恶意软件分析中的对抗性攻击综述_ASurveyonAdversarialAttacksforMalwareAnal资源-CSDN文库

版权申诉

176 浏览量 2022-01-26 07:13:51 上传评论收藏 4.51MB PDF 举报

恶意软件分析是网络安全领域的重要组成部分，它依赖于先进的机器学习（Machine Learning, ML）和人工智能（Artificial Intelligence, AI）技术来识别和分类不断演变的威胁。然而，随着对抗性攻击（Adversarial Attacks）的出现，这些智能系统的安全性和有效性受到了挑战。本文将对针对恶意软件分析的对抗性攻击进行综合概述，探讨这些攻击如何影响ML模型，并讨论如何增强系统的鲁棒性以抵御此类攻击。对抗性攻击是针对ML和AI模型的一种策略，攻击者通过在训练或测试数据中添加微小的、难以察觉的扰动，来最大化模型的分类错误。在恶意软件分析中，这些微小的修改可能使原本有效的检测算法失效，从而使恶意软件逃避检测。例如，攻击者可能在恶意代码中插入少量无害的字节，这些看似无关的变化足以欺骗基于ML的分类器，导致它们无法正确识别恶意软件。对抗性攻击在恶意软件分析中的具体表现形式包括但不限于以下几种： 1. **对抗性样本构造**：攻击者构建特殊的恶意软件样本，这些样本在特征空间中与正常软件或已知恶意软件极为接近，但能成功绕过检测系统。这些样本通常被称为“对抗性样本”。 2. **对抗性训练**：攻击者通过了解和利用ML模型的弱点，设计特定的训练数据集，使模型在学习过程中产生偏差，从而降低其在实际应用中的性能。 3. **模型窃取**：攻击者通过逆向工程手段获取模型的内部工作原理，然后创建一个类似的新模型，该模型可以产生对抗性样本，以误导原始模型的决策。 4. **黑盒攻击**：在这种情况下，攻击者没有模型的内部信息，但他们通过大量输入测试和观察输出结果来找出模型的脆弱点。为了应对这些威胁，研究人员正在探索各种防御策略，包括： 1. **增强模型的鲁棒性**：通过对模型进行对抗性训练，使其能够识别并抵抗带有对抗性扰动的样本，提高模型的泛化能力。 2. **使用更健壮的特征表示**：开发能够更好地抵御扰动的特征提取方法，减少对抗性攻击的影响。 3. **检测和修复机制**：设计算法来检测输入数据中的异常或异常行为，一旦发现潜在的对抗性攻击，立即采取措施修复或调整模型。 4. **多模型融合**：结合多个模型的预测结果，通过集成学习提高整体的稳定性和抗攻击性。 5. **零知识防御**：在不依赖模型内部信息的情况下，利用统计学或数据驱动的方法来检测和防止对抗性攻击。 6. **透明度和可解释性**：通过提高模型的可解释性，帮助分析人员理解模型决策过程，以便更容易发现和修复潜在问题。对抗性攻击对基于机器学习的恶意软件分析构成了严重威胁，但同时也推动了安全领域的研究发展，促进了更强大、更智能的防御机制的诞生。未来的研究将继续深入探索对抗性攻击的原理，以及如何构建更加安全、稳健的自动化恶意软件分析系统。

资源推荐

资源详情

资源评论

A Survey on Adversarial Attacks

for Malware Analysis

Kshitiz Aryal, Maanak Gupta, Member, IEEE, and Mahmoud Abdelsalam, Member, IEEE

Abstract—The last decade has experienced an exponential growth in research and adoption of Machine Learning (ML) and Artiﬁcial

Intelligence (AI), and its application in different use-cases. Traditional machine learning algorithms have evolved into data intensive deep

learning architectures, which have fostered cutting edge and unprecedented technological advancements revolutionizing today’s world.

