research-article

Machine Learning–based Cyber Attacks Targeting on Controlled Information: A Survey

Authors:

Yang XiangAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 54, Issue 7

Article No.: 139, Pages 1 - 36

https://doi.org/10.1145/3465171

Published: 18 July 2021 Publication History

Abstract

Stealing attack against controlled information, along with the increasing number of information leakage incidents, has become an emerging cyber security threat in recent years. Due to the booming development and deployment of advanced analytics solutions, novel stealing attacks utilize machine learning (ML) algorithms to achieve high success rate and cause a lot of damage. Detecting and defending against such attacks is challenging and urgent so governments, organizations, and individuals should attach great importance to the ML-based stealing attacks. This survey presents the recent advances in this new type of attack and corresponding countermeasures. The ML-based stealing attack is reviewed in perspectives of three categories of targeted controlled information, including controlled user activities, controlled ML model-related information, and controlled authentication information. Recent publications are summarized to generalize an overarching attack methodology and to derive the limitations and future directions of ML-based stealing attacks. Furthermore, countermeasures are proposed towards developing effective protections from three aspects—detection, disruption, and isolation.

Supplementary Material

a139-miao-supp.pdf (miao.zip)

Supplemental movie, appendix, image and software files for, Machine Learning–based Cyber Attacks Targeting on Controlled Information: A Survey

Download
124.97 KB

References

[1]

Martin Abadi, Andy Chu, Ian Goodfellow, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. 2016. Deep learning with differential privacy. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, 308–318.

Digital Library

[2]

Mohammad Ahmadian and Dan Cristian Marinescu. 2020. Information leakage in cloud data warehouses. IEEE Trans. Sustain. Comput. 5, 2 (2020), 192–203.

[3]

Sultan Alneyadi, Elankayer Sithirasenan, and Vallipuram Muthukkumarasamy. 2016. A survey on data leakage prevention systems. J. Netw. Comput. Applic. 62, Feb. (2016), 137–152.

Digital Library

[4]

Orcan Alpar. 2017. Frequency spectrograms for biometric keystroke authentication using neural network based classifier. Knowl.-based Syst. 116, Jan. (2017), 163–171.

[5]

Giuseppe Ateniese, Luigi V. Mancini, Angelo Spognardi, Antonio Villani, Domenico Vitali, and Giovanni Felici. 2015. Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers. Int. J. Secur. Netw. 10, 3 (2015), 137–150.

Digital Library

[6]

Michael Backes, Markus Dürmuth, and Dominique Unruh. 2008. Compromising reflections-or-how to read LCD monitors around the corner. In Proceedings of the IEEE Symposium on Security and Privacy (SP’08). IEEE, 158–169.

Digital Library

[7]

R. Barona and E. A. Mary Anita. 2017. A survey on data breach challenges in cloud computing security: Issues and threats. In Proceedings of the International Conference on Circuit, Power and Computing Technologies (ICCPCT’17). IEEE, 1–8.

[8]

Yigael Berger, Avishai Wool, and Arie Yeredor. 2006. Dictionary attacks using keyboard acoustic emanations. In Proceedings of the 13th ACM SIGSAC Conference on Computer and Communications Security (CCS’06). ACM, 245–254.

Digital Library

[9]

Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim Šrndić, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion attacks against machine learning at test time. In Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer, 387–402.

Digital Library

[10]

BigML. 2019. Machine learning made beautifully simple for everyone. Retrieved from https://bigml.com/.

[11]

Joseph Bonneau. 2012. The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In Proceedings of the IEEE Symposium on Security and Privacy (SP’12). IEEE, 538–552.

Digital Library

[12]

Thomas Brewster. 2015. 13 million passwords appear to have leaked from this free web host. Retrieved from https://www.forbes.com/sites/thomasbrewster/2015/10/28/000webhost-database-leak/#5b2a9ad06098.

[13]

Liang Cai and Hao Chen. 2011. TouchLogger: Inferring keystrokes on touch screen from smartphone motion. In Proceedings of the 6th USENIX Workshop on Hot Topics in Security (HotSec’11). USENIX Association, 9–15.

[14]

Anthony Califano, Ersin Dincelli, and Sanjay Goel. 2015. Using features of cloud computing to defend smart grid against DDoS attacks. In Proceedings of the 10th Symposium on Information Assurance (Asia’15). NYS, 44–50.

