On the Statistical Detection of Adversarial Instances over Encrypted Data

Conference paper (2019)

Authors

M. Nateghizad Cyber Security - EEMCS
Z. Erkin Cyber Security - EEMCS
M. Loog Pattern Recognition and Bioinformatics - EEMCS
Research Group
Cyber Security (EEMCS) (TU Delft)
Privacy Homomorphic encryption Adversarial machine learning
More Info
expand_more

Published Date

2019

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Intelligent Systems

Research Group

Cyber Security

Abstract

Adversarial instances are malicious inputs designed to fool machine learning models. In particular, motivated and sophisticated attackers intentionally design adversarial instances to evade classifiers which have been trained to detect security violation, such as malware detection. While the existing approaches provide effective solutions in detecting and defending adversarial samples, they fail to detect them when they are encrypted. In this study, a novel framework is proposed which employs statistical test to detect adversarial instances, when data under analysis are encrypted. An experimental evaluation of our approach shows its practical feasibility in terms of computation cost.