research-article

Machine Learning–based Cyber Attacks Targeting on Controlled Information: A Survey

Authors:
Yuantian Miao

School of Software and Electrical Engineering, Swinburne University of Technology

School of Software and Electrical Engineering, Swinburne University of Technology
View Profile

,
Chao Chen

College of Science & Engineering, James Cook University

College of Science & Engineering, James Cook University
View Profile

,
Lei Pan

School of Information Technology, Deakin University

School of Information Technology, Deakin University
View Profile

,
Qing-Long Han

School of Software and ElectricalEngineering, Swinburne University of Technology

School of Software and ElectricalEngineering, Swinburne University of Technology
View Profile

,
Jun Zhang

School of Software and ElectricalEngineering, Swinburne University of Technology

School of Software and ElectricalEngineering, Swinburne University of Technology
View Profile

,
Yang Xiang

School of Software and ElectricalEngineering, Swinburne University of Technology

School of Software and ElectricalEngineering, Swinburne University of Technology
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 54 Issue 7Article No.: 139pp 1–36https://doi.org/10.1145/3465171

Published:18 July 2021Publication History

ACM Computing Surveys

Abstract

Stealing attack against controlled information, along with the increasing number of information leakage incidents, has become an emerging cyber security threat in recent years. Due to the booming development and deployment of advanced analytics solutions, novel stealing attacks utilize machine learning (ML) algorithms to achieve high success rate and cause a lot of damage. Detecting and defending against such attacks is challenging and urgent so governments, organizations, and individuals should attach great importance to the ML-based stealing attacks. This survey presents the recent advances in this new type of attack and corresponding countermeasures. The ML-based stealing attack is reviewed in perspectives of three categories of targeted controlled information, including controlled user activities, controlled ML model-related information, and controlled authentication information. Recent publications are summarized to generalize an overarching attack methodology and to derive the limitations and future directions of ML-based stealing attacks. Furthermore, countermeasures are proposed towards developing effective protections from three aspects—detection, disruption, and isolation.

Supplemental Material

Available for Download

zip

miao.zip (125 KB)

Supplemental movie, appendix, image and software files for, Machine Learning–based Cyber Attacks Targeting on Controlled Information: A Survey

