mechanism that can help in making appropriate decisions on the response strategies and the response actors is needed. Intrusion detection systems produce certain amount of false alarms; and, usually, they react to intrusion events statically .In this thesis, we proposed a mechanism based on attack graph to strengthen the dependability of alarms. Also, when an alarm matches to the attack graph of the site in concern, the mechanism can help to determine the appropriate response to take.
Lin, Yi-Chen, and 林羿辰. "Adversarial attack against deep learning based self-checkout systems." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/696f5g.
Повний текст джерела國立臺灣大學
電機工程學研究所
107
In recent years, with the successful development of deep learning, many applications adopting deep learning techniques have been used in our daily lives. In the retail industry, deep learning models have been used for self-checkout, but deep learning models are vulnerable to adversarial attacks. Such applications have security concerns. This thesis presents a method that can be used to attack such self-checkout systems in practical. The object detection model can be misled by attaching a sticker with a specific pattern to the product. The sticker is generated by an adversarial attack algorithm and is stuck to a specific location which is generated by a differential evolution algorithm. Two different purposes of the above attack are proposed through this method, one for reducing the precision of the model and the other for converting objects into a specific category. Experimental tests on the models of YOLOv3 and Faster R-CNN can achieve effective attacks and prove that such attacks are transferability. According to our experimental results, the self-checkout system only using deep learning object detection model is not reliable. When encountering a malicious user, it may cause identification errors and cause losses to the store.
CHEN, JYUN-HONG, and 陳俊宏. "Domain Name System Amplification Attack Resolution and Defense." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/46avda.
Повний текст джерела國立雲林科技大學
資訊管理系
105
Domain Name System Amplification Attack (DNS) has been a very common attack type in recent years. As the network grows, it is easy to achieve Denial of Service (DoS) attacks. Paralyze the victim's network, so that the victims can not be normal operation. But also can set the power of the crowd at the same time decentralized distributed denial of service attacks (Distributed Denial of Service, DDoS) is to allow users a headache. Many DNS servers have solutions to this problem, such as the ACL (Access Control List) restriction, the close recursive query function, and so on, can be effectively attacked or exploited to attack the DNS attack attacks. Of the DNS server for adequate protection. But for the end user does not provide good protection measures. In this paper, we study the protection rules of the DNS server and the intrusion detection system based on DNS and the open source intrusion detection system, and combine the characteristics of the attack packets to make the intrusion detection system provide the security of end-user protection DNS amplification attack. Protection. In this paper, an effective DNS amplification attack prevention rule is formulated, so that the internal network server or the end user can have a good security environment not to be amplified attack. This rule can be combined with the intrusion detection system inline mode (Inline Mode) with the firewall can be the actual block (drop, block ... and other actions), or just observe and does not affect the actual flow of the detection mode (Sniffer Mode) , Are can be used with the demand environment. Keywords:DNS, Amplification Attack, DDOS, Snort, intrusion detection systems
Yu, Ching-Hsi, and 余清溪. "AS-Base Defense System Against Distributed DOS Attack." Thesis, 2008. http://ndltd.ncl.edu.tw/handle/75739382281517055225.
Повний текст джерела國立中興大學
電機工程學系所
96
The increasing denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are severe treats for internet service. Internet connections or victims were jammed by many useless packets that were sent from a large number of compromised hosts caused by DDoS attacks. Although many techniques have been proposed to defend from the DDoS attacks, they are still hard to respond the flooding-based DDoS attacks. These attacks are launched from a large number of infected hosts. Those infected hosts are simple to implement but difficult to prevent, therefore hard to trace. In this thesis, we propose a new defending system called autonomous system (AS) based defense system to countermeasure the flooding-based DoS/DDoS attacks. The defend system can replace the value in ID field of the IP packet by an autonomous system number (ASN) so that it can be efficiently recognized. Based on the design, this system can resolve the troublesome caused by the flooding-based DoS/DDoS attacks and provide better internet security.
Yen, Peng Kao, and 高燕鵬. "A Study On VLAN Hopping Attack and Defense." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/85327420974340066260.
Повний текст джерела國防大學中正理工學院
資訊科學研究所
95
This dissertation examines the threats of “VLAN Hopping Attack” and their countermeasures. Different approaches of the hopping attacks on different network environments are studied, implemented, and discussed thoroughly. The VLAN (Virtual Local Area Network) is designed, based on the IEEE 802.1Q standard, to improve the network performance by adequately configuring the software of switches for segmenting broadcast domains, and commonly considered as a “secure network architecture”. Unfortunately, the original design of IEEE 802.1Q does not provide any authentication mechanism on the tag of IEEE 802.1Q frames, which may leave the network under the threats of malicious attacks. We implement various “VLAN Hopping Attack” scenarios on different VLAN structures in order to understand and analyze the attacks in detail. Thereafter a network framework has been proposed as the countermeasures, and implemented in our test-bed. The principle of the proposed solution comes from the idea of “Defense in Depth", and results of the experiment show that our approaches are effective in defending VLAN hopping attack.
