Intriguing Properties of Adversarial ML Attacks in the Problem Space

Explore the intriguing properties of adversarial machine learning attacks in the problem space through this IEEE conference talk. Delve into a novel formalization for adversarial ML evasion attacks, focusing on real-world implications and constraints. Discover the relationship between feature space and problem space, and learn about side-effect features resulting from the inverse feature-mapping problem. Examine necessary and sufficient conditions for problem-space attacks and their applications across various domains. Investigate a new problem-space attack on Android malware, demonstrating the feasibility of evading state-of-the-art classifiers. Gain insights into the realistic threat of "adversarial-malware as a service" and the importance of principled research in this domain. Understand the current landscape of adversarial ML research and its limitations in addressing malware-related challenges.

Introduction
Traditional Feature Space Attacks
Problem Space Attacks
Contributions
Formalization
Realworld transformations
Defining plausible
Robustness
Summary
Stateoftheart
Transplant
Analysis
Projection
Vein Experiment
Average Complexity
Time Taken
Conclusion