The capability of these ML algorithms to uncover knowledge and patterns from semi- or unstructured data to support automation in

decision making has led to the revamping of domains such as medicine, e-commerce, autonomous cars, and cybersecurity. The growth

and adoption of machine learning solutions have been lately slowed down with the advent of adversarial attacks. Adversaries are able

to modify data at training and testing time, maximizing the classiﬁcation error of the ML models. Minor intentional perturbations in test

samples are crafted by the adversaries to exploit the discovered blind spots in trained models. The increased data dependency of these

algorithms have offered a way for high incentives to disguise ML models. In order to survive against possible catastrophic implications,

continuous research is required to ﬁnd vulnerabilities in form of adversarial and design resilient autonomous systems.

Machine learning-based malware analysis approaches are widely researched and deployed in critical infrastructures for detecting

and classifying evasive and growing malware threats. However, minor perturbations or few ineffectual bytes insertion can easily ’fool’

these trained ML classiﬁers, essentially making them ineffective against these crafted and smart malicious software. This survey aims

at providing an encyclopedic introduction to adversarial evasion attacks that are carried out speciﬁcally against malware detection and

classiﬁcation systems. Since most of the research in the adversarial malware domain is new and has been performed in the last couple

of years, our survey will cover the relevant literature published on the malware adversarial evasion attacks between the year 2013 to

2021. The paper will begin by introducing various machine learning techniques used to generate adversarial in malware analysis and

explaining the structures of target ﬁles. The survey will model the threat posed by adversaries followed by brief descriptions of widely

used adversarial algorithms. We will also provide a taxonomy of adversarial evasion attacks with respect to the attack domains and

adversarial generation techniques that are widely used in malware detection and classiﬁcation. Adversarial evasion attacks carried out

against malware detectors will be discussed under each taxonomical headings and compared with related literature. The survey will

conclude by highlighting the open problems, challenges and future research directions.

Index Terms—Adversarial Evasion attack, Adversary Modeling, Data Poisoning, Malware Analysis, Machine Learning, Deep Learning,

Security, Windows Malware, Android Malware, PDF Malware

1 INTRODUCTION

ACHINE Learning has revolutionized the modern

world due to its ubiquity and generalization power

over the humongous volume of data. With Zettabytes of

data hovering around the cloud [1], modern technology’s

power resides in extracting knowledge from these un-

structured raw data. Machine learning (ML) has provided

the unprecedented power to automate the decision-making

process, outperforming humans by far margin. ML has

powered more robust and representative feature set in com-

parison to hand-crafted features. Transformation of ML ap-

proaches from classical algorithms to modern deep learning

technologies are providing the major breakthroughs in state-

of-art research problems. Further, deep learning (DL) has

excelled in areas where traditional ML approaches were

• Kshitiz Aryal is a Doctoral student in the Department of Computer

Science, Tennessee Tech University, Cookeville, TN, 38501, USA.

E-mail: karyal42@tntech.edu

• Maanak Gupta is an Assistant Professor in the Department of Computer

Science, Tennessee Tech University, Cookeville, TN, 38501, USA.

E-mail: mgupta@tntech.edu

• Mahmoud Abdelsalam is an Assistant Professor in the Department of

Computer Science, North Carolina A&T State University, NC, USA.

