在科学,计算和工程学中,黑盒是一种设备,系统或对象,可以根据其输入和输出(或传输特性)对其进行查看,而无需对其内部工作有任何了解。 它的实现是“不透明的”(黑色)。 几乎任何事物都可以被称为黑盒:晶体管,引擎,算法,人脑,机构或政府。为了使用典型的“黑匣子方法”来分析建模为开放系统的事物,仅考虑刺激/响应的行为,以推断(未知)盒子。 该黑匣子系统的通常表示形式是在该方框中居中的数据流程图。黑盒的对立面是一个内部组件或逻辑可用于检查的系统,通常将其称为白盒(有时也称为“透明盒”或“玻璃盒”)。

VIP内容

主题: Imitation Attacks and Defenses for Black-box Machine Translation Systems

摘要: 我们考虑一个寻求窃取黑盒机器翻译(MT)系统的对手,以获取经济利益或排除模型错误。我们首先表明,黑盒机器翻译系统可以通过使用单语句子和训练模型来模拟它们的输出来窃取。通过模拟实验,我们证明了即使模仿模型的输入数据或架构与受害者不同,MTmodel的窃取也是可能的。应用这些思想,我们在高资源和低资源语言对上训练了三个生产MT系统的0.6 BLEU以内的模仿模型。然后,我们利用模仿模型的相似性将对抗性示例转移到生产系统。我们使用基于梯度的攻击,这些攻击会暴露输入,从而导致语义错误的翻译,内容丢失和庸俗的模型输出。为了减少这些漏洞,我们提出了一种防御措施,该防御措施会修改翻译输出,从而误导了模仿模型优化的防御措施。这种防御降低了仿真模型BLEU的性能,并降低了BLEU的攻击传输速率和推理速度。

成为VIP会员查看完整内容
0
4

最新内容

Deep Learning (DL)-based malware detectors are increasingly adopted for early detection of malicious behavior in cybersecurity. However, their sensitivity to adversarial malware variants has raised immense security concerns. Generating such adversarial variants by the defender is crucial to improving the resistance of DL-based malware detectors against them. This necessity has given rise to an emerging stream of machine learning research, Adversarial Malware example Generation (AMG), which aims to generate evasive adversarial malware variants that preserve the malicious functionality of a given malware. Within AMG research, black-box method has gained more attention than white-box methods. However, most black-box AMG methods require numerous interactions with the malware detectors to generate adversarial malware examples. Given that most malware detectors enforce a query limit, this could result in generating non-realistic adversarial examples that are likely to be detected in practice due to lack of stealth. In this study, we show that a novel DL-based causal language model enables single-shot evasion (i.e., with only one query to malware detector) by treating the content of the malware executable as a byte sequence and training a Generative Pre-Trained Transformer (GPT). Our proposed method, MalGPT, significantly outperformed the leading benchmark methods on a real-world malware dataset obtained from VirusTotal, achieving over 24.51\% evasion rate. MalGPT enables cybersecurity researchers to develop advanced defense capabilities by emulating large-scale realistic AMG.

0
0
下载
预览

最新论文

Deep Learning (DL)-based malware detectors are increasingly adopted for early detection of malicious behavior in cybersecurity. However, their sensitivity to adversarial malware variants has raised immense security concerns. Generating such adversarial variants by the defender is crucial to improving the resistance of DL-based malware detectors against them. This necessity has given rise to an emerging stream of machine learning research, Adversarial Malware example Generation (AMG), which aims to generate evasive adversarial malware variants that preserve the malicious functionality of a given malware. Within AMG research, black-box method has gained more attention than white-box methods. However, most black-box AMG methods require numerous interactions with the malware detectors to generate adversarial malware examples. Given that most malware detectors enforce a query limit, this could result in generating non-realistic adversarial examples that are likely to be detected in practice due to lack of stealth. In this study, we show that a novel DL-based causal language model enables single-shot evasion (i.e., with only one query to malware detector) by treating the content of the malware executable as a byte sequence and training a Generative Pre-Trained Transformer (GPT). Our proposed method, MalGPT, significantly outperformed the leading benchmark methods on a real-world malware dataset obtained from VirusTotal, achieving over 24.51\% evasion rate. MalGPT enables cybersecurity researchers to develop advanced defense capabilities by emulating large-scale realistic AMG.

0
0
下载
预览
参考链接
Top