References

Martin Abadi, Andy Chu, Ian Goodfellow, H. Brendan McMahan, Ilya Mironov, Kunal Talwar, and Li Zhang. 2016. Deep learning with differential privacy. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, 308–318.Google ScholarDigital Library
Mohammad Ahmadian and Dan Cristian Marinescu. 2020. Information leakage in cloud data warehouses. IEEE Trans. Sustain. Comput. 5, 2 (2020), 192–203.Google ScholarCross Ref
Sultan Alneyadi, Elankayer Sithirasenan, and Vallipuram Muthukkumarasamy. 2016. A survey on data leakage prevention systems. J. Netw. Comput. Applic. 62, Feb. (2016), 137–152.Google ScholarDigital Library
Orcan Alpar. 2017. Frequency spectrograms for biometric keystroke authentication using neural network based classifier. Knowl.-based Syst. 116, Jan. (2017), 163–171.Google Scholar
Giuseppe Ateniese, Luigi V. Mancini, Angelo Spognardi, Antonio Villani, Domenico Vitali, and Giovanni Felici. 2015. Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers. Int. J. Secur. Netw. 10, 3 (2015), 137–150.Google ScholarDigital Library
Michael Backes, Markus Dürmuth, and Dominique Unruh. 2008. Compromising reflections-or-how to read LCD monitors around the corner. In Proceedings of the IEEE Symposium on Security and Privacy (SP’08). IEEE, 158–169.Google ScholarDigital Library
R. Barona and E. A. Mary Anita. 2017. A survey on data breach challenges in cloud computing security: Issues and threats. In Proceedings of the International Conference on Circuit, Power and Computing Technologies (ICCPCT’17). IEEE, 1–8.Google Scholar
Yigael Berger, Avishai Wool, and Arie Yeredor. 2006. Dictionary attacks using keyboard acoustic emanations. In Proceedings of the 13th ACM SIGSAC Conference on Computer and Communications Security (CCS’06). ACM, 245–254.Google ScholarDigital Library
Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim Šrndić, Pavel Laskov, Giorgio Giacinto, and Fabio Roli. 2013. Evasion attacks against machine learning at test time. In Proceedings of the Joint European Conference on Machine Learning and Knowledge Discovery in Databases. Springer, 387–402.Google ScholarDigital Library
BigML. 2019. Machine learning made beautifully simple for everyone. Retrieved from https://bigml.com/.Google Scholar
Joseph Bonneau. 2012. The science of guessing: Analyzing an anonymized corpus of 70 million passwords. In Proceedings of the IEEE Symposium on Security and Privacy (SP’12). IEEE, 538–552.Google ScholarDigital Library
Thomas Brewster. 2015. 13 million passwords appear to have leaked from this free web host. Retrieved from https://www.forbes.com/sites/thomasbrewster/2015/10/28/000webhost-database-leak/#5b2a9ad06098.Google Scholar
Liang Cai and Hao Chen. 2011. TouchLogger: Inferring keystrokes on touch screen from smartphone motion. In Proceedings of the 6th USENIX Workshop on Hot Topics in Security (HotSec’11). USENIX Association, 9–15.Google Scholar
Anthony Califano, Ersin Dincelli, and Sanjay Goel. 2015. Using features of cloud computing to defend smart grid against DDoS attacks. In Proceedings of the 10th Symposium on Information Assurance (Asia’15). NYS, 44–50.Google Scholar
InfoWatch Analytics Center. 2018. Global Data Leakage Report, 2017. Retrieved from https://infowatch.com/report2017#.Google Scholar
Farah Chanchary, Yomna Abdelaziz, and Sonia Chiasson. 2018. Privacy concerns amidst OBA and the need for alternative models. IEEE Internet Comput. 22, Apr. (2018), 52–61.Google Scholar
Chao Chen, Yu Wang, Jun Zhang, Yang Xiang, Wanlei Zhou, and Geyong Min. 2017. Statistical features-based real-time detection of drifted Twitter spam. IEEE Trans. Inf. Forens. Secur. 12, 4 (2017), 914–925.Google ScholarCross Ref
Rongmao Chen, Yi Mu, Guomin Yang, Fuchun Guo, and Xiaofen Wang. 2016. Dual-server public-key encryption with keyword search for secure cloud storage. IEEE Trans. Inf. Forens. Secur. 11, 4 (2016), 789–798.Google ScholarDigital Library
Long Cheng, Fang Liu, and Danfeng Yao. 2017. Enterprise data breach: Causes, challenges, prevention, and future directions. Data Mining Knowl. Discov. 7, 5 (2017), e1211.Google ScholarCross Ref
Maximilian Christ, Andreas W. Kempa-Liehr, and Michael Feindt. 2016. Distributed and parallel time series feature extraction for industrial big data applications. arxiv:cs.LG/1610.07717.Google Scholar
Rory Coulter, Qing-Long Han, Lei Pan, Jun Zhang, and Yang Xiang. 2020. Data driven cyber security in perspective—Intelligent traffic analysis. IEEE Trans. Cyber. 50, 7 (2020), 3081–3093.Google ScholarCross Ref
Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. 2014. The tangled web of password reuse. In Proceedings of the 21st Network and Distributed System Security Symposium (NDSS’14). IEEE, 1–15.Google ScholarCross Ref
Li Deng. 2012. The MNIST database of handwritten digit images for machine learning research [best of the web]. IEEE Sig. Process. Mag. 29, 6 (2012), 141–142.Google ScholarCross Ref
