Memguard: Defending against black-box membership inference attacks via adversarial examples

J Jia, A Salem, M Backes, Y Zhang… - Proceedings of the 2019 …, 2019 - dl.acm.org
In a membership inference attack, an attacker aims to infer whether a data sample is in a
target classifier's training dataset or not. Specifically, given a black-box access to the target …

Realtime robust malicious traffic detection via frequency domain analysis

C Fu, Q Li, M Shen, K Xu - Proceedings of the 2021 ACM SIGSAC …, 2021 - dl.acm.org
Machine learning (ML) based malicious traffic detection is an emerging security paradigm,
particularly for zero-day attack detection, which is complementary to existing rule based …

Subverting website fingerprinting defenses with robust traffic representation

M Shen, K Ji, Z Gao, Q Li, L Zhu, K Xu - 32nd USENIX Security …, 2023 - usenix.org
Anonymity networks, eg, Tor, are vulnerable to various website fingerprinting (WF) attacks,
which allows attackers to perceive user privacy on these networks. However, the defenses …

Defeating {DNN-Based} traffic analysis systems in {Real-Time} with blind adversarial perturbations

M Nasr, A Bahramali, A Houmansadr - 30th USENIX Security …, 2021 - usenix.org
Deep neural networks (DNNs) are commonly used for various traffic analysis problems, such
as website fingerprinting and flow correlation, as they outperform traditional (eg, statistical) …

" Get in Researchers; We're Measuring Reproducibility": A Reproducibility Study of Machine Learning Papers in Tier 1 Security Conferences

D Olszewski, A Lu, C Stillman, K Warren… - Proceedings of the …, 2023 - dl.acm.org
Reproducibility is crucial to the advancement of science; it strengthens confidence in
seemingly contradictory results and expands the boundaries of known discoveries …

Beyond value perturbation: Local differential privacy in the temporal setting

Q Ye, H Hu, N Li, X Meng, H Zheng… - IEEE INFOCOM 2021 …, 2021 - ieeexplore.ieee.org
Time series has numerous application scenarios. However, since many time series data are
personal data, releasing them directly could cause privacy infringement. All existing …

Fingerprinting encrypted voice traffic on smart speakers with deep learning

C Wang, S Kennedy, H Li, K Hudson, G Atluri… - Proceedings of the 13th …, 2020 - dl.acm.org
This paper investigates the privacy leakage of smart speakers under an encrypted traffic
analysis attack, referred to as voice command fingerprinting. In this attack, an adversary can …

Watching the watchers: Practical video identification attack in {LTE} networks

S Bae, M Son, D Kim, CJ Park, J Lee, S Son… - 31st USENIX Security …, 2022 - usenix.org
A video identification attack is a tangible privacy threat that can reveal videos that victims are
watching. In this paper, we present the first study of a video identification attack in Long Term …

Detection defense against adversarial attacks with saliency map

D Ye, C Chen, C Liu, H Wang… - International Journal of …, 2022 - Wiley Online Library
It is well established that neural networks are vulnerable to adversarial examples, which are
almost imperceptible on human vision and can cause the deep models misbehave. Such …

Protecting Confidential Virtual Machines from Hardware Performance Counter Side Channels

X Lou, K Chen, G Xu, H Qiu, S Guo… - 2024 54th Annual IEEE …, 2024 - ieeexplore.ieee.org
In modern cloud platforms, it is becoming more important to preserve the privacy of guest
virtual machines (VMs) from the untrusted host. To this end, Secure Encrypted Virtualization …