Machine learning for security and security for machine learning

• Main Author: Zizzo, Giulio
• Format: Dissertation
• Language: English
• Published: Imperial College London 2021
• DOI: 10.25560/92407

In this thesis we analyse test time adversarial examples for machine learning in security domains. First, we consider adversarial examples for autoregressive machine learning models employed for intrusion detection. We consider industrial control systems (ICS) as a use case, and develop attack algorithms which can successfully overcome the domain specific challenges found in ICS. We test our attack on a ICS dataset and demonstrate that an adversary can evade state of the art intrusion detection systems. Secondly, we analyse threats posed in federated learning which offer adversaries new ways to subvert defensive algorithms. Specifically, we are interested in the interaction of adversarial training with federated learning. To that end, we examine adversarial training when under convergence attacks, and when subject to a novel attack objective which stealthily produces a brittle version of adversarial training. We perform initial validation on benchmark image datasets, and then consider malware detection as a security domain in which there is strong motivation to use federated learning. For our final contribution, we switch to the defender's perspective and develop an algorithm called Deep Latent Defence. Our algorithm analyses the intermediate representation of data as it travels through a neural network. We show this offers strong defensive performance even against adaptive adversaries.