Wenrui Diao, Xiangyu Liu, Zhou Li, and Kehuan Zhang. 2016. No pardon for the interruption: New inference attacks on Android through interrupt timing analysis. In Proceedings of the IEEE Symposium on Security and Privacy (SP’16). IEEE, 414–432.Google ScholarCross Ref
C. W. Dukes. 2015. Committee on National Security Systems (CNSS) Glossary. Technical Report. Committee on National Security Systems Instructions (CNSSI).Google Scholar
Mohamed Amine Ferrag, Leandros Maglaras, and Ahmed Ahmim. 2017. Privacy-preserving schemes for ad hoc social networks: A survey. IEEE Commun. Surv. Tutor. 19, 4 (2017), 3015–3045.Google ScholarCross Ref
Carlos Flavián and Miguel Guinalíu. 2006. Consumer trust, perceived security and privacy policy: Three basic elements of loyalty to a web site. Industr. Manag. Data Syst. 106, 5 (2006), 601–620.Google ScholarCross Ref
G. David Forney. 1973. The Viterbi algorithm. Proc. IEEE 61, 3 (1973), 268–278.Google ScholarCross Ref
Matt Fredrikson, Somesh Jha, and Thomas Ristenpart. 2015. Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, 1322–1333.Google ScholarDigital Library
Matthew Fredrikson, Eric Lantz, Somesh Jha, Simon Lin, David Page, and Thomas Ristenpart. 2014. Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing. In Proceedings of the 23rd USENIX Security Symposium (USENIX Security’14). USENIX Association, 17–32.Google Scholar
Ponemon from IBM. 2018. 2018 Cost of a Data Breach Study: Global Overview. Retrieved from https://www.ibm.com/security/data-breach.Google Scholar
Sam Smith from Juniper Research. 2015. Cybercrime will cost business over $2 trillion by 2019. Retrieved from https://www.juniperresearch.com/press/press-releases/cybercrime-cost-busi nesses-over-2trillion.Google Scholar
Karan Ganju, Qi Wang, Wei Yang, Carl A. Gunter, and Nikita Borisov. 2018. Property inference attacks on fully connected neural networks using permutation invariant representations. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, 619–633.Google ScholarDigital Library
Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and harnessing adversarial examples. In Proceedings of the 3rd International Conference on Learning Representations (ICLR’15). OpenReview.net, 1–11.Google Scholar
Adam Goodkind, David Guy Brizan, and Andrew Rosenberg. 2017. Utilizing overt and latent linguistic structure to improve keystroke-based authentication. Image Vis. Comput. 58, Feb. (2017), 230–238.Google ScholarDigital Library
Google. 2019. Predictive analytics — Cloud machine learning engine. Retrieved from https://cloud.google.com/ml-engine/.Google Scholar
Ben Gras, Kaveh Razavi, Herbert Bos, and Cristiano Giuffrida. 2018. Translation leak-aside buffer: Defeating cache side-channel protections with TLB attacks. In Proceedings of the 27th USENIX Security Symposium (USENIX Security’18). USENIX Association, 955–972.Google Scholar
Daniel Gruss, Julian Lettner, Felix Schuster, Olya Ohrimenko, Istvan Haller, and Manuel Costa. 2017. Strong and efficient cache side-channel protection using hardware transactional memory. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). USENIX Association, 217–233.Google Scholar
Mordechai Guri and Yuval Elovici. 2018. Bridgeware: The air-gap malware. Commun. ACM 61, 4 (2018), 74–82.Google ScholarDigital Library
Debiao He, Sherali Zeadally, Neeraj Kumar, and Jong-Hyouk Lee. 2017. Anonymous authentication for wireless body area networks with provable security. IEEE Syst. J. 11, 4 (2017), 2590–2601.Google ScholarCross Ref
Texas Health and Human Service. 2018. Hospital discharge data public use data file. Retrieved from https://www.dshs.texas.gov/THCIC/Hospitals/Download.shtm.Google Scholar
Briland Hitaj, Giuseppe Ateniese, and Fernando Perez-Cruz. 2017. Deep models under the GAN: Information leakage from collaborative deep learning. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’17). ACM, 603–618.Google ScholarDigital Library
Avesta Hojjati, Anku Adhikari, Katarina Struckmann, Edward Chou, Thi Ngoc Tho Nguyen, Kushagra Madan, Marianne S. Winslett, Carl A. Gunter, and William P. King. 2016. Leave your phone at the door: Side channels that reveal factory floor secrets. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, 883–894.Google Scholar
Ling Huang, Anthony D. Joseph, Blaine Nelson, Benjamin I. P. Rubinstein, and J. D. Tygar. 2011. Adversarial machine learning. In Proceedings of the 4th ACM Workshop on Security and Artificial Intelligence. ACM, 43–58.Google Scholar
Kaggle Inc. 2014. Acquire valued shoppers challenge. Retrieved from https://www.kaggle.com/c/acquire-valued-shoppers-challenge/data.Google Scholar
Kaggle Inc. 2017. 20 Newsgroups. Retrieved from https://www.kaggle.com/crawford/20-newsgroups.Google Scholar
Qi Jiang, Sherali Zeadally, Jianfeng Ma, and Debiao He. 2017. Lightweight three-factor authentication and key agreement protocol for internet-integrated wireless sensor networks. IEEE Access 5, Mar. (2017), 3376–3392.Google ScholarCross Ref
