AdvCat: Domain-Agnostic Robustness Assessment for Cybersecurity-Critical Applications with Categorical Inputs

TL;DR

This paper introduces AdvCat, a domain-agnostic, provably optimal method for assessing the adversarial robustness of machine learning models in cybersecurity-critical applications with categorical inputs, addressing a key trust concern.

Contribution

We propose a novel, domain-agnostic robustness assessment protocol that is both provably optimal and computationally efficient for cybersecurity applications with categorical data.

Findings

Effective robustness assessment for fake news detection

Successful application to intrusion detection

Demonstrated computational efficiency

Abstract

Machine Learning-as-a-Service systems (MLaaS) have been largely developed for cybersecurity-critical applications, such as detecting network intrusions and fake news campaigns. Despite effectiveness, their robustness against adversarial attacks is one of the key trust concerns for MLaaS deployment. We are thus motivated to assess the adversarial robustness of the Machine Learning models residing at the core of these security-critical applications with categorical inputs. Previous research efforts on accessing model robustness against manipulation of categorical inputs are specific to use cases and heavily depend on domain knowledge, or require white-box access to the target ML model. Such limitations prevent the robustness assessment from being as a domain-agnostic service provided to various real-world applications. We propose a provably optimal yet computationally highly efficient adversarial robustness assessment protocol for a wide band of ML-driven cybersecurity-critical applications. We demonstrate the use of the domain-agnostic robustness assessment method with substantial experimental study on fake news detection and intrusion detection problems.