[15]

InfoWatch Analytics Center. 2018. Global Data Leakage Report, 2017. Retrieved from https://infowatch.com/report2017#.

[16]

Farah Chanchary, Yomna Abdelaziz, and Sonia Chiasson. 2018. Privacy concerns amidst OBA and the need for alternative models. IEEE Internet Comput. 22, Apr. (2018), 52–61.

[17]

Chao Chen, Yu Wang, Jun Zhang, Yang Xiang, Wanlei Zhou, and Geyong Min. 2017. Statistical features-based real-time detection of drifted Twitter spam. IEEE Trans. Inf. Forens. Secur. 12, 4 (2017), 914–925.

[18]

Rongmao Chen, Yi Mu, Guomin Yang, Fuchun Guo, and Xiaofen Wang. 2016. Dual-server public-key encryption with keyword search for secure cloud storage. IEEE Trans. Inf. Forens. Secur. 11, 4 (2016), 789–798.

Digital Library

[19]

Long Cheng, Fang Liu, and Danfeng Yao. 2017. Enterprise data breach: Causes, challenges, prevention, and future directions. Data Mining Knowl. Discov. 7, 5 (2017), e1211.

[20]

Maximilian Christ, Andreas W. Kempa-Liehr, and Michael Feindt. 2016. Distributed and parallel time series feature extraction for industrial big data applications. arxiv:cs.LG/1610.07717.

[21]

Rory Coulter, Qing-Long Han, Lei Pan, Jun Zhang, and Yang Xiang. 2020. Data driven cyber security in perspective—Intelligent traffic analysis. IEEE Trans. Cyber. 50, 7 (2020), 3081–3093.

[22]

Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. 2014. The tangled web of password reuse. In Proceedings of the 21st Network and Distributed System Security Symposium (NDSS’14). IEEE, 1–15.

[23]

Li Deng. 2012. The MNIST database of handwritten digit images for machine learning research [best of the web]. IEEE Sig. Process. Mag. 29, 6 (2012), 141–142.

[24]

Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. 2016. No pardon for the interruption: New inference attacks on Android through interrupt timing analysis. In Proceedings of the IEEE Symposium on Security and Privacy (SP’16). IEEE, 414–432.

[25]

C. W. Dukes. 2015. Committee on National Security Systems (CNSS) Glossary. Technical Report. Committee on National Security Systems Instructions (CNSSI).

[26]

Mohamed Amine Ferrag, Leandros Maglaras, and Ahmed Ahmim. 2017. Privacy-preserving schemes for ad hoc social networks: A survey. IEEE Commun. Surv. Tutor. 19, 4 (2017), 3015–3045.

[27]

Carlos Flavián and Miguel Guinalíu. 2006. Consumer trust, perceived security and privacy policy: Three basic elements of loyalty to a web site. Industr. Manag. Data Syst. 106, 5 (2006), 601–620.

[28]

G. David Forney. 1973. The Viterbi algorithm. Proc. IEEE 61, 3 (1973), 268–278.

[29]

Matt Fredrikson, Somesh Jha, and Thomas Ristenpart. 2015. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, 1322–1333.

Digital Library

[30]

Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, David Page, and Thomas Ristenpart. 2014. Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security’14). USENIX Association, 17–32.

[31]

Ponemon from IBM. 2018. 2018 Cost of a Data Breach Study: Global Overview. Retrieved from https://www.ibm.com/security/data-breach.

[32]

Sam Smith from Juniper Research. 2015. Cybercrime will cost business over $2 trillion by 2019. Retrieved from https://www.juniperresearch.com/press/press-releases/cybercrime-cost-busi nesses-over-2trillion.

[33]

Karan Ganju, Qi Wang, Wei Yang, Carl A. Gunter, and Nikita Borisov. 2018. Property inference attacks on fully connected neural networks using permutation invariant representations. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, 619–633.

Digital Library

[34]

Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In Proceedings of the 3rd International Conference on Learning Representations (ICLR’15). OpenReview.net, 1–11.

[35]

Adam Goodkind, David Guy Brizan, and Andrew Rosenberg. 2017. Utilizing overt and latent linguistic structure to improve keystroke-based authentication. Image Vis. Comput. 58, Feb. (2017), 230–238.

Digital Library

[36]

Google. 2019. Predictive analytics — Cloud machine learning engine. Retrieved from https://cloud.google.com/ml-engine/.

[37]

Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2018. Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks. In Proceedings of the 27th USENIX Security Symposium (USENIX Security’18). USENIX Association, 955–972.