Ambika Kaul, Saket Maheshwary, and Vikram Pudi. 2017. Autolearn–Automated feature generation and selection. In Proceedings of the IEEE International Conference on Data Mining (ICDM’17). IEEE, 217–226.Google ScholarCross Ref
Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez. 2012. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In Proceedings of the IEEE Symposium on Security and Privacy (SP’12). IEEE, 523–537.Google ScholarDigital Library
Muhammad Salman Khan, Sana Siddiqui, and Ken Ferens. 2018. A Cognitive and Concurrent Cyber Kill Chain Model. Springer, Cham.Google Scholar
Richard Kissel. 2013. Glossary of Key Information Security Terms. National Institute of Standards and Technology (NIST) — Computer Security Resource Center, Gaithersburg, MD.Google Scholar
Dennis Kiwia, Ali Dehghantanha, Kim-Kwang Raymond Choo, and Jim Slaughter. 2018. A cyber kill chain based taxonomy of banking trojans for evolutionary computational intelligence. J. Comput. Sci. 27 (2018), 394–409.Google ScholarCross Ref
Saranga Komanduri. 2016. Modeling the Adversary to Evaluate Password Strength with Limited Samples. Ph.D. Dissertation. School of Computer Science, Carnegie Mellon University.Google Scholar
Venkata Koppula, Omkant Pandey, Yannis Rouselakis, and Brent Waters. 2016. Deterministic public-key encryption under continual leakage. In Proceedings of the International Conference on Applied Cryptography and Network Security. Springer, 304–323.Google ScholarCross Ref
Sowndarya Krishnamoorthy, Luis Rueda, Sherif Saad, and Haytham Elmiligi. 2018. Identification of user behavioral biometrics for authentication using keystroke dynamics and machine learning. In Proceedings of the 2nd International Conference on Biometric Engineering and Applications. ACM, 50–57.Google ScholarDigital Library
Alex Krizhevsky and Geoffrey Hinton. 2009. Learning Multiple Layers of Features from Tiny Images. Technical Report. Citeseer. University of Toronto.Google Scholar
Nicholas D. Lane, Emiliano Miluzzo, Hong Lu, Daniel Peebles, Tanzeem Choudhury, and Andrew T. Campbell. 2010. A survey of mobile phone sensing. IEEE Commun. Mag. 48, 9 (2010), 140–150.Google ScholarDigital Library
Nicholas D. Lane, Ye Xu, Hong Lu, Shaohan Hu, Tanzeem Choudhury, Andrew T. Campbell, and Feng Zhao. 2011. Enabling large-scale human activity inference on smartphones using community similarity networks (CSN). In Proceedings of the 13th International Conference on Ubiquitous Computing. ACM, 355–364.Google ScholarDigital Library
Erik Learned-Miller, Gary B. Huang, Aruni Roy Chowdhury, Haoxiang Li, and Gang Hua. 2016. Labeled faces in the wild: A survey. In Advances in Face Detection and Facial Image Analysis. Springer, New York, NY, 189–248.Google Scholar
Yann LeCun, Corinna Cortes, and Christopher J. C. Burges. 2011. The MNIST database of handwritten digits. Retrieved from http://yann.lecun.com/exdb/mnist/.Google Scholar
Mathias Lecuyer, Riley Spahn, Roxana Geambasu, Tzu-Kuo Huang, and Siddhartha Sen. 2017. Pyramid: Enhancing selectivity in big data protection with count featurization. In Proccedings of the IEEE Symposium on Security and Privacy (SP’17). IEEE, 78–95.Google ScholarCross Ref
Ninghui Li, Wahbeh Qardaji, Dong Su, Yi Wu, and Weining Yang. 2013. Membership privacy: A unifying framework for privacy definitions. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM, 889–900.Google ScholarDigital Library
Yue Li, Haining Wang, and Kun Sun. 2016. A study of personal information in human-chosen passwords and its security implications. In Proceedings of the 35th IEEE International Conference on Computer Communications (INFOCOM’16). IEEE, 1–9.Google ScholarDigital Library
Guanjun Lin, Jun Zhang, Wei Luo, Lei Pan, Yang Xiang, Olivier De Vel, and Paul Montague. 2018. Cross-project transfer representation learning for vulnerable function discovery. IEEE Trans. Industr. Inform. 14, 7 (2018), 3289–3297.Google ScholarCross Ref
Jessica Lin and Yuan Li. 2009. Finding structural similarity in time series data using bag-of-patterns representation. In Proceedings of the International Conference on Scientific and Statistical Database Management. Springer, 461–477.Google ScholarDigital Library
Bo Liu, Ming Ding, Sina Shaham, Wenny Rahayu, Farhad Farokhi, and Zihuai Lin. 2021. When machine learning meets privacy: A survey and outlook. ACM Comput. Surv. 54, 2 (2021), 1–36.Google ScholarDigital Library
Fangfei Liu, Qian Ge, Yuval Yarom, Frank Mckeen, Carlos Rozas, Gernot Heiser, and Ruby B. Lee. 2016. Catalyst: Defeating last-level cache side channel attacks in cloud computing. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA’16). IEEE, 406–418.Google Scholar
Liu Liu, Olivier De Vel, Qing-Long Han, Jun Zhang, and Yang Xiang. 2018. Detecting and preventing cyber insider threats: A survey. IEEE Commun. Surv. Tutor. 20, 2 (2018), 1397–1417.Google ScholarCross Ref
