Can Drift-Adaptive Malware Detectors Be Made Robust? Attacks and Defenses under White-Box and Black-Box Threats

Concept drift and adversarial evasion are two major challenges for deploying machine learning-based malware detectors. While both have been studied separately, their combination, the adversarial robustness of drift-adaptive detectors, remains unexplored. We address this problem with AdvDA, a rece...

Rectifying Adversarial Examples Using Their Vulnerabilities

Deep neural network-based classifiers are prone to errors when processing adversarial examples AEs. AEs are minimally perturbed input data undetectable to humans posing significant risks to security-dependent applications. Hence, extensive research has been undertaken to develop defense mechanism...

Behavior-Aware and Generalizable Defense against Black-Box Adversarial Attacks for ML-Based IDS

Machine learning based intrusion detection systems are increasingly targeted by black box adversarial attacks, where attackers craft evasive inputs using indirect feedback such as binary outputs or behavioral signals like response time and resource usage. While several defenses have been proposed...

Quantifying the Risk of Transferred Black Box Attacks

Neural networks have become pervasive across various applications, including security-related products. However, their widespread adoption has heightened concerns regarding vulnerability to adversarial attacks. With emerging regulations and standards emphasizing security, organizations must...

"Energon": Unveiling Transformers from GPU Power and Thermal Side-Channels

Transformers have become the backbone of many Machine Learning ML applications, including language translation, summarization, and computer vision. As these models are increasingly deployed in shared Graphics Processing Unit GPU environments via Machine Learning as a Service MLaaS, concerns aroun...

On the Feasibility of Poisoning Text-To-Image AI Models Via Adversarial Mislabeling

Today's text-to-image generative models are trained on millions of images sourced from the Internet, each paired with a detailed caption produced by Vision-Language Models VLMs. This part of the training pipeline is critical for supplying the models with large volumes of high-quality image-captio...

Black-Box Privacy Attacks on Shared Representations in Multitask Learning

Multitask learning MTL has emerged as a powerful paradigm that leverages similarities among multiple learning tasks, each with insufficient samples to train a standalone model, to solve them simultaneously while minimizing data sharing across users and organizations. MTL typically accomplishes th...

Rewriting the Budget: a General Framework for Black-Box Attacks under Cost Asymmetry

Traditional decision-based black-box adversarial attacks on image classifiers aim to generate adversarial examples by slightly modifying input images while keeping the number of queries low, where each query involves sending an input to the model and observing its output. Most existing methods...

A week in security (July 26 – August 1)

Last week on Malwarebytes Labs: OSX.XLoader hides little except its main purpose: What we learned in the installation process. The Clubhouse database “breach” is likely a non-breach. Here’s why. Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach. UDP Technolo...

The world’s southernmost security conference

When asked about his best race, Ayrton Senna replied that it was when he raced karting cars. For him it was the best because it was only for the sake of sports and free from commercial sponsoring and commercial interests. I have this same feeling about computer security conferences, because they...