[38]

Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). USENIX Association, 217–233.

[39]

Mordechai Guri and Yuval Elovici. 2018. Bridgeware: The air-gap malware. Commun. ACM 61, 4 (2018), 74–82.

Digital Library

[40]

Debiao He, Sherali Zeadally, Neeraj Kumar, and Jong-Hyouk Lee. 2017. Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. 11, 4 (2017), 2590–2601.

[41]

Texas Health and Human Service. 2018. Hospital discharge data public use data file. Retrieved from https://www.dshs.texas.gov/THCIC/Hospitals/Download.shtm.

[42]

Briland Hitaj, Giuseppe Ateniese, and Fernando Perez-Cruz. 2017. Deep models under the GAN: Information leakage from collaborative deep learning. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’17). ACM, 603–618.

Digital Library

[43]

Avesta Hojjati, Anku Adhikari, Katarina Struckmann, Edward Chou, Thi Ngoc Tho Nguyen, Kushagra Madan, Marianne S. Winslett, Carl A. Gunter, and William P. King. 2016. Leave your phone at the door: Side channels that reveal factory floor secrets. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, 883–894.

[44]

Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar. 2011. Adversarial machine learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 43–58.

[45]

Kaggle Inc. 2014. Acquire valued shoppers challenge. Retrieved from https://www.kaggle.com/c/acquire-valued-shoppers-challenge/data.

[46]

Kaggle Inc. 2017. 20 Newsgroups. Retrieved from https://www.kaggle.com/crawford/20-newsgroups.

[47]

Qi Jiang, Sherali Zeadally, Jianfeng Ma, and Debiao He. 2017. Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5, Mar. (2017), 3376–3392.

[48]

Ambika Kaul, Saket Maheshwary, and Vikram Pudi. 2017. Autolearn–Automated feature generation and selection. In Proceedings of the IEEE International Conference on Data Mining (ICDM’17). IEEE, 217–226.

[49]

Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez. 2012. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In Proceedings of the IEEE Symposium on Security and Privacy (SP’12). IEEE, 523–537.

Digital Library

[50]

Muhammad Salman Khan, Sana Siddiqui, and Ken Ferens. 2018. A Cognitive and Concurrent Cyber Kill Chain Model. Springer, Cham.

[51]

Richard Kissel. 2013. Glossary of Key Information Security Terms. National Institute of Standards and Technology (NIST) — Computer Security Resource Center, Gaithersburg, MD.

[52]

Dennis Kiwia, Ali Dehghantanha, Kim-Kwang Raymond Choo, and Jim Slaughter. 2018. A cyber kill chain based taxonomy of banking trojans for evolutionary computational intelligence. J. Comput. Sci. 27 (2018), 394–409.

[53]

Saranga Komanduri. 2016. Modeling the Adversary to Evaluate Password Strength with Limited Samples. Ph.D. Dissertation. School of Computer Science, Carnegie Mellon University.

[54]

Venkata Koppula, Omkant Pandey, Yannis Rouselakis, and Brent Waters. 2016. Deterministic public-key encryption under continual leakage. In Proceedings of the International Conference on Applied Cryptography and Network Security. Springer, 304–323.

[55]

Sowndarya Krishnamoorthy, Luis Rueda, Sherif Saad, and Haytham Elmiligi. 2018. Identification of user behavioral biometrics for authentication using keystroke dynamics and machine learning. In Proceedings of the 2nd International Conference on Biometric Engineering and Applications. ACM, 50–57.

Digital Library

[56]

Alex Krizhevsky and Geoffrey Hinton. 2009. Learning Multiple Layers of Features from Tiny Images. Technical Report. Citeseer. University of Toronto.

[57]

Nicholas D. Lane, Emiliano Miluzzo, Hong Lu, Daniel Peebles, Tanzeem Choudhury, and Andrew T. Campbell. 2010. A survey of mobile phone sensing. IEEE Commun. Mag. 48, 9 (2010), 140–150.

Digital Library

[58]

Nicholas D. Lane, Ye Xu, Hong Lu, Shaohan Hu, Tanzeem Choudhury, Andrew T. Campbell, and Feng Zhao. 2011. Enabling large-scale human activity inference on smartphones using community similarity networks (CSN). In Proceedings of the 13th International Conference on Ubiquitous Computing. ACM, 355–364.

