EagleEye: Attack-Agnostic Defenses against Adversarial Inputs

---

Overview

Deep learning systems are inherently vulnerable to adversarial inputs, which are maliciously crafted samples to trigger deep neural networks (DNNs) to misbehave, leading to disastrous consequences in security-critical applications. The fundamental challenges of defending against such attacks stem from their adaptive and variable nature: adversarial inputs are tailored to target DNNs, while crafting strategies vary greatly with concrete attacks. This project develops EagleEye, a universal, attack-agnostic defense framework that (i) works effectively against unseen attack variants, (ii) preserves predictive power of deep neural networks, (iii) complements existing defense mechanisms, and (iv) provides comprehensive diagnosis about potential risks in deep learning outputs.

In particular, EagleEye leverages a set of invariant properties underlying most attacks, including the “minimality principle”: to maximize attack evasiveness, an adversarial input is generated by applying the minimum possible distortion to a legitimate input. By exploiting such properties in a principled manner, EagleEye effectively discriminates adversarial inputs (integrity checking) and even uncovers their correct outputs (truth recovery).

---

Publications

• Interpretable Deep Learning under Fire
  Xinyang Zhang, Ningfei Wang, Shouling Ji, Hua Shen, Ting Wang
  ArXiv e-prints, 2018

• TextBugger: Generating Adversarial Text Against Real-world Applications [pdf]
  Jinfeng Li, Shouling Ji, Tianyu Du, Bo Li, Ting Wang
  The 2019 Network and Distributed System Security Symposium (NDSS '19)

• DeepSec: A Uniform Platform for Security Analysis of Deep Learning Models [pdf]
  Xiang Ling, Shouling Ji, Jiaxu Zou, Jiannan Wang, Chunming Wu, Bo Li, Ting Wang
  The 40th IEEE Symposium on Security and Privacy (S&P '19)

• Towards Evaluating the Security of Image CAPTCHA in The Wild [pdf]
  Binbin Zhao, Haiqin Weng, Shouling Ji, Jianhai Chen, Ting Wang, Qinming He, Raheem Beyah
  The 11th ACM Workshop on Artificial Intelligence and Security (AISec '18)

• Towards A Unified Theory of Adversarial Inputs and Adversarial Models
  Ting Wang
  ArXiv e-prints, 2018

• Model-Reuse Attacks on Deep Learning Systems [pdf]
  Yujie Ji, Xinyang Zhang, Shouling Ji, Xiapu Luo, Ting Wang
  The 25th ACM Conference on Computer and Communications Security (CCS '18)

• EagleEye: Attack-Agnostic Defense against Adversarial Inputs
  Yujie Ji, Xinyang Zhang, Ting Wang
  ArXiv e-prints, 2018

• Differentially Private Distributed Online Learning [pdf, bibtex]
  Chencheng Li, Pan Zhou, Li Xiong, Qian Wang, and Ting Wang
  IEEE Transactions on Knowledge and Data Engineering (TKDE)

• Quantifying Graph Anonymity, Utility, and De-anonymity [pdf, bibtex]
  Shouling Ji, Tianyu Du, Zhen Hong, Ting Wang, Raheem Beyah
  2018 IEEE International Conference on Computer Communications (INFOCOM '18)

• Backdoor Attacks against Learning Systems [pdf, bibtex]
  Yujie Ji, Xinyang Zhang, Ting Wang
  The 5th IEEE Conference on Communications and Network Security (CNS '17)

---

Code & Datasets

---

We are grateful for the National Science Foundation (NSF) to support our research.