Using Machine Learning to Improve Security in Adversarial Environments

Richard Lippmann, Senior Staff in the Cyber Systems and Technology Group, MIT Lincoln Laboratory

Friday, January 14, 2011

Spanos Auditorium

This seminar is part of the Jones Seminars on Science, Technology, and Society series

Machine learning is widely used to solve difficult security problems by adaptively training on large databases. Examples include computer spam detection, antivirus software, computer intrusion detection, automated internet search engines such as Google, credit-card fraud detection, talker identification by voice, and video surveillance. Many of these systems face active adversaries with strong financial incentives to defeat accurate performance. Just as humans are susceptible to fraud and misdirection, many of these new learning systems are susceptible to adversarial attacks. This presentation provides a taxonomy of the types of adversarial attacks that can be launched against learning systems and also a summary of effective defenses that can be used to counter these attacks. This analysis is meant to raise the awareness of weaknesses in many widely deployed learning systems, of successful defenses to counter adversarial attacks, and of the arms race this interaction engenders.

About the Speaker

Richard Lippmann's recent work focuses on developing new approaches for risk assessment, adversary modeling, and security analysis of large enterprise networks and both dynamic and static code analysis to detect vulnerabilities. In the past he led the first formal evaluation of intrusion detection systems, applied machine learning and neural network approaches to many computer security problems, and performed research in automatic speech recognition, speech perception, speech training aids for the deaf, and signal processing for hearing aids. He has authored or co-authored more than 100 papers, reports, or books in the above research areas, has been a Distinguished Lecturer for the IEEE Signal Processing Society and received the first IEEE Signal Processing Magazine award for an article entitled "An Introduction to Computing with Neural Nets." He was the 2008 program chair for the Recent Advances in Intrusion Detection (RAID) conference, has been a program chair of the Conference on Neural Information Processing Systems (NIPS), and co-chaired a 2007 NIPS workshop on Machine Learning in Adversarial Environments described. Selected papers and open-source computer security corpora are available at the Lincoln Laboratory website.