E-mail: mabdelsalam1@ncat.edu

infeasible (or unsuccessful) to apply. The evolving deep

learning techniques have furnished the ﬁelds of natural

language processing [2], [3], [4], image classiﬁcation [5],

[6], [7], [8], autonomous driving [9], [10], [11], [12], neuro

science [13], [14], [15], [16] and many other wide range of do-

mains. Society is experiencing high-end amazing products

like Apple Siri

, Amazon Alexa

and Microsoft Cortana

due to recent advances in machine learning and artiﬁcial

intelligence (AI). Needless to say that machine learning has

started shaping our daily life habits; connecting to people on

social media, ordering food and groceries from online stores,

listening to music on Spotify

, watching movies on Netﬂix

reading online news and books, are all examples of systems

built around the recommendation engines powered by deep

learning based models. Machine learning based solutions

not only control our lifestyle but it has also revolution-

ized cyber security critical operations in different domains

including malware analysis [17], [18], [19], [20], [21], [22],

spam ﬁltering [23], [24], [25], [26], fraud detection [27], [28],

1. https://www.apple.com/siri/

2. https://alexa.amazon.com/

3. https://www.microsoft.com/en-us/cortana

4. https://www.spotify.com/us/

5. https://www.netﬂix.com/

arXiv:2111.08223v2 [cs.CR] 5 Jan 2022

Adversary

Classification

Threshold

Test Sample

Class A Class B

Fig. 1: Evasion attack drags test sample from class A to B.

[29], [30], medical analysis [31], [32], [33], [34], [35], access

control [36], [37], [38], [39], among others.

Malware analysis is one of the most critical ﬁelds where

ML is being signiﬁcantly employed. Traditional malware

detection approaches [40], [41], [42], [43], [44] rely on sig-

natures where unique identiﬁers of malware ﬁles are main-

tained in a database and are compared to extracted signa-

tures from newly encountered suspicious ﬁles. However,

several techniques are used to rapidly evolve the malware

to avoid detection (more details in Section 4). With secu-

rity researchers looking for detection techniques addressing

such sophisticated zero-day and evasive malware, ML based

approaches came to their rescue [45]. Most of the modern

anti-malware engines, such as Windows Defender

, Avast

Deep Instinct D-Client

and Cylance Smart Antivirus

, are

against emerging variants and polymorphic malware [47].

As per some estimates [48], around 12.3 billion devices

are connected worldwide and spread of malware in this

scale can result in catastrophic consequences. As such, it is

evident that economies worth billions of dollars are directly

or indirectly relying on machine learning’s performance and

growth to be protect from this rapidly evolving menace

of malware. Despite the existence of numerous malware

detection approaches, including ones that leverage ML,

recent ransomware attacks, like the Colonial Pipeline attack

where operators had to pay around $5 million for recov-

ering 5,500-mile long pipeline [49], the MediaMarkt attack

worth around $50M bitcoin payment [50] and the computer

giant Acer attack [51], highlight the vulnerabilities and

limitations of current security approaches, and necessitates

more robust, real-time, adaptable and autonomous defense

mechanisms powered by AI and ML.

The performance of ML models relies on the basic as-

sumption that training and testing are carried out under

similar settings and that samples from training and testing

datasets follow independent and identical distribution. This

assumption is overly simpliﬁed and, in many cases, does not

hold true for real world use-cases where adversaries deceive

the ML models into performing wrong predictions (i.e.

adversarial attacks). In addition to traditional threats like

malware attack [52], [53], [54], phishing [55], [56], [57], man-

6. https://www.microsoft.com/en-us/windows/comprehensive-

security

7. https://www.avast.com/

8. https://www.deepinstinct.com/endpoint-security

9. https://shop.cylance.com/us

Fig. 2: An adversarial example against GoogLeNet [75] on

ImageNet [76], demonstrated by Goodfellow et al. [74].

in-the-middle attack [58], [59], [60], denial-of-service [61],

[62], [63] and SQL injection [64], [65], [66], adversarial at-

tacks has now emerged as a serious concern, threatening

to dismantle and undermine all the progress made in the

machine learning domain.

Adversarial attacks are carried out either by poisoning

the training data or manipulating the test data (evasion

attacks). Data poisoning attacks [67], [68], [69], [70] have

been prevalent for some time but are less scrutinized as ac-

cess to training data by the attackers is considered unlikely.

In contrast, evasion attacks, ﬁrst introduced by Szegedy et

al. [71] against deep learning architectures, are carried out

by carefully crafting imperceptible perturbation in test sam-

ples, forcing models to mis-classify as illustrated in Figure 1.