Digital Library

[59]

Erik Learned-Miller, Gary B. Huang, Aruni Roy Chowdhury, Haoxiang Li, and Gang Hua. 2016. Labeled faces in the wild: A survey. In Advances in Face Detection and Facial Image Analysis. Springer, New York, NY, 189–248.

[60]

Yann LeCun, Corinna Cortes, and Christopher J. C. Burges. 2011. The MNIST database of handwritten digits. Retrieved from http://yann.lecun.com/exdb/mnist/.

[61]

Mathias Lecuyer, Riley Spahn, Roxana Geambasu, Tzu-Kuo Huang, and Siddhartha Sen. 2017. Pyramid: Enhancing selectivity in big data protection with count featurization. In Proccedings of the IEEE Symposium on Security and Privacy (SP’17). IEEE, 78–95.

[62]

Ninghui Li, Wahbeh Qardaji, Dong Su, Yi Wu, and Weining Yang. 2013. Membership privacy: A unifying framework for privacy definitions. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM, 889–900.

Digital Library

[63]

Yue Li, Haining Wang, and Kun Sun. 2016. A study of personal information in human-chosen passwords and its security implications. In Proceedings of the 35th IEEE International Conference on Computer Communications (INFOCOM’16). IEEE, 1–9.

Digital Library

[64]

Guanjun Lin, Jun Zhang, Wei Luo, Lei Pan, Yang Xiang, Olivier De Vel, and Paul Montague. 2018. Cross-project transfer representation learning for vulnerable function discovery. IEEE Trans. Industr. Inform. 14, 7 (2018), 3289–3297.

[65]

Jessica Lin and Yuan Li. 2009. Finding structural similarity in time series data using bag-of-patterns representation. In Proceedings of the International Conference on Scientific and Statistical Database Management. Springer, 461–477.

Digital Library

[66]

Bo Liu, Ming Ding, Sina Shaham, Wenny Rahayu, Farhad Farokhi, and Zihuai Lin. 2021. When machine learning meets privacy: A survey and outlook. ACM Comput. Surv. 54, 2 (2021), 1–36.

Digital Library

[67]

Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B. Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA’16). IEEE, 406–418.

[68]

Liu Liu, Olivier De Vel, Qing-Long Han, Jun Zhang, and Yang Xiang. 2018. Detecting and preventing cyber insider threats: A survey. IEEE Commun. Surv. Tutor. 20, 2 (2018), 1397–1417.

[69]

Shigang Liu, Jun Zhang, Yang Xiang, and Wanlei Zhou. 2017. Fuzzy-based information decomposition for incomplete and imbalanced data learning. IEEE Trans. Fuzzy Syst. 25, 6 (2017), 1476–1490.

Digital Library

[70]

Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. 2015. When good becomes evil: Keystroke inference with smartwatch. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, 1273–1285.

Digital Library

[71]

Ziwei Liu, Ping Luo, Xiaogang Wang, and Xiaoou Tang. 2015. Deep learning face attributes in the wild. In Proceedings of the International Conference on Computer Vision (ICCV’15). IEEE, 3730–3738.

Digital Library

[72]

Daniel Lowd and Christopher Meek. 2005. Adversarial learning. In Proceedings of the 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining. ACM, 641–647.

Digital Library

[73]

Jerry Ma, Weining Yang, Min Luo, and Ninghui Li. 2014. A study of probabilistic password models. In Proceedings of the IEEE Symposium on Security and Privacy (SP’14). IEEE, 689–704.

Digital Library

[74]

Elsa Macias, Alvaro Suarez, and Jaime Lloret. 2013. Mobile sensing systems. Sensors 13, 12 (2013), 17292–17321.

[75]

Christopher D. Manning and Hinrich Schütze. 1999. Foundations of Statistical Natural Language Processing. The MIT Press, London, UK.

Digital Library

[76]

Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur. 2013. Measuring password guessability for an entire university. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM, 173–186.

Digital Library

[77]

H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS’17). PMLR, 1273–1282.

[78]

William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, 175–191.

[79]

Luca Melis, Congzheng Song, Emiliano De Cristofaro, and Vitaly Shmatikov. 2019. Exploiting unintended feature leakage in collaborative learning. In Proceedings of the IEEE Symposium on Security and Privacy (SP’19). IEEE, 1–16.

[80]

Microsoft. 2019. Azure machine learning studio. Retrieved from https://azure.microsoft.com/en-au/services/machine-learning-studio/.

