Attribution of Gradient Based Adversarial Attacks for Reverse Engineering of Deceptions
This work addresses the need for automated tools to analyze and attribute adversarial attacks in machine learning, which is incremental as it builds on existing knowledge of attacks.
The paper tackles the problem of reverse engineering adversarial machine learning attacks by presenting two techniques for automated identification and attribution of attack toolchains, achieving the ability to identify parameters used to generate adversarial samples.
Machine Learning (ML) algorithms are susceptible to adversarial attacks and deception both during training and deployment. Automatic reverse engineering of the toolchains behind these adversarial machine learning attacks will aid in recovering the tools and processes used in these attacks. In this paper, we present two techniques that support automated identification and attribution of adversarial ML attack toolchains using Co-occurrence Pixel statistics and Laplacian Residuals. Our experiments show that the proposed techniques can identify parameters used to generate adversarial samples. To the best of our knowledge, this is the first approach to attribute gradient based adversarial attacks and estimate their parameters. Source code and data is available at: https://github.com/michael-goebel/ei_red