On the Robustness of Domain Constraints

Ryan Sheatsley; Blaine Hoak; Eric Pauley; Yohan Beugin; Michael J. Weisman; Patrick McDaniel

doi:10.1145/3460120.3484570

On the Robustness of Domain Constraints

Ryan Sheatsley, Blaine Hoak, Eric Pauley, Yohan Beugin, Michael J. Weisman, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

Machine learning is vulnerable to adversarial examples - inputs designed to cause models to perform poorly. However, it is unclear if adversarial examples represent realistic inputs in the modeled domains. Diverse domains such as networks and phishing have domain constraints - complex relationships between features that an adversary must satisfy for an attack to be realized (in addition to any adversary-specific goals). In this paper, we explore how domain constraints limit adversarial capabilities and how adversaries can adapt their strategies to create realistic (constraint-compliant) examples. In this, we develop techniques to learn domain constraints from data, and show how the learned constraints can be integrated into the adversarial crafting process. We evaluate the efficacy of our approach in network intrusion and phishing datasets and find: (1) up to 82% of adversarial examples produced by state-of-the-art crafting algorithms violate domain constraints, (2) domain constraints are robust to adversarial examples; enforcing constraints yields an increase in model accuracy by up to 34%. We observe not only that adversaries must alter inputs to satisfy domain constraints, but that these constraints make the generation of valid adversarial examples far more challenging.

Original language	English (US)
Title of host publication	CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	495-515
Number of pages	21
ISBN (Electronic)	9781450384544
DOIs	https://doi.org/10.1145/3460120.3484570
State	Published - Nov 12 2021
Event	27th ACM Annual Conference on Computer and Communication Security, CCS 2021 - Virtual, Online, Korea, Republic of Duration: Nov 15 2021 → Nov 19 2021

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	27th ACM Annual Conference on Computer and Communication Security, CCS 2021
Country/Territory	Korea, Republic of
City	Virtual, Online
Period	11/15/21 → 11/19/21

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications

Access to Document

10.1145/3460120.3484570

Cite this

Sheatsley, R., Hoak, B., Pauley, E., Beugin, Y., Weisman, M. J., & McDaniel, P. (2021). On the Robustness of Domain Constraints. In CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (pp. 495-515). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3460120.3484570

@inproceedings{734fb6441e2d46b9816047fcca4fdb32,

title = "On the Robustness of Domain Constraints",

abstract = "Machine learning is vulnerable to adversarial examples - inputs designed to cause models to perform poorly. However, it is unclear if adversarial examples represent realistic inputs in the modeled domains. Diverse domains such as networks and phishing have domain constraints - complex relationships between features that an adversary must satisfy for an attack to be realized (in addition to any adversary-specific goals). In this paper, we explore how domain constraints limit adversarial capabilities and how adversaries can adapt their strategies to create realistic (constraint-compliant) examples. In this, we develop techniques to learn domain constraints from data, and show how the learned constraints can be integrated into the adversarial crafting process. We evaluate the efficacy of our approach in network intrusion and phishing datasets and find: (1) up to 82% of adversarial examples produced by state-of-the-art crafting algorithms violate domain constraints, (2) domain constraints are robust to adversarial examples; enforcing constraints yields an increase in model accuracy by up to 34%. We observe not only that adversaries must alter inputs to satisfy domain constraints, but that these constraints make the generation of valid adversarial examples far more challenging.",

author = "Ryan Sheatsley and Blaine Hoak and Eric Pauley and Yohan Beugin and Weisman, {Michael J.} and Patrick McDaniel",

note = "Funding Information: The authors would like to warmly thank the reviewers for their insightful feedback and Quinn Burke for his feedback on versions of this paper. This research was sponsored by the Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes not withstanding any copyright notation here on. This material is based upon work supported by the National Science Foundation under Grant No. CNS-1805310. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. Publisher Copyright: {\textcopyright} 2021 ACM.; 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 ; Conference date: 15-11-2021 Through 19-11-2021",

year = "2021",

month = nov,

day = "12",

doi = "10.1145/3460120.3484570",

language = "English (US)",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "495--515",

booktitle = "CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security",

}

Sheatsley, R, Hoak, B, Pauley, E, Beugin, Y, Weisman, MJ & McDaniel, P 2021, On the Robustness of Domain Constraints. in CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 495-515, 27th ACM Annual Conference on Computer and Communication Security, CCS 2021, Virtual, Online, Korea, Republic of, 11/15/21. https://doi.org/10.1145/3460120.3484570

On the Robustness of Domain Constraints. / Sheatsley, Ryan; Hoak, Blaine; Pauley, Eric et al.

CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2021. p. 495-515 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - On the Robustness of Domain Constraints

AU - Sheatsley, Ryan

AU - Hoak, Blaine

AU - Pauley, Eric

AU - Beugin, Yohan

AU - Weisman, Michael J.

AU - McDaniel, Patrick

N1 - Funding Information: The authors would like to warmly thank the reviewers for their insightful feedback and Quinn Burke for his feedback on versions of this paper. This research was sponsored by the Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes not withstanding any copyright notation here on. This material is based upon work supported by the National Science Foundation under Grant No. CNS-1805310. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation. Publisher Copyright: © 2021 ACM.

PY - 2021/11/12

Y1 - 2021/11/12

N2 - Machine learning is vulnerable to adversarial examples - inputs designed to cause models to perform poorly. However, it is unclear if adversarial examples represent realistic inputs in the modeled domains. Diverse domains such as networks and phishing have domain constraints - complex relationships between features that an adversary must satisfy for an attack to be realized (in addition to any adversary-specific goals). In this paper, we explore how domain constraints limit adversarial capabilities and how adversaries can adapt their strategies to create realistic (constraint-compliant) examples. In this, we develop techniques to learn domain constraints from data, and show how the learned constraints can be integrated into the adversarial crafting process. We evaluate the efficacy of our approach in network intrusion and phishing datasets and find: (1) up to 82% of adversarial examples produced by state-of-the-art crafting algorithms violate domain constraints, (2) domain constraints are robust to adversarial examples; enforcing constraints yields an increase in model accuracy by up to 34%. We observe not only that adversaries must alter inputs to satisfy domain constraints, but that these constraints make the generation of valid adversarial examples far more challenging.

AB - Machine learning is vulnerable to adversarial examples - inputs designed to cause models to perform poorly. However, it is unclear if adversarial examples represent realistic inputs in the modeled domains. Diverse domains such as networks and phishing have domain constraints - complex relationships between features that an adversary must satisfy for an attack to be realized (in addition to any adversary-specific goals). In this paper, we explore how domain constraints limit adversarial capabilities and how adversaries can adapt their strategies to create realistic (constraint-compliant) examples. In this, we develop techniques to learn domain constraints from data, and show how the learned constraints can be integrated into the adversarial crafting process. We evaluate the efficacy of our approach in network intrusion and phishing datasets and find: (1) up to 82% of adversarial examples produced by state-of-the-art crafting algorithms violate domain constraints, (2) domain constraints are robust to adversarial examples; enforcing constraints yields an increase in model accuracy by up to 34%. We observe not only that adversaries must alter inputs to satisfy domain constraints, but that these constraints make the generation of valid adversarial examples far more challenging.

UR - http://www.scopus.com/inward/record.url?scp=85119337709&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85119337709&partnerID=8YFLogxK

U2 - 10.1145/3460120.3484570

DO - 10.1145/3460120.3484570

M3 - Conference contribution

AN - SCOPUS:85119337709

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 495

EP - 515

BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021

Y2 - 15 November 2021 through 19 November 2021

ER -

On the Robustness of Domain Constraints

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this