[81]

Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. 2012. TapPrints: Your finger taps have fingerprints. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, 323–336.

Digital Library

[82]

Milad Nasr, Reza Shokri, and Amir Houmansadr. 2018. Machine learning with membership privacy using adversarial regularization. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, 634–646.

Digital Library

[83]

Hong-Wei Ng and Stefan Winkler. 2014. A data-driven approach to cleaning large face datasets. In Proceedings of the IEEE International Conference on Image Processing (ICIP’14). IEEE, 343–347.

[84]

Wale Ogunwale. 2016. Lockdown AM.getRunningAppProcesses API with permission.REAL_GET_TASKS. Retrieved from https://gitlab.tubit.tu-berlin.de/justus.beyer/streamagame_platform_frame works_base/commit/9dbaa54f6834e013a63f18bd51ace554de811d80.

[85]

Seong Joon Oh, Max Augustin, Bernt Schiele, and Mario Fritz. 2018. Towards reverse-engineering black-box neural networks. In Proceedings of the 6th International Conference on Learning Representations (ICLR’18). OpenReview.net, 1–20.

[86]

Nicolas Papernot, Martín Abadi, Ulfar Erlingsson, Ian Goodfellow, and Kunal Talwar. 2017. Semi-supervised knowledge transfer for deep learning from private training data. In Proceedings of the 5th International Conference on Learning Representations (ICLR’17). OpenReview.net, 1–16.

[87]

Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In Proceedings of the ACM on Asia Conference on Computer and Communications Security (AsiaCCS’17). ACM, 506–519.

Digital Library

[88]

Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, and Michael P. Wellman. 2018. SoK: Security and privacy in machine learning. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroSP’18). IEEE, 399–414.

[89]

Bong-Won Park and Kun Chang Lee. 2011. The effect of users’ characteristics and experiential factors on the compulsive usage of the smartphone. In Proceedings of the International Conference on Ubiquitous Computing and Multimedia Applications. Springer, 438–446.

[90]

Pranav Patel, Eamonn Keogh, Jessica Lin, and Stefano Lonardi. 2002. Mining motifs in massive time series databases. In Proceedings of the IEEE International Conference on Data Mining (ICDM’02). IEEE, 370–377.

Digital Library

[91]

L. Yu Paul, Gunjan Verma, and Brian M. Sadler. 2015. Wireless physical layer authentication via fingerprint embedding. IEEE Commun. Mag. 53, 6 (2015), 48–53.

Digital Library

[92]

Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, et al. 2011. Scikit-learn: Machine learning in Python. J. Mach. Learn. Res. 12, Oct. (2011), 2825–2830.

Digital Library

[93]

Himanshu Raj, Ripal Nathuji, Abhishek Singh, and Paul England. 2009. Resource management for isolation enhanced cloud services. In Proceedings of the ACM Workshop on Cloud Computing Security. ACM, 77–84.

Digital Library

[94]

Mauro Ribeiro, Katarina Grolinger, and Miriam A. M. Capretz. 2015. MLaaS: Machine learning as a service. In Proceedings of the IEEE 14th International Conference on Machine Learning and Applications (ICMLA’15). IEEE, 896–902.

[95]

Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz, and Michael Backes. 2019. ML-Leaks: Model and data independent membership inference attacks and defenses on machine learning models. In Proceedings of the 26th Network and Distributed System Security Symposium (NDSS’19). IEEE, 1–15.

[96]

Ferdinando S. Samaria and Andy C. Harter. 1994. Parameterisation of a stochastic model for human face identification. In Proceedings of the 2nd IEEE Workshop on Applications of Computer Vision. IEEE, 138–142.

[97]

Amazon ML Services. 2019. Amazon AWS Machine Learning. Retrieved from https://aws.amazon.com/machine-learning/.

[98]

Snehkumar Shahani, Jibi Abraham, and R. Venkateswaran. 2017. Distributed data aggregation with privacy preservation at endpoint. In Proceedings of the IEEE International Conference on Management of Data. IEEE, 1–9.

[99]

Richard Shay, Saranga Komanduri, Adam L. Durity, Phillip Seyoung Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2014. Can long passwords be secure and usable? In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2927–2936.

Digital Library

[100]

Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, 1310–1321.

Digital Library

[101]

Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models. In Proceedings of the IEEE Symposium on Security and Privacy (SP’17). IEEE, 3–18.

