HoneyModels: Machine Learning Honeypots

Ahmed Abdou; Ryan Sheatsley; Yohan Beugin; Tyler Shipp; Patrick McDaniel

doi:10.1109/MILCOM52596.2021.9652947

HoneyModels: Machine Learning Honeypots

Ahmed Abdou, Ryan Sheatsley, Yohan Beugin, Tyler Shipp, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Machine Learning is becoming a pivotal aspect of many systems today, offering newfound performance on classification and prediction tasks, but this rapid integration also comes with new unforeseen vulnerabilities. To harden these systems the ever-growing field of Adversarial Machine Learning has proposed new attack and defense mechanisms. However, a great asymmetry exists as these defensive methods can only provide security to certain models and lack scalability, computational efficiency, and practicality due to overly restrictive constraints. Moreover, newly introduced attacks can easily bypass defensive strategies by making subtle alterations. In this paper, we study an alternate approach inspired by honeypots to detect adversaries. Our approach yields learned models with an embedded watermark. When an adversary initiates an interaction with our model, attacks are encouraged to add this predetermined watermark stimulating detection of adversarial examples. We show that HoneyModels can reveal 69.5% of adversaries attempting to attack a Neural Network while preserving the original functionality of the model. HoneyModels offer an alternate direction to secure Machine Learning that slightly affects the accuracy while encouraging the creation of watermarked adversarial samples detectable by the HoneyModel but indistinguishable from others for the adversary.

Original language	English (US)
Title of host publication	MILCOM 2021 - 2021 IEEE Military Communications Conference
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	886-891
Number of pages	6
ISBN (Electronic)	9781665439565
DOIs	https://doi.org/10.1109/MILCOM52596.2021.9652947
State	Published - 2021
Event	2021 IEEE Military Communications Conference, MILCOM 2021 - San Diego, United States Duration: Nov 29 2021 → Dec 2 2021

Publication series

Name	Proceedings - IEEE Military Communications Conference MILCOM
Volume	2021-November

Conference

Conference	2021 IEEE Military Communications Conference, MILCOM 2021
Country/Territory	United States
City	San Diego
Period	11/29/21 → 12/2/21

All Science Journal Classification (ASJC) codes

Electrical and Electronic Engineering

Access to Document

10.1109/MILCOM52596.2021.9652947

Cite this

Abdou, A., Sheatsley, R., Beugin, Y., Shipp, T., & McDaniel, P. (2021). HoneyModels: Machine Learning Honeypots. In MILCOM 2021 - 2021 IEEE Military Communications Conference (pp. 886-891). (Proceedings - IEEE Military Communications Conference MILCOM; Vol. 2021-November). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/MILCOM52596.2021.9652947

@inproceedings{b24079868fc848eea999a09c27afcb33,

title = "HoneyModels: Machine Learning Honeypots",

abstract = "Machine Learning is becoming a pivotal aspect of many systems today, offering newfound performance on classification and prediction tasks, but this rapid integration also comes with new unforeseen vulnerabilities. To harden these systems the ever-growing field of Adversarial Machine Learning has proposed new attack and defense mechanisms. However, a great asymmetry exists as these defensive methods can only provide security to certain models and lack scalability, computational efficiency, and practicality due to overly restrictive constraints. Moreover, newly introduced attacks can easily bypass defensive strategies by making subtle alterations. In this paper, we study an alternate approach inspired by honeypots to detect adversaries. Our approach yields learned models with an embedded watermark. When an adversary initiates an interaction with our model, attacks are encouraged to add this predetermined watermark stimulating detection of adversarial examples. We show that HoneyModels can reveal 69.5% of adversaries attempting to attack a Neural Network while preserving the original functionality of the model. HoneyModels offer an alternate direction to secure Machine Learning that slightly affects the accuracy while encouraging the creation of watermarked adversarial samples detectable by the HoneyModel but indistinguishable from others for the adversary.",

author = "Ahmed Abdou and Ryan Sheatsley and Yohan Beugin and Tyler Shipp and Patrick McDaniel",

note = "Funding Information: This research was sponsored by the U.S. Army Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on. Publisher Copyright: {\textcopyright} 2021 IEEE.; 2021 IEEE Military Communications Conference, MILCOM 2021 ; Conference date: 29-11-2021 Through 02-12-2021",