Here, the attacker’s effort is to drag a test sample across the

ML’s decision boundary through the addition of minimal

perturbation to that sample. Considering the availability of

research works and higher-risk in practicality, this survey

will entirely focus on adversarial evasion attacks that are

carried out against the malware detectors.

Adversarial evasion attacks were initially crafted on

images as the only requirement for perturbation in an image

is that it should be imperceptible to the human eye [72], [73].

A very common example for adversarial attack in images,

shown in Figure 2, is performed by Goodfellow et al. [74]

where GoogLeNet [75] trained on ImageNet [76] classiﬁes

panda as gibbon with addition of very small perturbations.

This threat is not limited to experimental research labs but

have already been successfully demonstrated in real world

environments. For instance, Eykholt et al. performed sticker

attacks to road signs forcing the image recognition system

to detect ’STOP’ sign as a speed limit. Researchers from

the Chinese technology company Tencent

tricked Tesla’s

Autopilot in Model S and forced it to switch lanes by adding

few stickers on the road [77]. Such adversarial attacks on

real world applications force us to rethink the increasing

reliability over smart technologies like Tesla Autopilot

However, adversarial generation is a completely differ-

ent game in the malware domain, in comparison to com-

puter vision, due to the increased number of constraints.

Perturbations in malware ﬁles should be generated in a

way that it should not affect both their functionality and

executability. Adversarial evasion attacks on malware are

carried out by manipulating or inserting few ineffectual

10. https://www.tencent.com/

11. https://www.tesla.com/

12. https://www.tesla.com/autopilot

TABLE 1: Surveys focusing on security of machine learning.

Paper Year Application Domain Taxonomy

Threat Modeling

Adversarial Example

Barreno et al. [78] 2008 Security Attack Nature

Gardiner et al. [79] 2016 Security Attack Type/Algorithm

√ √

Kumar et al. [80] 2017 General Attack Type

Yuan et al. [81] 2017 Image Algorithm

√ √

Chakraborty et al. [82] 2018 Image/Intrusion Attack Phase

√ √

Akhtar et al. [83] 2018 Image Image domains

√

Duddu et al. [84] 2018 Security Attack Type

√

Li et al. [85] 2018 General Algorithm

Liu et al. [86] 2018 General Target Phase

√

Biggio et al. [87] 2018 Image Attack Type

√ √

Sun et al. [88] 2018 Image Image Type

√ √

Pitropakis et al. [89] 2019 Image/Intrusion/Spam Algorithm

√

Wang et al. [90] 2019 Image Algorithm

√ √

Qiu et al. [91] 2019 Image Knowledge

√ √

Xu et al. [92] 2019 Image/Graph/Text Attack Type

√

Zhang et al. [93] 2019 Natural Language Processing Knowledge/Algorithm

√ √

Martins et al. [94] 2019 Intrusion/Malware Approach

√

Moisejevs [95] 2019 Malware Classiﬁcation Attack Phase

√

Ibitoye et al. [96] 2020 Network Security Approach/Algorithm

√ √

Our Work 2021 Malware Analysis Domain/Algorithm

√ √

Year: Published Year, Application Domain: Dataset domain on which adversarial is crafted, Taxonomy: Basis on which attack taxonomy is made, Threat

Modeling: Presence of threat modeling, Adversarial Example: Discuss actual adversarial attacks crafted in literature

bytes in the malware executables in a way that does not

tamper with its original state, but change the classiﬁcation

decision by the ML model. For instance, one early demon-

strated attack against anti-malware engine was carried out

by Anderson et al. [97] using reinforcement learning. This

black-box attack was able to bypass Random forest and gra-

dient boosted decision trees (GBDT) detectors by modifying

few bytes of Windows PE malware ﬁles. Kolosnjaji et al. [98]

