• Title/Summary/Keyword: Decision-based attack

Search Result 96, Processing Time 0.025 seconds

Generating Audio Adversarial Examples Using a Query-Efficient Decision-Based Attack (질의 효율적인 의사 결정 공격을 통한 오디오 적대적 예제 생성 연구)

  • Seo, Seong-gwan;Mun, Hyunjun;Son, Baehoon;Yun, Joobeom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.1
    • /
    • pp.89-98
    • /
    • 2022
  • As deep learning technology was applied to various fields, research on adversarial attack techniques, a security problem of deep learning models, was actively studied. adversarial attacks have been mainly studied in the field of images. Recently, they have even developed a complete decision-based attack technique that can attack with just the classification results of the model. However, in the case of the audio field, research is relatively slow. In this paper, we applied several decision-based attack techniques to the audio field and improved state-of-the-art attack techniques. State-of-the-art decision-attack techniques have the disadvantage of requiring many queries for gradient approximation. In this paper, we improve query efficiency by proposing a method of reducing the vector search space required for gradient approximation. Experimental results showed that the attack success rate was increased by 50%, and the difference between original audio and adversarial examples was reduced by 75%, proving that our method could generate adversarial examples with smaller noise.

Query-Efficient Black-Box Adversarial Attack Methods on Face Recognition Model (얼굴 인식 모델에 대한 질의 효율적인 블랙박스 적대적 공격 방법)

  • Seo, Seong-gwan;Son, Baehoon;Yun, Joobeom
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.6
    • /
    • pp.1081-1090
    • /
    • 2022
  • The face recognition model is used for identity recognition of smartphones, providing convenience to many users. As a result, the security review of the DNN model is becoming important, with adversarial attacks present as a well-known vulnerability of the DNN model. Adversarial attacks have evolved to decision-based attack techniques that use only the recognition results of deep learning models to perform attacks. However, existing decision-based attack technique[14] have a problem that requires a large number of queries when generating adversarial examples. In particular, it takes a large number of queries to approximate the gradient. Therefore, in this paper, we propose a method of generating adversarial examples using orthogonal space sampling and dimensionality reduction sampling to avoid wasting queries that are consumed to approximate the gradient of existing decision-based attack technique[14]. Experiments show that our method can reduce the perturbation size of adversarial examples by about 2.4 compared to existing attack technique[14] and increase the attack success rate by 14% compared to existing attack technique[14]. Experimental results demonstrate that the adversarial example generation method proposed in this paper has superior attack performance.

A Design of FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) using Naive Bayesian and Data Mining (나이브 베이지안과 데이터 마이닝을 이용한 FHIDS(Fuzzy Logic based Hybrid Intrusion Detection System) 설계)

  • Lee, Byung-Kwan;Jeong, Eun-Hee
    • The Journal of Korea Institute of Information, Electronics, and Communication Technology
    • /
    • v.5 no.3
    • /
    • pp.158-163
    • /
    • 2012
  • This paper proposes an FHIDS(Fuzzy logic based Hybrid Intrusion Detection System) design that detects anomaly and misuse attacks by using a Naive Bayesian algorithm, Data Mining, and Fuzzy Logic. The NB-AAD(Naive Bayesian based Anomaly Attack Detection) technique using a Naive Bayesian algorithm within the FHIDS detects anomaly attacks. The DM-MAD(Data Mining based Misuse Attack Detection) technique using Data Mining within it analyzes the correlation rules among packets and detects new attacks or transformed attacks by generating the new rule-based patterns or by extracting the transformed rule-based patterns. The FLD(Fuzzy Logic based Decision) technique within it judges the attacks by using the result of the NB-AAD and DM-MAD. Therefore, the FHIDS is the hybrid attack detection system that improves a transformed attack detection ratio, and reduces False Positive ratio by making it possible to detect anomaly and misuse attacks.

A Study on the Design and Implementation of System for Predicting Attack Target Based on Attack Graph (공격 그래프 기반의 공격 대상 예측 시스템 설계 및 구현에 대한 연구)

  • Kauh, Janghyuk;Lee, Dongho
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.16 no.1
    • /
    • pp.79-92
    • /
    • 2020
  • As the number of systems increases and the network size increases, automated attack prediction systems are urgently needed to respond to cyber attacks. In this study, we developed four types of information gathering sensors for collecting asset and vulnerability information, and developed technology to automatically generate attack graphs and predict attack targets. To improve performance, the attack graph generation method is divided into the reachability calculation process and the vulnerability assignment process. It always keeps up to date by starting calculations whenever asset and vulnerability information changes. In order to improve the accuracy of the attack target prediction, the degree of asset risk and the degree of asset reference are reflected. We refer to CVSS(Common Vulnerability Scoring System) for asset risk, and Google's PageRank algorithm for asset reference. The results of attack target prediction is displayed on the web screen and CyCOP(Cyber Common Operation Picture) to help both analysts and decision makers.

An Adaptive Probe Detection Model using Fuzzy Cognitive Maps

  • Lee, Se-Yul;Kim, Yong-Soo
    • Proceedings of the Korean Institute of Intelligent Systems Conference
    • /
    • 2003.09a
    • /
    • pp.660-663
    • /
    • 2003
  • The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using Fuzzy Cognitive Maps(FCM) that can detect intrusion by the Denial of Service(DoS) attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The Sp flooding Preventer using Fuzzy cognitive maps(SPuF) model captures and analyzes the packet information to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. The result of simulating the "KDD ′99 Competition Data Set" in the SPuF model shows that the Probe detection rates were over 97 percentages.

