Repository logo

Department of Computer Science

Permanent URI for this community

https://hdl.handle.net/10217/100388
This digital collection contains faculty/student publications, theses, and dissertations from the Department of Computer Science.

Browse

Browsing Department of Computer Science by Subject "adversarial attacks"

Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemOpen Access
    Attacks and defenses for large language models on coding tasks
    (Colorado State University. Libraries, 2024-10-27) Zhang, Chi, author; Wang, Zifan, author; Zhao, Ruoshi, author; Mangal, Ravi, author; Fredrikson, Matt, author; Jia, Limin, author; Pasareanu, Corina, author; ACM, publisher
    Modern large language models (LLMs), such as ChatGPT, have demonstrated impressive capabilities for coding tasks, including writing and reasoning about code. They improve upon previous neural network models of code, such as code2seq or seq2seq, that already demonstrated competitive results when performing tasks such as code summarization and identifying code vulnerabilities. However, these previous code models were shown vulnerable to adversarial examples, i.e., small syntactic perturbations designed to "fool" the models. In this paper, we first aim to study the transferability of adversarial examples, generated through white-box attacks on smaller code models, to LLMs. We also propose a new attack using an LLM to generate the perturbations. Further, we propose novel cost-effective techniques to defend LLMs against such adversaries via prompting, without incurring the cost of retraining. These prompt-based defenses involve modifying the prompt to include additional information, such as examples of adversarially perturbed code and explicit instructions for reversing adversarial perturbations. Our preliminary experiments show the effectiveness of the attacks and the proposed defenses on popular LLMs such as GPT-3.5 and GPT-4.
  • Thumbnail Image
    ItemOpen Access
    Phishing detection using machine learning
    (Colorado State University. Libraries, 2021) Shirazi, Hossein, author; Ray, Indrakshi, advisor; Anderson, Chuck, advisor; Malaiya, Yashwant K., committee member; Wang, Haonan, committee member
    Our society, economy, education, critical infrastructure, and other aspects of our life have become largely dependent on cyber technology. Thus, cyber threats now endanger various aspects of our daily life. Phishing attacks, even with sophisticated detection algorithms, are still the top Internet crime by victim count in 2020. Adversaries learn from their previous attempts to (i) improve attacks and lure more victims and (ii) bypass existing detection algorithms to steal user's identities and sensitive information to increase their financial gain. Machine learning appears to be a promising approach for phishing detection and, classification algorithms distinguish between legitimate and phishing websites. While machine learning algorithms have shown promising results, we observe multiple limitations in existing algorithms. Current algorithms do not preserve the privacy of end-users due to inquiring third-party services. There is a lack of enough phishing samples for training machine learning algorithms and, over-represented targets have a bias in existing datasets. Finally, adversarial sampling attacks degrade the performance of detection models. We propose four sets of solutions to address the aforementioned challenges. We first propose a domain-name-based phishing detection solution that focuses solely on the domain name of websites to distinguish phishing websites from legitimate ones. This approach does not use any third-party services and preserves the privacy of end-users. We then propose a fingerprinting algorithm that consists of finding similarities (using both visual and textual characteristics) between a legitimate targeted website and a given suspicious website. This approach addresses the issue of bias towards over-represented samples in the datasets. Finally, we explore the effect of adversarial sampling attacks on phishing detection algorithms in-depth, starting with feature manipulation strategies. Results degrade the performance of the classification algorithm significantly. In the next step, we focus on two goals of improving the performance of classification algorithms by increasing the size of used datasets and making the detection algorithm robust against adversarial sampling attacks using an adversarial autoencoder.