Attribution of Gradient Based Adversarial Attacks for Reverse Engineering of Deceptions

TL;DR

This paper introduces two novel techniques for automatically identifying and attributing gradient-based adversarial attack toolchains in machine learning, aiding in reverse engineering and understanding attack methods.

Contribution

The paper presents the first approach to attribute gradient-based adversarial attacks and estimate their parameters using Co-occurrence Pixel statistics and Laplacian Residuals.

Findings

Techniques successfully identify attack parameters

Methods effectively attribute attack toolchains

Source code and data are publicly available

Abstract

Machine Learning (ML) algorithms are susceptible to adversarial attacks and deception both during training and deployment. Automatic reverse engineering of the toolchains behind these adversarial machine learning attacks will aid in recovering the tools and processes used in these attacks. In this paper, we present two techniques that support automated identification and attribution of adversarial ML attack toolchains using Co-occurrence Pixel statistics and Laplacian Residuals. Our experiments show that the proposed techniques can identify parameters used to generate adversarial samples. To the best of our knowledge, this is the first approach to attribute gradient based adversarial attacks and estimate their parameters. Source code and data is available at: https://github.com/michael-goebel/ei_red