carried out evasion attack using gradient based approach

against convolutional neural network (CNN) based mal-

ware detector. Since then, there has been numerous works

trying to optimize the attacks, discovering better approaches

to attack wide domains of malware detectors. Demetrio et

al. [99] success in crafting adversarial from few header byte

modiﬁcation and Suciu et al. [100] experiment on inserting

perturbations in different ﬁle locations, further magniﬁed

the interest towards improving the standard of attacks. The

fear of evolving adversarial attack is growing among the

cyber security research community and has provoked the

everlasting war between adversarial attackers and defend-

ers. To help researchers better understand the current situation of

adversarial attacks in the malware domain and infer vulnerabili-

ties on current approaches, this paper will provide a comprehensive

survey of ongoing adversarial evasion attack researches against

Windows, Android, PDF, Linux and Hardware-based malware.

1.1 Motivation and Contribution

1.1.1 Prior Surveys and Limitations

The surveys on adversarial attacks crafted in different do-

mains have been summarized in Table 1. Majority of surveys

on adversarial attacks are focused on computer vision for

images mis-classiﬁcation. Yuan et al. [81] summarized major

adversarial generation methods for images. Chakraborty et

al. [82] surveyed adversarial in form of evasion and poi-

soning in image and anomaly detection. Akhtar et al.’s [83]

work was restricted on the computer vision domain like

most of the works. Biggio et al. [87] presented a historical

timeline of evasion attacks along with works carried out on

security of deep neural networks. Sun et al. [88] surveyed

practical adversarial examples on graph data. Many of

the surveys did not only focused on a single domain but

covered generalized ﬁeld across multiple domains including

image, text, graph, intrusion, spam and malware. Kumar et

al. [80] classiﬁed adversarial attacks into four overlapping

classes. Li et al. [101] explains adversarial generation and

defense mechanism through formal representation. Liu et

al. [86] reviewed some general security threats and asso-

ciated defensive techniques. Pitropakis et al. [89] surveyed

adversarial in intrusion detection, spam ﬁltering and image

domain. Xu et al. [92] surveyed vulnerabilities, analysed

reasons behind it and also proposed ways to detect adver-

sarial examples. There have been a few works focusing on

the security related domains like intrusion, malware, and

network security. Barreno et al. [78] worked on one of the

very ﬁrst surveys done on security of machine learning

where different categories of attacks and defenses against

ML systems are discussed. Gardiner et al. [79] focused

on reviewing call and control detection techniques. They

identiﬁed vulnerabilities and also pointed limitations of

malware detection systems. Duddu et al. [84] discussed the

concern of privacy being leaked by information handled by

machine learning algorithms. They also presented cyber-

warfare testbed for the effectiveness of attack and defense

strategies. Martins et al. [94] performed generalized survey

on attacks focusing on cloud security, malware detection

and intrusion detection. Ibitoye et al. [96] surveyed adver-

sarial attacks in network domain using risk grid map.

With the discussed surveys, we can make certain conclu-

sions reﬂecting the growing attention and concerns in the

community as the world moves toward automation. First,

the interest of people in adversarial domain has surged in

last 3 or 4 years. Second, very few of the survey papers

is solely focused on adversarial malware analysis, which

is a growing menace. Majority of the surveys conducted

on adversarial domain is built around computer vision

attacks. Recent ﬂux of works are spread in wide domains

including network, natural language processing, security,

and intrusion detection. There has been limited research on

adversarial attacks in malware analysis, being a relatively

new domain. The few existing surveys on malware domain

are not focused on malware analysis but spread around

multiple domains. The current surveys also does not cover

entire attacks carried out on malware detection domain,

but focuses on small subset of attacks. The outpouring

interests in adversarial and lack of surveys justifying entire

adversarial attacks on malware domain, motivates us to

extensively survey adversarial evasion attack on malware.

1.1.2 Our Contributions

This work will contribute in understanding the arms race

between attacker and defender by discussing adversarial

evasion attacks in different folds of the malware domain.

