Security and Artificial Intelligence: A Crossdisciplinary Approach

Preface
Organization
Contents
AI for Cryptography
Artificial Intelligence for the Design of Symmetric Cryptographic Primitives
1 Introduction
2 Background
2.1 Cryptography
2.2 Heuristic Optimization Algorithms
2.3 Cellular Automata
3 Boolean Functions
3.1 Background
3.2 Survey of Related Works
4 S-Boxes
4.1 Background
4.2 Survey of Related Works
5 Pseudorandom Number Generators
5.1 Background
5.2 Survey of Related Works
6 Conclusions and New Directions
References
Traditional Machine Learning Methods for Side-Channel Analysis
1 Introduction
2 Side-Channel Analysis
2.1 Types of Side-Channel Analysis
2.2 Information-Theoretic Models
3 Historical Overview of the Machine Learning Research for SCA
4 Data Preprocessing for SCA
4.1 Data Augmentation and Dimensionality Reduction Techniques
4.2 Feature Selection Methods
5 Supervised Learning Methods for SCA
5.1 Naive Bayes
5.2 Random Forests
5.3 Support Vector Machines
5.4 Multilayer Perceptron
5.5 Hierarchical Classification
5.6 Template Attack vs Traditional Machine Learning
6 Other Learning Methods for SCA
6.1 Unsupervised Learning
6.2 Semi-supervised Learning
7 Evaluation of ML Models in SCA
8 Conclusion
References
Deep Learning on Side-Channel Analysis
1 Introduction
2 Background
2.1 Notations
2.2 Profiled SCA and Deep Learning
3 Recent Results in Deep Learning-Based Profiled Side-Channel Attacks
3.1 From Machine Learning to Deep Learning in SCA
3.2 Deep Learning Techniques in SCA
4 Advantages of Deep Learning for Profiled Side-Channel Analysis
4.1 Side-Channel Analysis Without Preprocessing
4.2 Bypassing Desynchronization
4.3 Deep Neural Networks Can Learn Second-Order Leakages
4.4 Take Advantage of the Domain Knowledge
4.5 Visualization Techniques to Identify Input Leakage
5 Metrics for Deep Learning-Based Profiled SCA
6 Tuning Neural Network Hyper-Parameters for SCA
7 Different Applications of Deep Learning to Side Channel Analysis
8 Conclusions and Perspectives
References
Artificial Neural Networks and Fault Injection Attacks
1 Introduction
2 Assets and Threat Models
2.1 Attack Scenarios
2.2 AI Assets vs Cryptographic Assets
3 Faults in Neural Network
4 AI/Neural Network Accelerators
4.1 GPUs
4.2 FPGAs
4.3 Custom AI/Neural Network Accelerators
5 Fault Injection Attacks on AI Accelerators
5.1 Traditional Fault Attack
5.2 Remote Fault Attacks
6 Conclusion
References
Physically Unclonable Functions and AI
1 Introduction
2 Background on PUFs
3 Attacks Against PUFs: Physical vs. Non-physical
4 AI-Enabled Attacks
4.1 Machine Learning Attacks
5 Mathematical Modeling
6 Resiliency Against ML Attacks
6.1 How to Prove the Security of a PUF Against ML Attacks
6.2 Metrics for Evaluating the Security of a PUF Against ML Attacks
7 AI-Enabled Design of PUFs
8 Conclusion
References
AI for Authentication and Privacy
Privacy-Preserving Machine Learning Using Cryptography
1 Introduction
2 Cryptographic Protocols and Primitives
2.1 Secure Multi-Party Computation (MPC)
2.2 Fully Homomorphic Encryption (FHE)
3 Security Models
3.1 MPC
3.2 FHE
4 Settings
4.1 MPC
4.2 FHE
5 Difficulties and Proposed Solutions
6 State-of-the-Art
6.1 MPC Training Algorithms
6.2 MPC Classification
6.3 HE Training Algorithms
6.4 HE Deep Learning Classification
7 Limitations
8 Conclusion
References
Machine Learning Meets Data Modification
1 Introduction
1.1 Risks and Opportunities of Machine Learning
1.2 Scope and Outline
2 Scenarios and Requirements
2.1 Scenario 1: User Data Sharing
2.2 Scenario 2: Data Set sharing
3 Threat Model
3.1 Scenario 1 Threat Model
3.2 Scenario 2 Threat Model
3.3 Privacy Threats in the Context of ML
3.4 Privacy Threats in the Context of Data Sharing
4 Overview of Data Modification Techniques
4.1 Non-perturbative Techniques