[102]

Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2017. 6thSense: A context-aware sensor-based attack detector for smart devices. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). USENIX Association, 397–414.

[103]

Tom W. Smith, Peter Marsden, Michael Hout, and Jibum Kim. 2012. The General Social Surveys. Technical Report. National Opinion Research Center at the University of Chicago.

[104]

Raphael Spreitzer, Felix Kirchengast, Daniel Gruss, and Stefan Mangard. 2018. ProcHarvester: Fully automated analysis of procfs side-channel leaks on Android. In Proceedings of the Asia Conference on Computer and Communications Security (AsiaCCS’18). ACM, 749–763.

Digital Library

[105]

Nedim Srndic and Pavel Laskov. 2014. Practical evasion of a learning-based classifier: A case study. In Proceedings of the IEEE Symposium on Security and Privacy (SP’14). IEEE, 197–211.

Digital Library

[106]

Johannes Stallkamp, Marc Schlipsing, Jan Salmen, and Christian Igel. 2012. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural Networks 32 (2012), 323–332.

Digital Library

[107]

Jingchao Sun, Xiaocong Jin, Yimin Chen, Jinxue Zhang, Yanchao Zhang, and Rui Zhang. 2016. VISIBLE: Video-assisted keystroke inference from tablet backside motion. In Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS’16). IEEE, 1–15.

[108]

Nan Sun, Jun Zhang, Paul Rimba, Shang Gao, Yang Xiang, and Leo Yu Zhang. 2019. Data-driven cybersecurity incident prediction: A survey. IEEE Commun. Surv. Tutor. 21, 2 (2019), 1744–1772.

[109]

Florian Tramèr, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2016. Stealing machine learning models via prediction APIs. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, 601–618.

Digital Library

[110]

UCIdataset. 2018. UCI Machine Learning Repository. Retrieved from https://archive.ics.uci.edu/ml/datasets.html.

[111]

Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, and Richard Shay. 2015. Measuring real-world accuracies and biases in modeling password guessability. In Proceedings of the 24th USENIX Security Symposium (USENIX Security’15). USENIX Association, 463–481.

Digital Library

[112]

Rafael Veras, Christopher Collins, and Julie Thorpe. 2014. On semantic patterns of passwords and their security impact. In Proceedings of the 21st Network and Distributed System Security Symposium (NDSS’14). IEEE, 1–16.

[113]

Ben Verhoeven and Walter Daelemans. 2014. CLiPS stylometry investigation (CSI) corpus: A Dutch corpus for the detection of age, gender, personality, sentiment and deception in text. In Proceedings of the 9th International Conference on Language Resources and Evaluation (LREC’14). European Languages Resources Association (ELRA), 3081–3085.

[114]

B. Wang and N. Z. Gong. 2018. Stealing hyperparameters in machine learning. In Proceedings of the IEEE Symposium on Security and Privacy (SP’18). IEEE, 36–52.

[115]

Ding Wang, Zijian Zhang, Ping Wang, Jeff Yan, and Xinyi Huang. 2016. Targeted online password guessing: An underestimated threat. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, 1242–1254.

Digital Library

[116]

Matt Weir, Sudhir Aggarwal, Breno De Medeiros, and Bill Glodek. 2009. Password cracking using probabilistic context-free grammars. In Proceedings of the IEEE Symposium on Security and Privacy (SP’09). IEEE, 391–405.

Digital Library

[117]

Pei-Yuan Wu, Chi-Chen Fang, Jien Morris Chang, and Sun-Yuan Kung. 2017. Cost-effective kernel ridge regression implementation for keystroke-based active authentication system. IEEE Trans. Cyber. 47, 11 (2017), 3916–3927.

[118]

Qiuyu Xiao, Michael K. Reiter, and Yinqian Zhang. 2015. Mitigating storage side channels using statistical privacy mechanisms. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, 1582–1594.

Digital Library

[119]

Zhi Xu, Kun Bai, and Sencun Zhu. 2012. TapLogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 113–124.

Digital Library

[120]

Tarun Yadav and Arvind Mallari Rao. 2015. Technical aspects of cyber kill chain. In Proceedings of the International Symposium on Security in Computing and Communication. Springer, 438–452.

[121]

Zheng Yan and Mingjun Wang. 2017. Protect pervasive social networking based on two-dimensional trust levels. IEEE Syst. J. 11, 1 (2017), 207–218.

