We address the problem of adversarial examples in machine learning where an adversary tries to misguide a classifier by making functionality-preserving modifications to original samples. We assume a black-box scenario where the adversary has access t
o only the feature set, and the final hard-decision output of the classifier. We propose a method to generate adversarial examples using the minimum description length (MDL) principle. Our final aim is to improve the robustness of the classifier by considering generated examples in rebuilding the classifier. We evaluate our method for the application of static malware detection in portable executable (PE) files. We consider API calls of PE files as their distinguishing features where the feature vector is a binary vector representing the presence-absence of API calls. In our method, we first create a dataset of benign samples by querying the target classifier. We next construct a code table of frequent patterns for the compression of this dataset using the MDL principle. We finally generate an adversarial example corresponding to a malware sample by selecting and adding a pattern from the benign code table to the malware sample. The selected pattern is the one that minimizes the length of the compressed adversarial example given the code table. This modification preserves the functionalities of the original malware sample as all original API calls are kept, and only some new API calls are added. Considering a neural network, we show that the evasion rate is 78.24 percent for adversarial examples compared to 8.16 percent for original malware samples. This shows the effectiveness of our method in generating examples that need to be considered in rebuilding the classifier.
We design a classifier for transactional datasets with application in malware detection. We build the classifier based on the minimum description length (MDL) principle. This involves selecting a model that best compresses the training dataset for ea
ch class considering the MDL criterion. To select a model for a dataset, we first use clustering followed by closed frequent pattern mining to extract a subset of closed frequent patterns (CFPs). We show that this method acts as a pattern summarization method to avoid pattern explosion; this is done by giving priority to longer CFPs, and without requiring to extract all CFPs. We then use the MDL criterion to further summarize extracted patterns, and construct a code table of patterns. This code table is considered as the selected model for the compression of the dataset. We evaluate our classifier for the problem of static malware detection in portable executable (PE) files. We consider API calls of PE files as their distinguishing features. The presence-absence of API calls forms a transactional dataset. Using our proposed method, we construct two code tables, one for the benign training dataset, and one for the malware training dataset. Our dataset consists of 19696 benign, and 19696 malware samples, each a binary sequence of size 22761. We compare our classifier with deep neural networks providing us with the state-of-the-art performance. The comparison shows that our classifier performs very close to deep neural networks. We also discuss that our classifier is an interpretable classifier. This provides the motivation to use this type of classifiers where some degree of explanation is required as to why a sample is classified under one class rather than the other class.
For communications in the presence of eavesdroppers, random components are often used in code design to camouflage information from eavesdroppers. In broadcast channels without eavesdroppers, Marton error-correcting coding comprises random components
which allow correlation between auxiliary random variables representing independent messages. In this paper, we study if Marton coding alone can ensure individual secrecy in the two-receiver discrete memoryless broadcast channel with a passive eavesdropper. Our results show that in accordance to the principle of Wyner secrecy coding, this is possible and Marton coding alone guarantees individual secrecy. However, this comes with a penalty of requiring stricter channel conditions.
This paper studies the problem of secure communcation over the two-receiver discrete memoryless broadcast channel with one-sided receiver side information and with a passive eavesdropper. We proposed a coding scheme which is based upon the superposit
ion-Marton framework. Secrecy techniques such as the one-time pad, Carleial-Hellman secrecy coding and Wyner serecy coding are applied to ensure individual secrecy. This scheme is shown to be capacity achieving for some cases of the degraded broadcast channel. We also notice that one-sided receiver side information provides the advantage of rate region improvement, in particular when it is available at the weaker legitimate receiver.
We address a centralized caching problem with unequal cache sizes. We consider a system with a server of files connected through a shared error-free link to a group of cache-enabled users where one subgroup has a larger cache size than the other. We
propose an explicit caching scheme for the considered system aimed at minimizing the load of worst-case demands over the shared link. As suggested by numerical evaluations, our scheme improves upon the best existing explicit scheme by having a lower worst-case load; also, our scheme performs within a multiplicative factor of 1.11 from the scheme that can be obtained by solving an optimisation problem in which the number of parameters grows exponentially with the number of users.
We consider the three-receiver Gaussian multiple-input multiple-output (MIMO) broadcast channel with an arbitrary number of antennas at each of the transmitter and the receivers. We investigate the degrees-of-freedom (DoF) region of the channel when
each receiver requests a private message, and may know some of the messages requested by the other receivers as receiver message side information (RMSI). We establish the DoF region of the channel for all 16 possible non-isomorphic RMSI configurations by deriving tight inner and outer bounds on the region. To derive the inner bounds, we first propose a scheme for each RMSI configuration which exploits both the null space and the side information of the receivers. We then use these schemes in conjunction with time sharing for 15 RMSI configurations, and with time sharing and two-symbol extension for the remaining one. To derive the outer bounds, we construct enhanc
We consider the two-receiver memoryless broadcast channel with states where each receiver requests both common and private messages, and may know part of the private message requested by the other receiver as receiver message side information (RMSI).
We address two categories of the channel (i) channel with states known causally to the transmitter, and (ii) channel with states known non-causally to the transmitter. Starting with the channel without RMSI, we first propose a transmission scheme and derive an inner bound for the causal category. We then unify our inner bound for the causal category and the best-known inner bound for the non-causal category, although their transmission schemes are different. Moving on to the channel with RMSI, we first apply a pre-coding to the transmission schemes of the causal and non-causal categories without RMSI. We then derive a unified inner bound as a result of having a unified inner bound when there is no RMSI, and applying the same pre-coding to both categories. We show that our inner bound is tight for some new cases as well as the cases whose capacity region was known previously.
This paper investigates the capacity regions of two-receiver broadcast channels where each receiver (i) has both common and private-message requests, and (ii) knows part of the private message requested by the other receiver as side information. We f
irst propose a transmission scheme and derive an inner bound for the two-receiver memoryless broadcast channel. We next prove that this inner bound is tight for the deterministic channel and the more capable channel, thereby establishing their capacity regions. We show that this inner bound is also tight for all classes of two-receiver broadcast channels whose capacity regions were known prior to this work. Our proposed scheme is consequently a unified capacity-achieving scheme for these classes of broadcast channels.
This paper investigates the capacity region of the three-receiver AWGN broadcast channel where the receivers (i) have private-message requests and (ii) may know some of the messages requested by other receivers as side information. We first classify
all 64 possible side information configurations into eight groups, each consisting of eight members. We next construct transmission schemes, and derive new inner and outer bounds for the groups. This establishes the capacity region for 52 out of 64 possible side information configurations. For six groups (i.e., groups 1, 2, 3, 5, 6, and 8 in our terminology), we establish the capacity region for all their members, and show that it tightens both the best known inner and outer bounds. For group 4, our inner and outer bounds tighten the best known inner bound and/or outer bound for all the group members. Moreover, our bounds coincide at certain regions, which can be characterized by two thresholds. For group 7, our inner and outer bounds coincide for four members, thereby establishing the capacity region. For the remaining four members, our bounds tighten both the best known inner and outer bounds.