  • PDF

Design of Hybrid Network Probe Intrusion Detector using FCM

  • Kim, Chang-Su;Lee, Se-Yul
    • Journal of information and communication convergence engineering
    • /
    • v.7 no.1
    • /
    • pp.7-12
    • /
    • 2009
  • The advanced computer network and Internet technology enables connectivity of computers through an open network environment. Despite the growing numbers of security threats to networks, most intrusion detection identifies security attacks mainly by detecting misuse using a set of rules based on past hacking patterns. This pattern matching has a high rate of false positives and can not detect new hacking patterns, making it vulnerable to previously unidentified attack patterns and variations in attack and increasing false negatives. Intrusion detection and prevention technologies are thus required. We proposed a network based hybrid Probe Intrusion Detection model using Fuzzy cognitive maps (PIDuF) that detects intrusion by DoS (DDoS and PDoS) attack detection using packet analysis. A DoS attack typically appears as a probe and SYN flooding attack. SYN flooding using FCM model captures and analyzes packet information to detect SYN flooding attacks. Using the result of decision module analysis, which used FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance evaluation, the "IDS Evaluation Data Set" created by MIT was used. From the simulation we obtained the max-average true positive rate of 97.064% and the max-average false negative rate of 2.936%. The true positive error rate of the PIDuF is similar to that of Bernhard's true positive error rate.

A Study on Network based Intelligent Intrusion Prevention model by using Fuzzy Cognitive Maps on Denial of Service Attack (서비스 거부 공격에서의 퍼지인식도를 이용한 네트워크기반의 지능적 침입 방지 모델에 관한 연구)

  • Lee, Se-Yul;Kim, Yong-Soo;Sim, Kwee-Bo
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.13 no.2
    • /
    • pp.148-153
    • /
    • 2003
  • A DoS(Denial of Service) attack appears in the form of the intrusion attempt and Syn Flooding attack is a typical example. The Syn Flooding attack takes advantage of the weak point of 3-way handshake between the end-points of TCP which is the connection-oriented transmission service and has the reliability This paper proposes a NIIP(Network based Intelligent Intrusion Prevention) model. This model captures and analyzes the packet informations for the detection of Syn Flooding attack. Using the result of analysis of decision module, the decision module, which utilizes FCM(Fuzzy Cognitive Maps), measures the degree of danger of the DoS and trains the response module to deal with attacks. This model is a network based intelligent intrusion prevention model that reduces or prevents the danger of Syn Flooding attack.

A Probe Prevention Model for Detection of Denial of Service Attack on TCP Protocol (TCP 프로토콜을 사용하는 서비스거부공격 탐지를 위한 침입시도 방지 모델)

  • Lee, Se-Yul;Kim, Yong-Soo
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.13 no.4
    • /
    • pp.491-498
    • /
    • 2003
  • The advanced computer network technology enables connectivity of computers through an open network environment. There has been growing numbers of security threat to the networks. Therefore, it requires intrusion detection and prevention technologies. In this paper, we propose a network based intrusion detection model using FCM(Fuzzy Cognitive Maps) that can detect intrusion by the DoS attack detection method adopting the packet analyses. A DoS attack appears in the form of the Probe and Syn Flooding attack which is a typical example. The SPuF(Syn flooding Preventer using Fussy cognitive maps) model captures and analyzes the packet informations to detect Syn flooding attack. Using the result of analysis of decision module, which utilized FCM, the decision module measures the degree of danger of the DoS and trains the response module to deal with attacks. For the performance comparison, the "KDD′99 Competition Data Set" made by MIT Lincoln Labs was used. The result of simulating the "KDD′99 Competition Data Set" in the SPuF model shows that the probe detection rates were over 97 percentages.

A Study on DDoS Detection Technique based on Cluster in Mobile Ad-hoc Network (무선 애드혹 망에서 클러스터 기반 DDoS 탐지 기법에 관한 연구)

  • Yang, Hwan-Seok;Yoo, Seung-Jae
    • Convergence Security Journal
    • /
    • v.11 no.6
    • /
    • pp.25-30
    • /
    • 2011
  • MANET has a weak construction in security more because it is consisted of only moving nodes and doesn't have central management system. The DDoS attack is a serious attack among these attacks which threaten wireless network. The DDoS attack has various object and trick and become intelligent. In this paper, we propose the technique to raise DDoS detection rate by classifying abnormal traffic pattern. Cluster head performs sentinel agent after nodes which compose MANET are made into cluster. The decision tree is applied to detect abnormal traffic pattern after the sentinel agent collects all traffics and it judges traffic pattern and detects attack also. We confirm high attack detection rate of proposed detection technique in this study through experimentation.

Cyber-attack group analysis method based on association of cyber-attack information

  • Son, Kyung-ho;Kim, Byung-ik;Lee, Tae-jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.14 no.1
    • /
    • pp.260-280
    • /
    • 2020
  • Cyber-attacks emerge in a more intelligent way, and various security technologies are applied to respond to such attacks. Still, more and more people agree that individual response to each intelligent infringement attack has a fundamental limit. Accordingly, the cyber threat intelligence analysis technology is drawing attention in analyzing the attacker group, interpreting the attack trend, and obtaining decision making information by collecting a large quantity of cyber-attack information and performing relation analysis. In this study, we proposed relation analysis factors and developed a system for establishing cyber threat intelligence, based on malicious code as a key means of cyber-attacks. As a result of collecting more than 36 million kinds of infringement information and conducting relation analysis, various implications that cannot be obtained by simple searches were derived. We expect actionable intelligence to be established in the true sense of the word if relation analysis logic is developed later.