Deep learning takes advantage of large datasets and computationally efficient training algorithms to outperform other approaches at various machine tasks. However, imperfections in the phase deep neural networks make them vulnerable adversarial samples: inputs crafted by adversaries with intent causing misclassify. In this work, we formalize space against (DNNs) introduce a novel class craft samples based on precise understanding mapping between outputs DNNs. an application computer vision,...

Machine learning (ML) models, e.g., deep neural networks (DNNs), are vulnerable to adversarial examples: malicious inputs modified yield erroneous model outputs, while appearing unmodified human observers. Potential attacks include having content like malware identified as legitimate or controlling vehicle behavior. Yet, all existing example require knowledge of either the internals its training data. We introduce first practical demonstration an attacker a remotely hosted DNN with no such...

Broadly defined as the Internet of Things (IoT), growth commodity devices that integrate physical processes with digital connectivity has changed way we live, play, and work.To date, traditional approach to securing IoT treated individually.However, in practice, it been recently shown interactions among are often real cause safety security violations.In this paper, present IOTGUARD, a dynamic, policy-based enforcement system for IoT, which protects users from unsafe insecure device states by...

Broadly defined as the Internet of Things (IoT), growth commodity devices that integrate physical processes with digital systems have changed way we live, play and work. Yet existing IoT platforms cannot evaluate whether an app or environment is safe, secure, operates correctly. In this paper, present Soteria, a static analysis system for validating (collection apps working in concert) adheres to identified safety, security, functional properties. Soteria three phases; (a) translation...

Recent advances in machine learning have led to innovative applications and services that use computational structures reason about complex phenomenon. Over the past several years, security machine-learning communities developed novel techniques for constructing adversarial samples--malicious inputs crafted mislead (and therefore corrupt integrity of) systems built on computationally learned models. The authors consider underlying causes of samples future countermeasures might mitigate them.

Broadly defined as the Internet of Things (IoT), growth commodity devices that integrate physical processes with digital connectivity has had profound effects on society--smart homes, personal monitoring devices, enhanced manufacturing and other IoT apps have changed way we live, play, work. Yet extant platforms provide few means evaluating use (and potential avenues for misuse) sensitive information. Thus, consumers organizations little information to assess security privacy risks these...

EXplainable AI (XAI) methods have been proposed to interpret how a deep neural network predicts inputs through model saliency explanations that highlight the input parts deemed important arrive at decision for specific target. However, it remains challenging quantify correctness of their interpretability as current evaluation approaches either require subjective from humans or incur high computation cost with automated evaluation. In this paper, we propose backdoor trigger patterns--hidden...

Users seek security & privacy (S&P) advice from online resources, including trusted websites and content-sharing platforms. These resources help users understand S&P technologies tools suggest actionable strategies. Large Language Models (LLMs) have recently emerged as information sources. However, their accuracy correctness been called into question. Prior research has outlined the shortcomings of LLMs in answering multiple-choice questions user ability to inadvertently circumvent model...

In a smart home system, multiple users have access to devices, typically through dedicated app installed on mobile device. Traditional control mechanisms consider one unique trusted user that controls the devices. However, multi-user multi-device settings pose fundamentally different challenges traditional single-user systems. For instance, in environment, conflicting, complex, and dynamically changing demands which cannot be handled by techniques. To address these challenges, this paper, we...

Abstract Abstract: Users trust IoT apps to control and automate their smart devices. These necessarily have access sensitive data implement functionality. However, users lack visibility into how is used, often blindly the app developers. In this paper, we present IoTWATcH, a dynamic analysis tool that uncovers privacy risks of in real-time. We designed built IoTWATcH through comprehensive survey addressing needs users. IoTWATCH operates four phases: (a) it provides with an interface specify...

Multiple users have access to multiple devices in a smart home system – typically through dedicated app installed on mobile device. Traditional control mechanisms consider one unique, trusted user that controls the devices. However, multi-user multi-device settings pose fundamentally different challenges traditional single-user systems. For instance, environment, conflicting, complex, and dynamically-changing demands cannot be handled by techniques. Moreover, from platforms/vendors can share...

This paper presents a framework for evaluating the transport layer feature space of malware heartbeat traffic. We utilize these features in prototype detection system to distinguish traffic from generated by legitimate applications. In contrast previous work, we eliminate at risk producing overly optimistic results, detect previously unobserved anomalous behavior, and rely only on tamper-resistant making it difficult sophisticated avoid detection. Further, characterize evolution evasion...

Concerns about safety and security have led to questions the risk of embracing Internet Things (IoT). We consider needs techniques for verifying correct operation IoT devices environments within physical spaces they inhabit.

improperly allowed them to activate the anti-stall system [17].Unfortunately, previous fuzzing approaches cannot discover this type of violations for following two reasons.First, they do not consider entire input space RV's control software, including user commands, configuration parameters, and environmental factors.Second, only focus on finding memory corruption bugs or stability issues.Therefore, detect safety policy violations, e.g., a drone is deploying parachute at too-low altitude.We...

In smart homes, when an actuator's state changes, it sends event notification to the IoT hub report this change (e.g., door is unlocked).Prior works have shown that notifications are vulnerable spoofing and masking attacks.In spoofing, adversary reports a fake did not physically occur.In masking, suppresses of occurred.These attacks create inconsistencies between physical cyber states actuators, enabling indirectly gain control over safety-critical devices by triggering apps.To mitigate...

EXplainable AI (XAI) methods have been proposed to interpret how a deep neural network predicts inputs through model saliency explanations that highlight the parts of deemed important arrive decision at specific target. However, it remains challenging quantify correctness their interpretability as current evaluation approaches either require subjective input from humans or incur high computation cost with automated evaluation. In this paper, we propose backdoor trigger patterns--hidden...