[122]

Dingqi Yang, Daqing Zhang, and Bingqing Qu. 2016. Participatory cultural mapping based on collective behavior data in location-based social networks. ACM Trans. Intell. Syst. Technol. 7, 3 (2016), 30:1–30:23.

Digital Library

[123]

Yelp. 2014. Yelp Open Dataset. Retrieved from https://www.yelp.com/dataset.

[124]

Yan Yu, Jianhua Wang, and Guohui Zhou. 2010. The exploration in the education of professionals in applied internet of things engineering. In Proceedings of the 4th International Conference on Distance Learning and Education (ICDLE’10). IEEE, 74–77.

[125]

Manzil Zaheer, Satwik Kottur, Siamak Ravanbakhsh, Barnabas Poczos, Ruslan R. Salakhutdinov, and Alexander J. Smola. 2017. Deep sets. In Proceedings of the International Conference on Advances in Neural Information Processing Systems (NIPS’17). Curran Associates, Inc., 3391–3401.

[126]

Yong Zeng and Rui Zhang. 2016. Active eavesdropping via spoofing relay attack. In Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP’16). IEEE, 2159–2163.

Digital Library

[127]

Jun Zhang, Chao Chen, Yang Xiang, Wanlei Zhou, and Yong Xiang. 2013. Internet traffic classification by aggregating correlated naive Bayes predictions. IEEE Trans. Inf. Forens. Secur. 8, 1 (2013), 5–15.

Digital Library

[128]

Jun Zhang, Xiao Chen, Yang Xiang, Wanlei Zhou, and Jie Wu. 2015. Robust network traffic classification. IEEE/ACM Trans. Netw. 23, 4 (2015), 1257–1270.

Digital Library

[129]

Jun Zhang, Yang Xiang, Yu Wang, Wanlei Zhou, Yong Xiang, and Yong Guan. 2013. Network traffic classification using correlation information. IEEE Trans. Parallel Distrib. Syst. 24, 1 (2013), 104–117.

Digital Library

[130]

Ning Zhang, Manohar Paluri, Yaniv Taigman, Rob Fergus, and Lubomir Bourdev. 2015. Beyond frontal faces: Improving person recognition using multiple cues. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR’15). IEEE, 4804–4813.

[131]

Nan Zhang, Kan Yuan, Muhammad Naveed, Xiaoyong Zhou, and XiaoFeng Wang. 2015. Leave me alone: App-level protection against runtime information gathering on Android. In Proceedings of the IEEE Symposium on Security and Privacy (SP’15). IEEE, 915–930.

Digital Library

[132]

Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, and XiaoFeng Wang. 2018. OS-level side channels without procfs: Exploring cross-app information leakage on iOS. In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS’18). IEEE, 1–15.

[133]

Ziqiao Zhou, Michael K. Reiter, and Yinqian Zhang. 2016. A software approach to defeating side channels in last-level caches. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, 871–882.

Digital Library

Cited By

Prasad Raju N(2024)A Comprehensive Framework for Machine Learning-Based Threat Intelligence in Health Information SystemsInternational Journal of Research In Science & Engineering10.55529/ijrise.46.1.12(1-12)Online publication date: 10-Oct-2024
https://doi.org/10.55529/ijrise.46.1.12
Dhabliya DPandey PAgarwal VGobi NDhablia AKumar JGupta APramanik S(2024)Suggested Cyber-Security Strategy That Maximizes Automated Detection of Internet of Things Attacks Using Machine LearningMethodologies, Frameworks, and Applications of Machine Learning10.4018/979-8-3693-1062-5.ch010(187-200)Online publication date: 26-Apr-2024
https://doi.org/10.4018/979-8-3693-1062-5.ch010
Sun CWang BLeng JZhang XWang B(2024)SDAGCN: Sparse Directed Attention Graph Convolutional Network for Spatial Interaction in Pedestrian Trajectory PredictionIEEE Internet of Things Journal10.1109/JIOT.2024.340917411:24(39225-39235)Online publication date: 15-Dec-2024
https://doi.org/10.1109/JIOT.2024.3409174
Show More Cited By

Index Terms

Machine Learning–based Cyber Attacks Targeting on Controlled Information: A Survey
1. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain

In recent years, machine learning algorithms, and more specifically deep learning algorithms, have been widely used in many fields, including cyber security. However, machine learning systems are vulnerable to adversarial attacks, and this limits the ...
Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Adversarial attacks on machine learning-based cyber security systems: a survey of techniques and defences

