McFadden, Shae;
Kan, Zeliang;
Cavallaro, Lorenzo;
Pierazzi, Fabio;
(2023)
Poster: RPAL-Recovering Malware Classifiers from Data Poisoning using Active Learning.
In:
Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security.
(pp. pp. 3561-3563).
ACM: Copenhagen, Denmark.
Preview |
Text
ccs23-poster-mcfadden.pdf - Published Version Download (645kB) | Preview |
Abstract
Intuitively, poisoned machine learning (ML) models may forget their adversarial manipulation via retraining. However, can we quantify the time required for model recovery? From an adversarial perspective, is a small amount of poisoning sufficient to force the defender to retrain significantly more over time? This poster paper proposes RPAL, a new framework to answer these questions in the context of malware detection. To quantify recovery, we propose two new metrics: intercept, i.e., the first time in which the poisoned model's and vanilla model's performance intercept; recovery rate, i.e., the percentage of time after intercept that the poisoned model's performance is within a tolerance margin which approximates the vanilla model's performance. We conduct experiments on an Android malware dataset (2014 − 2016), with two feature abstractions based on Drebin and MaMaDroid, with uncertainty-sampling active learning (retraining), and label flipping (poisoning). We utilize the introduced parameter and metrics to demonstrate (i) how the active learning and poisoning rates impact recovery and (ii) that feature representation impacts recovery.
| Type: | Proceedings paper |
|---|---|
| Title: | Poster: RPAL-Recovering Malware Classifiers from Data Poisoning using Active Learning |
| Event: | CCS '23: ACM SIGSAC Conference on Computer and Communications Security |
| Location: | DENMARK, Copenhagen |
| Dates: | 26 Nov 2023 - 30 Nov 2023 |
| ISBN-13: | 9798400700507 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1145/3576915.3624391 |
| Publisher version: | http://dx.doi.org/10.1145/3576915.3624391 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. |
| Keywords: | Science & Technology, Technology, Computer Science, Artificial Intelligence, Computer Science, Interdisciplinary Applications, Telecommunications, Computer Science, supervised learning, malware detection, poisoning, active learning |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery-pp.ucl.ac.uk/id/eprint/10192709 |
Archive Staff Only
 |
View Item |