year = "2021",

doi = "10.1109/MILCOM52596.2021.9652947",

language = "English (US)",

series = "Proceedings - IEEE Military Communications Conference MILCOM",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "886--891",

booktitle = "MILCOM 2021 - 2021 IEEE Military Communications Conference",

address = "United States",

}

Abdou, A, Sheatsley, R, Beugin, Y, Shipp, T & McDaniel, P 2021, HoneyModels: Machine Learning Honeypots. in MILCOM 2021 - 2021 IEEE Military Communications Conference. Proceedings - IEEE Military Communications Conference MILCOM, vol. 2021-November, Institute of Electrical and Electronics Engineers Inc., pp. 886-891, 2021 IEEE Military Communications Conference, MILCOM 2021, San Diego, United States, 11/29/21. https://doi.org/10.1109/MILCOM52596.2021.9652947

HoneyModels: Machine Learning Honeypots. / Abdou, Ahmed; Sheatsley, Ryan; Beugin, Yohan et al.
MILCOM 2021 - 2021 IEEE Military Communications Conference. Institute of Electrical and Electronics Engineers Inc., 2021. p. 886-891 (Proceedings - IEEE Military Communications Conference MILCOM; Vol. 2021-November).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - HoneyModels

T2 - 2021 IEEE Military Communications Conference, MILCOM 2021

AU - Abdou, Ahmed

AU - Sheatsley, Ryan

AU - Beugin, Yohan

AU - Shipp, Tyler

AU - McDaniel, Patrick

N1 - Funding Information: This research was sponsored by the U.S. Army Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on. Publisher Copyright: © 2021 IEEE.

PY - 2021

Y1 - 2021

N2 - Machine Learning is becoming a pivotal aspect of many systems today, offering newfound performance on classification and prediction tasks, but this rapid integration also comes with new unforeseen vulnerabilities. To harden these systems the ever-growing field of Adversarial Machine Learning has proposed new attack and defense mechanisms. However, a great asymmetry exists as these defensive methods can only provide security to certain models and lack scalability, computational efficiency, and practicality due to overly restrictive constraints. Moreover, newly introduced attacks can easily bypass defensive strategies by making subtle alterations. In this paper, we study an alternate approach inspired by honeypots to detect adversaries. Our approach yields learned models with an embedded watermark. When an adversary initiates an interaction with our model, attacks are encouraged to add this predetermined watermark stimulating detection of adversarial examples. We show that HoneyModels can reveal 69.5% of adversaries attempting to attack a Neural Network while preserving the original functionality of the model. HoneyModels offer an alternate direction to secure Machine Learning that slightly affects the accuracy while encouraging the creation of watermarked adversarial samples detectable by the HoneyModel but indistinguishable from others for the adversary.

AB - Machine Learning is becoming a pivotal aspect of many systems today, offering newfound performance on classification and prediction tasks, but this rapid integration also comes with new unforeseen vulnerabilities. To harden these systems the ever-growing field of Adversarial Machine Learning has proposed new attack and defense mechanisms. However, a great asymmetry exists as these defensive methods can only provide security to certain models and lack scalability, computational efficiency, and practicality due to overly restrictive constraints. Moreover, newly introduced attacks can easily bypass defensive strategies by making subtle alterations. In this paper, we study an alternate approach inspired by honeypots to detect adversaries. Our approach yields learned models with an embedded watermark. When an adversary initiates an interaction with our model, attacks are encouraged to add this predetermined watermark stimulating detection of adversarial examples. We show that HoneyModels can reveal 69.5% of adversaries attempting to attack a Neural Network while preserving the original functionality of the model. HoneyModels offer an alternate direction to secure Machine Learning that slightly affects the accuracy while encouraging the creation of watermarked adversarial samples detectable by the HoneyModel but indistinguishable from others for the adversary.

UR - http://www.scopus.com/inward/record.url?scp=85124121231&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85124121231&partnerID=8YFLogxK

U2 - 10.1109/MILCOM52596.2021.9652947

DO - 10.1109/MILCOM52596.2021.9652947

M3 - Conference contribution

AN - SCOPUS:85124121231

T3 - Proceedings - IEEE Military Communications Conference MILCOM

SP - 886

EP - 891

BT - MILCOM 2021 - 2021 IEEE Military Communications Conference

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 29 November 2021 through 2 December 2021

ER -

HoneyModels: Machine Learning Honeypots

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this