Shigang Liu, Jun Zhang, Yang Xiang, and Wanlei Zhou. 2017. Fuzzy-based information decomposition for incomplete and imbalanced data learning. IEEE Trans. Fuzzy Syst. 25, 6 (2017), 1476–1490.Google ScholarDigital Library
Xiangyu Liu, Zhe Zhou, Wenrui Diao, Zhou Li, and Kehuan Zhang. 2015. When good becomes evil: Keystroke inference with smartwatch. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, 1273–1285.Google ScholarDigital Library
Ziwei Liu, Ping Luo, Xiaogang Wang, and Xiaoou Tang. 2015. Deep learning face attributes in the wild. In Proceedings of the International Conference on Computer Vision (ICCV’15). IEEE, 3730–3738.Google ScholarDigital Library
Daniel Lowd and Christopher Meek. 2005. Adversarial learning. In Proceedings of the 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining. ACM, 641–647.Google ScholarDigital Library
Jerry Ma, Weining Yang, Min Luo, and Ninghui Li. 2014. A study of probabilistic password models. In Proceedings of the IEEE Symposium on Security and Privacy (SP’14). IEEE, 689–704.Google ScholarDigital Library
Elsa Macias, Alvaro Suarez, and Jaime Lloret. 2013. Mobile sensing systems. Sensors 13, 12 (2013), 17292–17321.Google ScholarCross Ref
Christopher D. Manning and Hinrich Schütze. 1999. Foundations of Statistical Natural Language Processing. The MIT Press, London, UK.Google ScholarDigital Library
Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur. 2013. Measuring password guessability for an entire university. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM, 173–186.Google ScholarDigital Library
H. Brendan McMahan, Eider Moore, Daniel Ramage, Seth Hampson, and Blaise Arcas. 2017. Communication-efficient learning of deep networks from decentralized data. In Proceedings of the 20th International Conference on Artificial Intelligence and Statistics (AISTATS’17). PMLR, 1273–1282.Google Scholar
William Melicher, Blase Ur, Sean M. Segreti, Saranga Komanduri, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2016. Fast, lean, and accurate: Modeling password guessability using neural networks. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, 175–191.Google Scholar
Luca Melis, Congzheng Song, Emiliano De Cristofaro, and Vitaly Shmatikov. 2019. Exploiting unintended feature leakage in collaborative learning. In Proceedings of the IEEE Symposium on Security and Privacy (SP’19). IEEE, 1–16.Google ScholarCross Ref
Microsoft. 2019. Azure machine learning studio. Retrieved from https://azure.microsoft.com/en-au/services/machine-learning-studio/.Google Scholar
Emiliano Miluzzo, Alexander Varshavsky, Suhrid Balakrishnan, and Romit Roy Choudhury. 2012. TapPrints: Your finger taps have fingerprints. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services. ACM, 323–336.Google ScholarDigital Library
Milad Nasr, Reza Shokri, and Amir Houmansadr. 2018. Machine learning with membership privacy using adversarial regularization. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, 634–646.Google ScholarDigital Library
Hong-Wei Ng and Stefan Winkler. 2014. A data-driven approach to cleaning large face datasets. In Proceedings of the IEEE International Conference on Image Processing (ICIP’14). IEEE, 343–347.Google ScholarCross Ref
Wale Ogunwale. 2016. Lockdown AM.getRunningAppProcesses API with permission.REAL_GET_TASKS. Retrieved from https://gitlab.tubit.tu-berlin.de/justus.beyer/streamagame_platform_frame works_base/commit/9dbaa54f6834e013a63f18bd51ace554de811d80.Google Scholar
Seong Joon Oh, Max Augustin, Bernt Schiele, and Mario Fritz. 2018. Towards reverse-engineering black-box neural networks. In Proceedings of the 6th International Conference on Learning Representations (ICLR’18). OpenReview.net, 1–20.Google Scholar
Nicolas Papernot, Martín Abadi, Ulfar Erlingsson, Ian Goodfellow, and Kunal Talwar. 2017. Semi-supervised knowledge transfer for deep learning from private training data. In Proceedings of the 5th International Conference on Learning Representations (ICLR’17). OpenReview.net, 1–16.Google Scholar
Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In Proceedings of the ACM on Asia Conference on Computer and Communications Security (AsiaCCS’17). ACM, 506–519.Google ScholarDigital Library
Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, and Michael P. Wellman. 2018. SoK: Security and privacy in machine learning. In Proceedings of the IEEE European Symposium on Security and Privacy (EuroSP’18). IEEE, 399–414.Google Scholar
Bong-Won Park and Kun Chang Lee. 2011. The effect of users’ characteristics and experiential factors on the compulsive usage of the smartphone. In Proceedings of the International Conference on Ubiquitous Computing and Multimedia Applications. Springer, 438–446.Google ScholarCross Ref
Pranav Patel, Eamonn Keogh, Jessica Lin, and Stefano Lonardi. 2002. Mining motifs in massive time series databases. In Proceedings of the IEEE International Conference on Data Mining (ICDM’02). IEEE, 370–377.Google ScholarDigital Library