We aim to provide completely self-contained survey on

adversarial attacks carried out against malware detection

techniques. Based on our knowledge, this work is one

among the ﬁrst to solely focus on adversarial attacks on

malware detection systems. In this work, our contributions

cover the following dimensions:

• As our goal is to make the survey as comprehensive

as possible, we provide all the related information

required to completely comprehend the contents of the

survey. We discuss the machine learning approaches

used, the adversarial generation algorithms used by

attackers, the malware detection methods attacked and

the structure of ﬁles that has been exploited to insert

adversarial perturbations.

• We provide the threat modeling to adversarial evasion

attacks carried out in malware domain. The threat

model helps in quantify and analyze the attack-speciﬁc

TABLE 2: List of acronyms in alphabetical order.

Acronym Full Form

ACER Actor Critic model with Experience Replay

AE Adversarial Example

AI Artiﬁcial Intelligence

AMAO Adversarial Malware Alignment Obfuscation

API Application Programming Interface

ATMPA Adversarial Texture Malware Perturbation Attack

BFA Benign Features Append

BRN Benign Random Noise

CFG Control Flow Graph

CNN Convolutional Neural Network

CRT Cross Reference Table

CW Carlini-Wagner

DCGAN Deep Convolutional GAN

DE Differential Evolution

DL Deep Learning

DNN Deep Neural Network

DRL Deep Reinforcement Learning

FGM Fast Gradient Method

FGSM Fast Gradient Sign Method

GADGET Generative API Adversarial Generic Example by

Transferability

GAN Generative Adversarial Network

GAP Global Average Pooling

GBDT Gradient Boosted Decision Trees

GD-KDE Gradient Descent and Kernel Density Estimation

GEA Graph Embedding and Augmentation

GRU Gated Recurrent Units

HDL Hardware Description Language

HMD Hardware Malware Detectors

IoT Internet of Things

KNN K-Nearest Neighbors

LLC Logical Link Control

LR Logistic Regression

LRP Layer-wise Relevance Propagation

LSTM Long Short Term Memory

MEV Modiﬁcation Evaluating Value

MIM Momentum Iterative Method

ML Machine Learning

MLP Multi Layer Perceptron

MRV Malware Recomposition Variation

OPA One Pixel Attack

PDF Portable Document Format

PE Portable Executable

PGD Projected Gradient Descent

ReLU Rectiﬁed Linear Unit

RF Random Forest

RL Reinforcement Learning

RNN Recurrent Neural Network

RTLD Resource Temporal Locale Dependency

SDG System Dependency Graph

SHAP SHapley Additive exPlanation

SR Success Rate

SVM Support Vector Machine

TCD Trojan-net Concealment Degree

TLAMD A Testing framework for Learning based Android

Malware Detection systems for IoT Devices

TPR True Positive Rate

VOTE VOTing based Ensemble

ZOO Zeroth Order Optimization

Introduction

Motivation and

Contribution

Organization

Literature

Section 1 : Introduction

Section 2 : Machine Learning Preliminaries

Deep

Learning

Convolutional

Neural Network

Reinforcement

Learning

Recurrent

Neural Network

Generative

Adversarial Network

Section 3 : File Structure

Windows PE PDFAndroid

Section 4: Malware Detection

Signature Zero-day

Section 6 : Adversarial Algorithms

L-BFGS DeepFoolC&WJSMAIGSMFGSM OPAZOO

Section 5 : Adversarial Threat Model

Attack SurfaceAdversarial Knowledge Adversarial Capabilities

Adversarial Goals

Poisoning

Evasion

Exploratory

Data

Modification

Logic

Corruption

Untargeted

Misclassification

Targeted

Misclassification

Confidence

Reduction

Data

Injection

Black

Box

White

Box

Section 7 : Adversarial Malware Evasion Attacks