4.2 Pertubative Techniques
4.3 Synthetic Data Generation
5 Summary and Future Directions
5.1 New Types of Data
5.2 Privacy and Fairness
5.3 Interdisciplinarity
References
AI for Biometric Authentication Systems
1 Introduction
2 Biometric System
2.1 System Design
2.2 ML-Enabled Biometric Authentication
2.3 Attack Surface
2.4 Evaluation Metrics
3 Biometric Feature Extraction
3.1 Sensors
3.2 Pre-processing
3.3 Feature Extraction
3.4 Attacks and Defenses
4 Biometric DB
4.1 Template Enrollment
4.2 Template Matching
4.3 Attacks and Defenses
5 Comparison Functions
5.1 Distance Functions
5.2 Learned Functions
5.3 Attacks and Defenses
6 Summary
6.1 Biometric Authentication as an Open Set Problem
6.2 Threats Linked to New Factors and Deep Learning
6.3 Future Directions
References
Machine Learning and Deep Learning for Hardware Fingerprinting
1 Introduction
2 Background
3 Use Cases
3.1 Reconnaissance
3.2 Authentication
3.3 Attacks to Privacy
3.4 Indoor Positioning Systems
3.5 Forensic Device Identification
4 Domains of Use of ML and DL for HW Fingerprinting
4.1 Radio Fingerprinting
4.2 Bus Fingerprinting
4.3 Data Fingerprinting
5 Challenges
6 Summary
References
AI for Intrusion Detection
Intelligent Malware Defenses
1 Introduction
2 Malware Characterization
2.1 Platform-Specific Malware and Defenses
2.2 Feature Sources
2.3 Feature Engineering Modes
2.4 Feature Representation
3 Malware Detection
3.1 Statistical Approaches
3.2 Graph-Mining Approaches
3.3 Image Visualization Approaches
3.4 Sequence Learning Approaches
3.5 Performance Optimizations
3.6 Trend
4 Additional Research Directions
4.1 Malware Analysis
4.2 Adversarial Malware
4.3 Malware Author Attribution
5 Challenges in ML-Applied Malware Defenses
6 Open Problems in ML-Based Malware Defenses
7 Summary
References
Open-World Network Intrusion Detection
1 Introduction
2 Network Intrusion Detection
2.1 Network Threats
2.2 Network Traffic Monitoring
3 A Data Analysis Approach
3.1 Machine Learning for NIDS
3.2 Anomaly Detection for Open-World NIDS
4 Challenges and Advances in Open-World NIDS Research
4.1 Original Premise of Anomaly Detection
4.2 High Error Rates and Performance Estimation
4.3 Representative Datasets and Ground Truth
4.4 Concept Drift
4.5 Real-Time Detection
4.6 Adversarial Robustness
5 Conclusion
References
Security of AI
Adversarial Machine Learning
1 Introduction
2 Background
2.1 Related Work
3 Threat Modeling and Taxonomy of Adversarial Machine Learning
3.1 Attacks
3.2 Defenses
4 White-Box Attacks
4.1 Train Time White-Box Attacks
4.2 Test Time White-Box Attacks
5 Black-Box Attacks
5.1 Score-Based Attacks
5.2 Transfer-Based Attacks
5.3 Decision-Based Attacks
6 Defenses
6.1 On the Evaluation of Adversarial Defenses
7 Domains of Adversarial Machine Learning
7.1 Malware Detection
7.2 Authentication
7.3 CAPTCHAs
7.4 Computer Vision
7.5 Speech Recognition
7.6 Reinforcement Learning
7.7 Other Domains
8 Conclusions
References
Deep Learning Backdoors
1 Introduction to Backdoors in Deep Neural Networks
2 Backdoor Attacks
2.1 Threat Model
2.2 White-Box Setting
2.3 Grey-Box Setting
2.4 Black-Box Setting
2.5 Trigger Stealthiness
2.6 Application Areas
3 Detecting and Defending Backdoors
3.1 Pre-deployment Techniques
3.2 Post-deployment Techniques
4 Applications of Backdoors
4.1 Watermarking
4.2 Adversarial Example Detection
4.3 Open Problems
References
On Implementation-Level Security of Edge-Based Machine Learning Models
1 Introduction
1.1 Machine Learning for Edge Devices
1.2 Attacks on Machine Learning
2 Overview Side Channel Threats to Machine Learning
2.1 State-of-the-Art
2.2 Countermeasures
3 Overview of Fault Injection Threats to Machine Learning
3.1 Background
3.2 State-of-the-Art
3.3 Countermeasures
4 Conclusion
5 Open Research Problems
References
Author Index