L. Yu Paul, Gunjan Verma, and Brian M. Sadler. 2015. Wireless physical layer authentication via fingerprint embedding. IEEE Commun. Mag. 53, 6 (2015), 48–53.Google ScholarDigital Library
Fabian Pedregosa, Gaël Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, et al. 2011. Scikit-learn: Machine learning in Python. J. Mach. Learn. Res. 12, Oct. (2011), 2825–2830.Google ScholarDigital Library
Himanshu Raj, Ripal Nathuji, Abhishek Singh, and Paul England. 2009. Resource management for isolation enhanced cloud services. In Proceedings of the ACM Workshop on Cloud Computing Security. ACM, 77–84.Google ScholarDigital Library
Mauro Ribeiro, Katarina Grolinger, and Miriam A. M. Capretz. 2015. MLaaS: Machine learning as a service. In Proceedings of the IEEE 14th International Conference on Machine Learning and Applications (ICMLA’15). IEEE, 896–902.Google Scholar
Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz, and Michael Backes. 2019. ML-Leaks: Model and data independent membership inference attacks and defenses on machine learning models. In Proceedings of the 26th Network and Distributed System Security Symposium (NDSS’19). IEEE, 1–15.Google ScholarCross Ref
Ferdinando S. Samaria and Andy C. Harter. 1994. Parameterisation of a stochastic model for human face identification. In Proceedings of the 2nd IEEE Workshop on Applications of Computer Vision. IEEE, 138–142.Google Scholar
Amazon ML Services. 2019. Amazon AWS Machine Learning. Retrieved from https://aws.amazon.com/machine-learning/.Google Scholar
Snehkumar Shahani, Jibi Abraham, and R. Venkateswaran. 2017. Distributed data aggregation with privacy preservation at endpoint. In Proceedings of the IEEE International Conference on Management of Data. IEEE, 1–9.Google Scholar
Richard Shay, Saranga Komanduri, Adam L. Durity, Phillip Seyoung Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2014. Can long passwords be secure and usable? In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2927–2936.Google ScholarDigital Library
Reza Shokri and Vitaly Shmatikov. 2015. Privacy-preserving deep learning. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, 1310–1321.Google ScholarDigital Library
Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Membership inference attacks against machine learning models. In Proceedings of the IEEE Symposium on Security and Privacy (SP’17). IEEE, 3–18.Google ScholarCross Ref
Amit Kumar Sikder, Hidayet Aksu, and A. Selcuk Uluagac. 2017. 6thSense: A context-aware sensor-based attack detector for smart devices. In Proceedings of the 26th USENIX Security Symposium (USENIX Security’17). USENIX Association, 397–414.Google Scholar
Tom W. Smith, Peter Marsden, Michael Hout, and Jibum Kim. 2012. The General Social Surveys. Technical Report. National Opinion Research Center at the University of Chicago.Google Scholar
Raphael Spreitzer, Felix Kirchengast, Daniel Gruss, and Stefan Mangard. 2018. ProcHarvester: Fully automated analysis of procfs side-channel leaks on Android. In Proceedings of the Asia Conference on Computer and Communications Security (AsiaCCS’18). ACM, 749–763.Google ScholarDigital Library
Nedim Srndic and Pavel Laskov. 2014. Practical evasion of a learning-based classifier: A case study. In Proceedings of the IEEE Symposium on Security and Privacy (SP’14). IEEE, 197–211.Google ScholarDigital Library
Johannes Stallkamp, Marc Schlipsing, Jan Salmen, and Christian Igel. 2012. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural Networks 32 (2012), 323–332.Google ScholarDigital Library
Jingchao Sun, Xiaocong Jin, Yimin Chen, Jinxue Zhang, Yanchao Zhang, and Rui Zhang. 2016. VISIBLE: Video-assisted keystroke inference from tablet backside motion. In Proceedings of the 23rd Network and Distributed System Security Symposium (NDSS’16). IEEE, 1–15.Google ScholarCross Ref
Nan Sun, Jun Zhang, Paul Rimba, Shang Gao, Yang Xiang, and Leo Yu Zhang. 2019. Data-driven cybersecurity incident prediction: A survey. IEEE Commun. Surv. Tutor. 21, 2 (2019), 1744–1772.Google ScholarCross Ref
Florian Tramèr, Fan Zhang, Ari Juels, Michael K. Reiter, and Thomas Ristenpart. 2016. Stealing machine learning models via prediction APIs. In Proceedings of the 25th USENIX Security Symposium (USENIX Security’16). USENIX Association, 601–618.Google ScholarDigital Library
UCIdataset. 2018. UCI Machine Learning Repository. Retrieved from https://archive.ics.uci.edu/ml/datasets.html.Google Scholar
Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, and Richard Shay. 2015. Measuring real-world accuracies and biases in modeling password guessability. In Proceedings of the 24th USENIX Security Symposium (USENIX Security’15). USENIX Association, 463–481.Google ScholarDigital Library