(11190282), Agnideven Palanisamy Sundar. "Learning-based Attack and Defense on Recommender Systems." Thesis, 2021.
Знайти повний текст джерелаPalanisamy, Sundar Agnideven. "Learning-based Attack and Defense on Recommender Systems." Thesis, 2021. http://dx.doi.org/10.7912/C2/65.
Повний текст джерелаThe internet is the home for massive volumes of valuable data constantly being created, making it difficult for users to find information relevant to them. In recent times, online users have been relying on the recommendations made by websites to narrow down the options. Online reviews have also become an increasingly important factor in the final choice of a customer. Unfortunately, attackers have found ways to manipulate both reviews and recommendations to mislead users. A Recommendation System is a special type of information filtering system adapted by online vendors to provide suggestions to their customers based on their requirements. Collaborative filtering is one of the most widely used recommendation systems; unfortunately, it is prone to shilling/profile injection attacks. Such attacks alter the recommendation process to promote or demote a particular product. On the other hand, many spammers write deceptive reviews to change the credibility of a product/service. This work aims to address these issues by treating the review manipulation and shilling attack scenarios independently. For the shilling attacks, we build an efficient Reinforcement Learning-based shilling attack method. This method reduces the uncertainty associated with the item selection process and finds the most optimal items to enhance attack reach while treating the recommender system as a black box. Such practical online attacks open new avenues for research in building more robust recommender systems. When it comes to review manipulations, we introduce a method to use a deep structure embedding approach that preserves highly nonlinear structural information and the dynamic aspects of user reviews to identify and cluster the spam users. It is worth mentioning that, in the experiment with real datasets, our method captures about 92\% of all spam reviewers using an unsupervised learning approach.
Sha, Yi-hwa, and 夏怡華. "The Defense of DDoS Attack by Heterogeneous Tracers." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/67629072464409813210.
Повний текст джерела中華大學
資訊工程學系(所)
98
To solve the DoS/DDoS problems efficiently, the first things is to locate the attack origins and then cooperate the filtering-enabled routers nearby to filter the abnormal packets in time. But the original routers can’t provide these functions such as tracking, filtering and so on. They have to be enhanced with additional functions to defense DoS/DDoS attacks. We refer the enhanced routers to as tracers. According to the characteristic, cost and necessity of tracers, we classify and select three kinds of heterogeneous tracers, namely tunneling-enabled routers, marking-enabled routers and filtering-enabled routers to defense DoS/DDoS attacks. The tunneling-enabled routers have the lowest cost than the others and they can alter the path of the passing packets to destination easily, but tunneling packet will increase the cost of the network. In this paper, we study how to use tunneling-enabled routers efficiently to forward packets to the best candidate of filtering-enabled routers for locating attack origins and filtering abnormal packets in time. Four methods are proposed and compared with the optimal solution. The fourth method with the assistance of marking-enabled routers has the best performance by simulation result, so that only 80% of the tracers need to active within the reach inhibiting DoS/DDoS attacks.
LAN, YI-CHIAO, and 籃奕喬. "Defense DNS Distributed Denial of Service Amplification Attack." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/6m7687.
Повний текст джерела國立中正大學
雲端計算與物聯網數位學習碩士在職專班
106
Nowaday, the enterprise network faces a huge number of network attacks from the Internet. Although many network security equipments and softwares have been deployed in the enterprise network, enterprises still face high security threats. This may due to two main reasons, namely human factor and network system. When administrators receive malicious attack alerts, they must immediately find the device been attacked from many devices and solve the problem with various defneding methods such that the enterprise network can be recovered as soon as possible. A malicious attack may cause the enterprise a huge loss in business. Although most of the network device manufacturers provided RESTful API to the network administrators to reduce the management complexity, the network administrators still face great challenge on dealing with network attachs due to the large number devices and device manufacturers which have their own APIs.. In this thesis, we propose a SDN-based mechanism to tackle with DNS DDoS amplification blocking attack. Through the combination of traditional network and software defined network, the mechanism adopts chat robot as the core of connecting system architecture and machine learning mechanism to implement a centralized control management system and a monitoring system on real-time packet processing. The monitoring rules are based on the history of the query domain name as well as characteristics packet behaviors. An enterprise module is then built to detect anormal packet behaviors in real time. The proposed mechanism can be applied to any enterprise networks such that, in addition to reducing the manpower and network attck handling time, it can improve the quality of the enterprise network..
Chang, Chi-yu, and 張志宇. "A Coordinated defense scheme against high-rate DDoS Attack." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/19604905058759151790.