Machine learning (ML) has been increasingly adopted in the field of cyber security to enhance the detection and prevention of cyber threats. However, recent studies have demonstrated that ML-based cyber security systems are vulnerable to adversarial ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 54, Issue 7

September 2022

778 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3476825

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 July 2021

Accepted: 01 April 2021

Revised: 01 April 2021

Received: 01 February 2019

Published in CSUR Volume 54, Issue 7

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

74
Total Citations
View Citations
1,567
Total Downloads

Downloads (Last 12 months)262
Downloads (Last 6 weeks)21

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Prasad Raju N(2024)A Comprehensive Framework for Machine Learning-Based Threat Intelligence in Health Information SystemsInternational Journal of Research In Science & Engineering10.55529/ijrise.46.1.12(1-12)Online publication date: 10-Oct-2024
https://doi.org/10.55529/ijrise.46.1.12
Dhabliya DPandey PAgarwal VGobi NDhablia AKumar JGupta APramanik S(2024)Suggested Cyber-Security Strategy That Maximizes Automated Detection of Internet of Things Attacks Using Machine LearningMethodologies, Frameworks, and Applications of Machine Learning10.4018/979-8-3693-1062-5.ch010(187-200)Online publication date: 26-Apr-2024
https://doi.org/10.4018/979-8-3693-1062-5.ch010
Sun CWang BLeng JZhang XWang B(2024)SDAGCN: Sparse Directed Attention Graph Convolutional Network for Spatial Interaction in Pedestrian Trajectory PredictionIEEE Internet of Things Journal10.1109/JIOT.2024.340917411:24(39225-39235)Online publication date: 15-Dec-2024
https://doi.org/10.1109/JIOT.2024.3409174
Li WYao YSheng CZhang NYang W(2024)ALOC: Attack-Aware by Utilizing the Adversarially Learned One-Class Classifier for SCADA SystemIEEE Internet of Things Journal10.1109/JIOT.2024.338443711:13(23444-23459)Online publication date: 1-Jul-2024
https://doi.org/10.1109/JIOT.2024.3384437
Qi MWang ZHan QZhang JChen SXiang Y(2024)Privacy Protection for Blockchain-Based Healthcare IoT Systems: A SurveyIEEE/CAA Journal of Automatica Sinica10.1109/JAS.2022.10605811:8(1757-1776)Online publication date: Aug-2024
https://doi.org/10.1109/JAS.2022.106058
Krishnaveni ABalamurugan S(2024)Phishing Attack Prediction using Several Machine Learning Techniques2024 4th International Conference on Sustainable Expert Systems (ICSES)10.1109/ICSES63445.2024.10763142(484-489)Online publication date: 15-Oct-2024
https://doi.org/10.1109/ICSES63445.2024.10763142
Mohammed AJha STabbassum AMalik V(2024)Assessing the Vulnerability of Machine Learning Models to Cyber Attacks and Developing Mitigation Strategies2024 International Conference on Intelligent Systems and Advanced Applications (ICISAA)10.1109/ICISAA62385.2024.10829091(1-5)Online publication date: 25-Oct-2024
https://doi.org/10.1109/ICISAA62385.2024.10829091
Kumar YMary Sowjanya A(2024)Ensemble Models for Cyber Attacks Detection on Multiple Datasets2024 International Conference on IoT Based Control Networks and Intelligent Systems (ICICNIS)10.1109/ICICNIS64247.2024.10823120(295-299)Online publication date: 17-Dec-2024
https://doi.org/10.1109/ICICNIS64247.2024.10823120
Adinarayana TUmamaheswararao SSri RPonnapalli SDornala R(2024)Enhancing Cyber-Physical System Security: A Novel Approach to Real-Time Cyber Attack Detection and Mitigation2024 8th International Conference on Electronics, Communication and Aerospace Technology (ICECA)10.1109/ICECA63461.2024.10800946(592-598)Online publication date: 6-Nov-2024
https://doi.org/10.1109/ICECA63461.2024.10800946
Penchalaiah NKumar AA CSaivaraju ABhoopathy VLamba A(2024)Advanced Detection of Cyber-Physical Attacks in Manufacturing Using LSTM-KNN2024 International Conference on Data Science and Network Security (ICDSNS)10.1109/ICDSNS62112.2024.10690961(1-7)Online publication date: 26-Jul-2024
https://doi.org/10.1109/ICDSNS62112.2024.10690961
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents