基于可学习攻击步长的联合对抗训练方法

对抗训练(AT)是抵御对抗攻击的有力手段。然而,现有方法在训练效率和对抗鲁棒性之间往往难以平衡。部分方法提高训练效率但降低对抗鲁棒性,而其他方法则相反。为了找到最佳平衡点,提出了一种基于可学习攻击步长的联合对抗训练方法(FGSM-LASS)。该方法包括预测模型和目标模型,其中,预测模型为每个样本预测攻击步长,替代FGSM算法的固定大小攻击步长。接着,将目标模型参数和原始样本输入改进的FGSM算法,生成对抗样本。最后,采用联合训练策略,共同训练预测和目标模型。在与最新五种方法比较时,FGSM-LASS在速度上比鲁棒性最优的LAS-AT快6倍,而鲁棒性仅下降1%;与速度相近的ATAS相比,鲁棒性提升3%。实验结果证明,FGSM-LASS在训练速度和对抗鲁棒性之间的权衡表现优于现有方法。

混合型抗机器学习攻击的强PUF电路设计

物理不可克隆函数(Physical Unclonable Function, PUF)作为一种面向硬件的安全原语,在资源受限的物联网设备中具有广泛的应用前景,但其安全性也受到机器学习攻击的威胁。通过对抗电路结构攻击和机器学习攻击等方法的研究,提出混合型抗电路结构攻击的新型PUF电路。首先,构造两个并行且对称设置的仲裁器PUF(Arbiter PUF, APUF),并将两个APUF输出进行异或,得到1位PUF响应输出;然后,为两个APUF引入前馈回路,实现输入激励集动态调整,确保结构非线性,防御建模攻击;最后,将两个并行APUF开关单元的输出对应交叉,使后级开关单元输入激励相互倒置,扩大信号延时路径选择范围,提高输出响应随机特性。该PUF采用现场可编程逻辑门阵列(Field Programmable Gate Array,FPGA)实现,测试结果表明:即使机器学习训练所用激励响应对数量达105,采用传统机器学习进行模型攻击,预测率仍接近50%理想值,且PUF电路的随机性、唯一性和稳定性等性能指标均表现良好,具备实际应用价值。

视觉识别深度学习模型的黑盒迁移攻击方法综述

随着深度学习的快速发展,视觉领域的众多任务得到了有效解决。在性能不断提升的同时,对抗样本的发现引发了关于深度学习可靠性、安全性的反思。相较于早期的白盒攻击,黑盒迁移攻击无需获取被攻击模型的网络架构、参数等敏感信息,因而不易察觉,威胁相对较大。目前的综述文献主要围绕对抗攻击或对抗攻击和防御做全面总结,对视觉识别深度模型的黑盒迁移攻击方法往往未做专题性回顾与展望,为此文中特别围绕黑盒迁移攻击的最新进展进行了全面的梳理和总结。首先,从优化和学习两种视角介绍了黑盒迁移攻击的基本模型。对于优化视角下的迁移攻击,具体从梯度扰动更新、样本邻域增广以及模型决策代理等三方面对现有文献做了梳理和分析。对于学习视角下的迁移攻击,具体从通用扰动和生成扰动两方面对现有文献做了进一步梳理和分析。最后,总结出了当前黑盒迁移攻击方法的两个核心:最优解平滑性和特征语义引导,同时指出未来工作的重点和难点在于黑盒迁移攻击的可解释性与泛化性。

联邦学习隐私保护研究进展

针对隐私保护的法律法规相继出台,数据孤岛现象已成为阻碍大数据和人工智能技术发展的主要瓶颈。联邦学习作为隐私计算的重要技术被广泛关注。从联邦学习的历史发展、概念、架构分类角度,阐述了联邦学习的技术优势,同时分析了联邦学习系统的各种攻击方式及其分类,讨论了不同联邦学习加密算法的差异。总结了联邦学习隐私保护和安全机制领域的研究,并提出了挑战和展望。

一种适用于物联网设备的基于异或门的Pico物理不可克隆函数

针对可重构Pico-PUF对机器学习建模攻击抵抗能力较弱,本文对RPPUF进行了改进,提出了一种基于异或门的抗ML攻击的可重配置Pico-PUF,即XORPPUF.通过将可配置逻辑中的每个非门替换为异或门,并将PUF的输出进行混淆处理,提高了PUF抗ML攻击能力,同时保持PUF性能.在Xilinx Spartan-6XC6SLX25FPGA开发板上实现并验证了提出的XORPPUF.实验结果表明,XORPPUF实现了46.01%的唯一性、99.10%的温度可靠性以及49.1%的均匀性.与RPPUF结构相比,提高了0.21%的唯一性、1.10%的均匀性以及72×的挑战开销比率.不仅如此,对于支持向量机、逻辑回归、决策树、随机森林和人工神经网络攻击时的识别准确率,提出的XORPPUF相比RPPUF分别降低了47.40%、31.37%、12.63%、13.83%和41.16%,即XORPPUF在抗ML攻击中也有着比RPPUF更好的表现.因此更适合资源有限的物联网设备.

A Fast Federated Learning-based Crypto-aggregation Scheme and Its Simulation Analysis

To solve the problem of increased computation and communication costs caused by using homomorphic encryption(HE) to protect all gradients in traditional cryptographic aggregation(cryptoaggregation) schemes,a fast crypto-aggregation scheme called RandomCrypt was proposed.RandomCrypt performed clipping and quantization to fix the range of gradient values and then added two types of noise on the gradient for encryption and differential privacy(DP) protection.It conducted HE on noise keys to revise the precision loss caused by DP protection.RandomCrypt was implemented based on a FATE framework,and a hacking simulation experiment was conducted.The results show that the proposed scheme can effectively hinder inference attacks while ensuring training accuracy.It only requires 45%~51% communication cost and 5%~23% computation cost compared with traditional schemes.

A Test Bed for Information Security Skill Development with Virtual Training Environment

New attacks are emerging rapidly in Information Security; hence the tools and technologies available for securing the information needs substantial upgradation as well as skills for operationalization to mitigate these attacks. It requires creation of practical training environment with tools and technologies available for Information Security. The design of Information Security courses involves scenario based hands-on-labs with real time security incidents and problems with global reach which could be customized quickly as per the scenario and user＇s requirement. In order to understand the underlying concepts as well as to learn the practical aspects of network and system security environment, an initiative has been taken and a Virtual Test Bed has been developed to meet the above objectives. It is an essential component in Information Security training concept which could be used to perform actual security attacks and remedial measures as well as to test the effectiveness of protection mechanisms and help in handling the security incidents effectively. This paper discusses the development of this Test Bed for Information Security skill development with virtual training environment using which Information Security concepts, attacks on networks/systems and practical scenarios are simulated for imparting hands on training to participants.