Protecting the Protector - Hardening Machine Learning Defenses Against Adversarial Attacks

Explore strategies for enhancing the resilience of machine learning models against tampering in this 50-minute Black Hat conference talk. Delve into the comparison between cloud-based and client-based models' vulnerability to attacks. Examine Windows Defender Advanced Threat Protection research, various machine learning types, and their application in endpoint protection. Investigate theoretical attack vectors on supervised models, including real-world examples of attacks on certificate reputation. Learn about diverse model approaches, feature selection, and optimization for different threat scenarios. Discover the importance of training data, model selection, and preventing data leaks. Analyze the impact of ensemble models, interpretability, and real-time monitoring in strengthening defenses. Gain key insights from recent real-world case studies to better protect machine learning models against adversarial attacks.

Intro
Windows Defender Advanced Threat Protection
Windows Defender ATP Research
Types of Machine Learning
Machine Learning for Endpoint Protection
Client Machine Learning
Cloud Machine Learning
Theoretical Attack Vectors: Supervised Model
Attacks on Certificate Reputation (Early 2017)
Attacks on Certificate Reputation (cont.)
Challenges
Diverse Models 1. Different feature sets
Features - Highly dimensional data
Diverse Set of Classifiers Feature Set PE Properties
Optimizing for Different Threat Scenarios
Boolean Stacking TRAINING DATA
Model Selection
Data Leaks
Using Unsupervised Features
Experiment Design Supervised Training
What if ... Attacker crafts adversarial samples to flip verdicts SAMPLES
Realtime Monitoring
Impact of Ensemble Models
Bonus: Interpretability
Benefits of an Ensemble Model
Recent Realworld Case Studies (2)
Key Takeaways