Date of Award

Fall 12-2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Computer Science (PHDCS)

First Advisor

Yong Wang

Second Advisor

John Hastings

Third Advisor

Varghese Vaidyan

Abstract

Innovations in the fields of computer science and mathematics have enabled machines to learn incredibly complicated patterns and abstractions without explicit tutoring. Unfortunately, threats have been developed targeting machine learning systems that may affect large groups of individuals including model producers and maintainers, model users, and individuals who may be implicitly or explicitly represented by the information used by the model. Consequently, it is crucial to understand possible attacks that may be employed on machine learning models at the algorithmic level for better mitigation strategies. This research seeks to work towards a better understanding of vulnerabilities that exist in the space of machine learning in three important segments. First, as a tool to aid in interpreting attacks to benefit possible defensive mechanisms in the future, a taxonomy and threat model are created that highlight possible similarities and differences between existing attacks. Next, a novel exploitative attack is developed that aims to generate evasion samples on tree-based models, including both single and ensemble classifiers. Lastly, a novel exploratory attack is developed that aims to extract representative information from the training datasets of hypersphere-based models as well as learned parameters of the victim models themselves. The proposed taxonomy is based on a review of current literature surrounding the union of cybersecurity and machine learning. Future attacks may supersede the identified relationships found in this study, so the taxonomy itself serves as a stepping-stone for future work to enhance. To evaluate the proposed attacks, a series of victim models were fitted on a variety of datasets to exhibit their data agnostic properties. After the attacks have taken place, multiple metrics have been used to illustrate their effectiveness. Additionally, this research discusses possible uses of the developed attack algorithms in the machine learning paradigm.

Download

Share

COinS