David Evans, University of Virginia
Machine learning classifiers are widely used in security applications, and often achieve outstanding performance in testing. When deployed, however, classifiers can often be thwarted by motivated adversaries who can construct evasive variants which are misclassified as benign. The main reason for this is that classifiers are trained on samples collected from previous attacks, which often differ from benign samples in superficial and easily-modified ways. Further, many machine learning techniques, including deep neural networks, are inherently fragile. In this talk, I’ll highlight the reasons most classifiers can be evaded by motivated adversaries and demonstrate some successful evasion techniques, including ones that can be fully automated. Then, I’ll talk about methods that could be used to make classifiers less vulnerable to evasion and to evaluate the robustness of a deployed classifiers in the presence of adversaries.
David Evans is a Professor of Computer Science at the University of Virginia and leader of the Security Research Group. He is the author of an open computer science textbook, a children's book on combinatorics and computability, and teacher of one of the world's most popular MOOCs. He won the Commonwealth of Virginia’s Outstanding Faculty Award and was Program Co-Chair for the 31st (2009) and 32nd (2010) IEEE Symposia on Security and Privacy. He has SB, SM and PhD degrees in Computer Science from MIT and has been a faculty member at the University of Virginia since 1999.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
Enigma is a registered trademark of the USENIX Association.