Windows Malware Adversarial Android Malware Adversarial PDF Malware Adversarial

Gradient Based

Attack

Code Obfuscation

Based Attack

Reinforcement

Learning Based Attack

GAN Based

Attack

RNN Based

Attack

Explainable ML

Based Attack

Malware Visualization

based attack

Hardware Based

Malware Adversarial

Linux Malware

Adversarial

Section 8 : Challenges and Future Directions

Realistic Attacks

Perturbation Insertion

Space

Enhancing Efficiency

Mapping Space

Challenge

Automated Attacks

Explainable

Adversarial

Transferable Attacks

Attacking Adversarial

Defense

Functionality

Verification

Attacking Federated

Learning

Benign Files Attack

Targeting Unexplored

Algorithms

Standarizing Testbed

and Metrices

Adversarial Defense

Fig. 3: Diagrammatic view of the paper organization (Position of Section 6 is changed to save space)

risk associated to particular target of malware. The

threat is modeled in terms of attack surface of the

malware detector, attacker’s knowledge about the mal-

ware detector, attacker’s capabilities on malware, and

adversarial goals that is to be achieved through the

malware ﬁles. The proper threat modeling also helps

to well understand the behaviors of malware, allowing

the adversarial attacker to craft effective perturbations.

• We systematically analyze different adversarial gener-

ation algorithms proposed in different domains, which

have been attempted to be used in the malware domain.

We then discuss the basics of standard adversarial

algorithms and taxonomize adversarial evasion attacks

in the malware domain with respect to various attack

domains. As Windows malware are the most abundant

and also the most exploited area, we further taxono-

mize attacks on Windows malware based on the attack

algorithms used. We also discuss attacks carried out in

the less frequent ﬁle structures like Android and PDF.

• We discuss real evasion attacks carried out against anti-

malware engines by the researchers, under each taxo-

nomical headings. We also cover the attack strategies

used by researchers to generate adversarial attacks,

showing how the attacks evolved with time. Further,

剩余47页未读，继续阅读

评论收藏

内容反馈

版权申诉

易小侠

粉丝: 6605
资源: 9万+

恶意软件分析中的对抗性攻击综述_A Survey on Adversarial Attacks for Malware Anal

最新资源

恶意软件分析中的对抗性攻击综述_A Survey on Adversarial Attacks for Malware Anal

评估针对恶意软件检测分类器的对抗性示例的可传递性

adversarial-attacks

面向安卓恶意软件检测的对抗攻击技术综述.pdf

Adversarial-Attack

Threat of Adversarial Attacks on Deep Learning in Computer Vision A Survey.pdf

基于图的对抗式攻击和防御（Adversarial attacks and defenses on graphs）.pdf

Threat of Adversarial Attacks on Deep Learning in Computer Visio

Threat of Adversarial Attacks on Deep Learning in Computer Visi

Defending_Machine_Learning_against_Adversarial_Attacks.pdf

Adversarial_attacks

恶意软件分析

恶意软件分析与反病毒技术

advML:针对反恶意软件的对抗性机器学习

对抗攻击与防御

A Survey On Universal Adversarial Attack.zip

A Survey On Universal Adversarial Attack.pdf

relgan_relational_generative_adversarial_networks_for_text_generation.pdf

Adversarial Examples: Attacks and Defenses for Deep Learning

Adversarial Attack and Defense on Graph Data - A Survey

恶意软件分析 课件

极端多标签文本分类的对抗性示例_Adversarial Examples for Extreme Multilabel Text

adversarial-recommender-systems-survey:这项调查的目标是双重的

adversarial-attacks-pytorch:PyTorch对抗攻击的实现

Efficient Defenses Against Adversarial Attacks

终身孪生对抗网络_Lifelong Twin Generative Adversarial Networks

防止在线操作的对抗式机器学习_Adversarial machine learning for protecting again

基于正交投影梯度下降的对抗性示例检测防御_Evading Adversarial Example Detection Defen

最新资源

恶意软件分析课件