Rafael Veras, Christopher Collins, and Julie Thorpe. 2014. On semantic patterns of passwords and their security impact. In Proceedings of the 21st Network and Distributed System Security Symposium (NDSS’14). IEEE, 1–16.Google ScholarCross Ref
Ben Verhoeven and Walter Daelemans. 2014. CLiPS stylometry investigation (CSI) corpus: A Dutch corpus for the detection of age, gender, personality, sentiment and deception in text. In Proceedings of the 9th International Conference on Language Resources and Evaluation (LREC’14). European Languages Resources Association (ELRA), 3081–3085.Google Scholar
B. Wang and N. Z. Gong. 2018. Stealing hyperparameters in machine learning. In Proceedings of the IEEE Symposium on Security and Privacy (SP’18). IEEE, 36–52.Google Scholar
Ding Wang, Zijian Zhang, Ping Wang, Jeff Yan, and Xinyi Huang. 2016. Targeted online password guessing: An underestimated threat. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, 1242–1254.Google ScholarDigital Library
Matt Weir, Sudhir Aggarwal, Breno De Medeiros, and Bill Glodek. 2009. Password cracking using probabilistic context-free grammars. In Proceedings of the IEEE Symposium on Security and Privacy (SP’09). IEEE, 391–405.Google ScholarDigital Library
Pei-Yuan Wu, Chi-Chen Fang, Jien Morris Chang, and Sun-Yuan Kung. 2017. Cost-effective kernel ridge regression implementation for keystroke-based active authentication system. IEEE Trans. Cyber. 47, 11 (2017), 3916–3927.Google ScholarCross Ref
Qiuyu Xiao, Michael K. Reiter, and Yinqian Zhang. 2015. Mitigating storage side channels using statistical privacy mechanisms. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, 1582–1594.Google ScholarDigital Library
Zhi Xu, Kun Bai, and Sencun Zhu. 2012. TapLogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks. ACM, 113–124.Google ScholarDigital Library
Tarun Yadav and Arvind Mallari Rao. 2015. Technical aspects of cyber kill chain. In Proceedings of the International Symposium on Security in Computing and Communication. Springer, 438–452.Google ScholarCross Ref
Zheng Yan and Mingjun Wang. 2017. Protect pervasive social networking based on two-dimensional trust levels. IEEE Syst. J. 11, 1 (2017), 207–218.Google ScholarCross Ref
Dingqi Yang, Daqing Zhang, and Bingqing Qu. 2016. Participatory cultural mapping based on collective behavior data in location-based social networks. ACM Trans. Intell. Syst. Technol. 7, 3 (2016), 30:1–30:23.Google ScholarDigital Library
Yelp. 2014. Yelp Open Dataset. Retrieved from https://www.yelp.com/dataset.Google Scholar
Yan Yu, Jianhua Wang, and Guohui Zhou. 2010. The exploration in the education of professionals in applied internet of things engineering. In Proceedings of the 4th International Conference on Distance Learning and Education (ICDLE’10). IEEE, 74–77.Google Scholar
Manzil Zaheer, Satwik Kottur, Siamak Ravanbakhsh, Barnabas Poczos, Ruslan R. Salakhutdinov, and Alexander J. Smola. 2017. Deep sets. In Proceedings of the International Conference on Advances in Neural Information Processing Systems (NIPS’17). Curran Associates, Inc., 3391–3401.Google Scholar
Yong Zeng and Rui Zhang. 2016. Active eavesdropping via spoofing relay attack. In Proceedings of the IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP’16). IEEE, 2159–2163.Google ScholarDigital Library
Jun Zhang, Chao Chen, Yang Xiang, Wanlei Zhou, and Yong Xiang. 2013. Internet traffic classification by aggregating correlated naive Bayes predictions. IEEE Trans. Inf. Forens. Secur. 8, 1 (2013), 5–15.Google ScholarDigital Library
Jun Zhang, Xiao Chen, Yang Xiang, Wanlei Zhou, and Jie Wu. 2015. Robust network traffic classification. IEEE/ACM Trans. Netw. 23, 4 (2015), 1257–1270.Google ScholarDigital Library
Jun Zhang, Yang Xiang, Yu Wang, Wanlei Zhou, Yong Xiang, and Yong Guan. 2013. Network traffic classification using correlation information. IEEE Trans. Parallel Distrib. Syst. 24, 1 (2013), 104–117.Google ScholarDigital Library
Ning Zhang, Manohar Paluri, Yaniv Taigman, Rob Fergus, and Lubomir Bourdev. 2015. Beyond frontal faces: Improving person recognition using multiple cues. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR’15). IEEE, 4804–4813.Google ScholarCross Ref
Nan Zhang, Kan Yuan, Muhammad Naveed, Xiaoyong Zhou, and XiaoFeng Wang. 2015. Leave me alone: App-level protection against runtime information gathering on Android. In Proceedings of the IEEE Symposium on Security and Privacy (SP’15). IEEE, 915–930.Google ScholarDigital Library
Xiaokuan Zhang, Xueqiang Wang, Xiaolong Bai, Yinqian Zhang, and XiaoFeng Wang. 2018. OS-level side channels without procfs: Exploring cross-app information leakage on iOS. In Proceedings of the 25th Network and Distributed System Security Symposium (NDSS’18). IEEE, 1–15.Google ScholarCross Ref
Ziqiao Zhou, Michael K. Reiter, and Yinqian Zhang. 2016. A software approach to defeating side channels in last-level caches. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, 871–882.Google ScholarDigital Library

