The importance of studying the robustness of learners to malicious data is well established. While much work has been done establishing both robust estimators and effective data injection attacks when the attacker is omniscient, the ability of an attacker to provably harm learning while having access to little information is largely unstudied. We study the potential of a “blind attacker” to pro...

Instruction Set Randomization (ISR) has been proposed as a promising defense against code injection attacks. It defuses all standard code injection attacks since the attacker does not know the instruction set of the target machine. A motivated attacker, however, may be able to circumvent ISR by determining the randomization key. In this paper, we investigate the possibility of a remote attacker...

Given the real-world deployments of attacker-defender Stackelberg security games, robustness to deviations from expected attacker behaviors has now emerged as a critically important issue. This paper provides four key contributions in this context. First, it identifies a fundamentally problematic aspect of current algorithms for security games. It shows that there are many situations where thes...

We present a new denial-of-service attack against 802.11 wireless networks. Our attack exploits previously discovered performance degradation in networks with substantial rate diversity. In our attack, the attacker artificially reduces his link quality by not acknowledging receptions (which we call “partial deafness” because an attacker pretends to have not heard some of the transmission), ther...

Label contamination attack (LCA) is an important type of data poisoning attack where an attacker manipulates the labels of training data to make the learned model beneficial to him. Existing work on LCA assumes that the attacker has full knowledge of the victim learning model, whereas the victim model is usually a black-box to the attacker. In this paper, we develop a Projected Gradient Ascent ...

Preventing the attacks in a computer network is the core problem in network security. We introduce a new game-theoretic model of the interaction between a network administrator who uses limited resource to harden a network and an attacker who follows a multistage plan to attack the network. The possible plans of the attacker are compactly represented using attack graphs, while the defender adds...

Despite extensive study on wireless sensor network security, defending internal attacks and finding abnormal behaviour of the sensor are still difficult and unsolved task. The conventional cryptographic technique does not give the robust security or detection process to save the network from internal attacker that cause by abnormal behavior. The insider attacker or abnormally behaved sensor ide...

Implementations of white-box cryptography aim to protect a secret key in a white-box environment in which an adversary has full control over the execution process and the entire environment. Its fundamental principle is the map of the cryptographic architecture, including the secret key, to a number of encoded tables that shall resist the inspection and decomposition of an attacker. In a gray-b...

We describe a practical attack on the High Bandwidth Digital Content Protection (HDCP) scheme. HDCP is a proposed identity-based cryptosystem for use over the Digital Visual Interface bus, a consumer video bus used in digital VCRs, camcorders, and personal computers. Public/private key pairs are assigned to devices by a trusted authority, which possesses a master secret. If an attacker can reco...