Повний текст джерела國立屏東商業技術學院
資訊管理系(所)
98
Distributed denial-of-service (DDoS) attacks can be regarded as the most serious threats for current Internet. This paper presents a two-tier coordination approach for detecting and mitigating DDoS attacks. The first tier filter (1st TF) filters suspicious traffic for possible flooding. This is achieved by using proactive tests to identify and isolate the malicious traffic. The second tier filter (2nd TF), which is deployed on network routers, performs online monitoring on queue length status with RED/Droptail mechanism for any incoming traffic. The simulation shows that the scheme can detect attacks accurately and effectively.
Chen, Jan-Min, and 陳建民. "AN AUTOMATED DEFENSE MECHANISM FOR WEB APPLICATION INJECTION ATTACK." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/69583889921599411773.
Повний текст джерела大同大學
資訊工程學系(所)
98
Injection flaw results from invalidated input so proper input validation is an effective countermeasure to protect against injection attack. Some programs are poorly written, lacking even the most basic security procedures for sanitizing input. Furthermore some legacy applications may not be viable to modify the source of such components. The input validation vulnerability can be detected by many tools but very few tools can automatically fix the flaws. We had been devoted to the study of automated defense mechanism for Web application injection attack, and developed a security safeguard having a good “scalability” when applied to Web site growth or unknown injection attacks. It is transparent and independent of programming languages and requires neither application developer’s interactions nor source code modifications. To verify the effectiveness and efficiency of the defense mechanism, we focus on whether the detection errors had been reduced and the detection speediness and accuracy of identifying Web crawler. The experimental results show that our method renders least errors in comparison with other sanitizing strategies, and various Web visitors can be correctly and quickly differentiated in accordance with security policy.
Lin, Yu Feng, and 林玉峰. "The Performance Index Research of Network Attack and Defense." Thesis, 2005. http://ndltd.ncl.edu.tw/handle/38811430068068220166.
Повний текст джерела樹德科技大學
資訊管理研究所
93
Due to the hacker’s intrusion technologies are fast development and to change with each passing day, Network security become the most important issue of information systems. With regard to hacker, it is easy to intrude the information systems with vulnerabilities, moreover the client user lack the protected technology and knowledge to evaluate the risk degree of information system. Hence it is difficult to prevent malicious attack from hacker, even if there are install some security protection mechanism such as anti-virus, firewall and intrusion detection system. In order to make the client user has the measure principle with the hacker’s tools, this thesis use the denial of service attack as the experiment to search and create performance index of network attack and defense tools. The research hopes these performance indices can completely imitate to all of hacker’s tools, and to understand the trend of network attack. At the same time the result of this research let the client user to understand the extent of attacking injury and how to protect the network system, decrease the damage of hacker attack.
LIU, KAI-JUNG, and 劉凱榮. "The Study for Distributed Denial of Service Attack and Defense." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/jp5fmx.
Повний текст джерела華梵大學
資訊管理學系碩士班
105
Due to the rapid and prosperous development of network in recent years, most people’s life has closely connected with network. The convenience of network also promotes the rapid development of various network applications. Manufactures also launch many network-based applications and services that bring convenience. It also causes a lot unpredictable trouble. Therefore, the information security of network environment has evolved into an extremely important research field. This thesis discusses the method of the combination between distributed denial of service attack and other attacks by giving the definition of denial of service attack, making a comprehensive and essential pattern classification, and illustrating the advancement of distributed denial of service attack compared with the denial of service attack. This thesis also makes an in-depth description of the distributed denial of service attack as well as reasons of the formation of these systems and discusses the attack pattern of the distributed denial of service attack in detail. On the above basis, this thesis proposes a new classification method for current countermeasures to make a further conclusion. It points out that only through comprehensive defense system that can effectively counter the distributed denial service attack. Finally, this thesis indicates the direction of fundamentally defensing the distributed denial service attack.
Chen, Chih-Chieh, and 陳治榤. "The Design and Implementation of ARP Spoofing Attack Defense System." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/82926102457103589698.
Повний текст джерела國立高雄第一科技大學
資訊管理研究所
99
This paper will introduce a common method of attack on the Internet in the recent years: the ARP spoofing attack. By understanding its mode of operation and the theory behind it, the paper will further analyze the methods and types of the ARP spoofing attacks. It will also show the current approaches to preventing the ARP spoofing attacks, such as NBAD (Network Behavior Anomaly Detection) Switch, ARP firewall, etc., in order to illustrate and compare their advantages and shortcomings. The system developed in this study integrates a DHCP server and a PostgreSQL database, pairing them with the Dynamic ARP Inspection and DHCP Snooping techniques of the Layer 3 Switch to achieve a combined IP and MAC lock. After implementation, the system proved capable of reliably binding IP and MAC in accordance with the standard expectations of defense against ARP Spoofing attacks.