Index Terms

Machine Learning–based Cyber Attacks Targeting on Controlled Information: A Survey
1. Security and privacy
  1. Software and application security
    1. Domain-specific security and privacy architectures

Recommendations

Government regulations in cyber security: Framework, standards and recommendations
Abstract
Cyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights
- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Read More
Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain

In recent years, machine learning algorithms, and more specifically deep learning algorithms, have been widely used in many fields, including cyber security. However, machine learning systems are vulnerable to adversarial attacks, and this limits the ...
Read More
The Role of Human Operators' Suspicion in the Detection of Cyber Attacks

Despite the importance that human error in the cyber domain has had in recent reports, cyber warfare research to date has largely focused on the effects of cyber attacks on the target computer system. In contrast, there is little empirical work on the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 54, Issue 7
September 2022
778 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3476825
Editor:
Albert Zomaya
University of Sydney, Australia
Issue’s Table of Contents
Copyright © 2021 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 July 2021
- Revised: 1 April 2021
- Accepted: 1 April 2021
- Received: 1 February 2019
Published in csur Volume 54, Issue 7

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Cyber attacks
controlled information
cyber security
information leakage
machine learning
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 43
  Total Citations
  View Citations
- 1,418
  Total Downloads
- Downloads (Last 12 months)355
- Downloads (Last 6 weeks)35
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

Machine Learning–based Cyber Attacks Targeting on Controlled Information: A Survey

ACM Computing Surveys

Abstract

Supplemental Material

Available for Download

References

Cited By

Index Terms

Recommendations

Government regulations in cyber security: Framework, standards and recommendations

Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain

The Role of Human Operators' Suspicion in the Detection of Cyber Attacks