Beyond securing networks and storage: emerging attacks and defenses to machine intelligence

Abstract: Over the past three decades most research efforts in security and privacy have focused on network and storage security. Recently, Deep Neural Network (DNN) classifiers gain wide adoption in different complex tasks, including natural language processing, computer vision and cyber security. However, the underlying assumption of attack free operating environment has been defied by the introduction of several attacks such as adversarial examples and Trojan backdoor attacks. In Adversarial attacks the adversary perturbs the input examples during inference to force the DNN to misclassify while the adversary in the Trojan Backdoor operates in both training and inference phases. In the training phase the adversary trains the DNN in a way such that it behaves normally when the Trojan trigger does not exist, and it misclassifies if the trigger exists. Given that only the adversary knows the trigger, the users of the DNN will be fooled to trust the DNN model. The adversary can now attach the Trigger to the input examples during inference causing the DNN model to misclassify.

In this talk we will discuss our development of several computationally efficient defense approaches for the Adversarial attacks enabling real-time detection of the attack for the first time. We will also discuss our development of an adaptive black-box defense approach for the Trojan Backdoor attack that outperforms the state-of-the-art by studying the relationships among the prediction logits of the DNN. After that we will discuss our recent follow up work in which we show how to jointly combine the above two adversaries to practically launch a new stealthy attack, dubbed AdvTrojan. AdvTrojan is stealthy because it can be activated only when: 1) a carefully crafted adversarial perturbation is injected into the input examples during inference, and 2) a Trojan backdoor is implanted during the training process of the model. We leverage adversarial noise in the input space to move Trojan-infected examples across the model decision boundary, making it difficult to detect. The stealthiness behavior of AdvTrojan fools the users into accidentally trusting the infected model as a robust classifier against adversarial examples. We will also discuss our future research that is focused on expanding the attack and defense mechanisms to new areas such as federated learning setting, the newly introduced concept of hypernets, personalized federated learning, and Graph Neural Networks. We will also discuss several application domains of adversarial as well as Trojan Backdoor attacks.

Biography

Prof. Abdallah Khreishah

Abdallah Khreishah received his Ph.D and M.S. degrees in Electrical and Computer Engineering from Purdue University in 2010 and 2006, respectively. Prior to that, he received his B.S. degree with honors from Jordan University of Science & Technology in 2004. During the last year of his Ph.D, he worked with NEESCOM. In Fall 2012, he joined the Electrical and Computer Engineering department of NJIT as an Assistant Professor and was promoted to Associate Professor in 2017 and Full Professor in 2023. His research spans the areas of machine learning, adversarial machine learning, wireless networks, visible-light communication, vehicular networks, and cloud & edge computing. He was involved in research projects totaling more than $15M funded by several agencies such as the National Science Foundation of US, The US Department of Defense, New Jersey Department of Transportation, and the State of New Jersey. He won several awards such as the best presentation award in INFOCOM 2018, the best paper award of ACM GLSVLSI 2023, the best paper award of SDS 2022, a distinguished TPC member of IEEE Infocom 2021, and the best symposium organization award from IWCMC 2018. He is currently serving as an associate editor for several International Journals including IEEE/ACM Transactions on Networking. He served as the TPC chair for WASA 2017, IEEE SNAMS 2014, IEEE SDS -2014, BDSN-2015, BSDN 2015, IOTSMS-2105. He has also served on the TPC committee of several international conferences such as IEEE INFOCOM. He has mentored several PhD students who currently hold leading positions in academia as well as the industry. He is a senior member of IEEE and the chair of the IEEE EMBS North Jersey chapter.